Convinced there's hidden Malware and I can't find it

DeeRid · October 25, 2016

Hello! A couple of days ago I noticed a fan on my motherboard spinning up at extremely high speeds. I believe it is the Northbridge fan. It's the kind of sound that something is clearly overrunning/overworking it. Also when I open up Task Manager I notice a huge spike to 100% of CPU at opening but it immediately drops off. I've heard of Trojans that do this and that goes well with my theory of something being overworked to cause the fan to run so fast. Or maybe it's just time to replace the fan....

I've followed this post I found on the forums but the problem still seems to be there.

I have attached my FRST.txt and Addition.txt files after running FRST64.

Thanks for any help and anything else that can put my mind at ease about this problem.

Addition.txt

FRST.txt

deeprybka · October 26, 2016

Hi & :welcome:
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Step 1

Please download and install Malwarebytes Anti-Malware.

Please open Malwarebytes Anti-Malware and update the database.
Click "Settings" [1] and go to "Detection and Protection"[2]
Make sure "Scan for Rootkits" is checked.
Click on Dashboard [3], then click on Scan Now[4] to start the scan.
:exclame:If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
Click on "Remove Selected" [5].
Then click "Save Results"[6] and select

Return to our forum. Paste your log into your next reply and then click Finish[7].

DeeRid · October 26, 2016

I have pasted the results in the following spoiler. It came back with no threats identified, but I'm still getting abnormal noises from my computer at random moments.

Spoiler

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2016
Scan Time: 1:31 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.26.10
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: David Ridley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432561
Time Elapsed: 9 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

deeprybka · October 26, 2016

We make sure that the problem isn't caused by Malware.

Step 1

Please downloadOnline Scanner and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start with administartor privileges.
Select the option Yes, I accept the Terms of Use and click on Start.
Choose the following settings:

Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note:This scan might take a long time! Please be patient.
When completed, click on Finish.
A log fileis created at
Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

DeeRid · October 26, 2016

Here is my log from after the ESET scan. I have used CheatEngine in the past often and have noticed a few false positives on it before.

Spoiler

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# end=init
# utc_time=2016-10-26 07:05:42
# local_time=2016-10-26 02:05:42 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 31207
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# end=updated
# utc_time=2016-10-26 07:07:45
# local_time=2016-10-26 02:07:45 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# engine=31207
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-10-26 07:08:49
# local_time=2016-10-26 02:08:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 0 2418547 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 7917945 0 0
# scanned=2166
# found=0
# cleaned=0
# scan_time=64
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# end=init
# utc_time=2016-10-26 07:09:31
# local_time=2016-10-26 02:09:31 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 31207
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# end=updated
# utc_time=2016-10-26 07:10:06
# local_time=2016-10-26 02:10:06 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6baf4cb4ea2a4340a32875794c793c7b
# engine=31207
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-10-26 09:11:16
# local_time=2016-10-26 04:11:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 0 2425894 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 7925292 0 0
# scanned=915913
# found=3
# cleaned=0
# scan_time=7269
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.5\standalonephase1.dat"
sh=69E170F136527444D488080F6CB5D20E2926C57C ft=1 fh=d2d8d85f5f8fc37e vn="a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application" ac=I fn="C:\Users\David Ridley\AppData\LocalLow\Oracle\Java\jre1.8.0_91\java_sp.dll"
sh=218CD3AF0591AF70986A6BE23CFB25685F85AFE8 ft=1 fh=932b05a37b4815b9 vn="a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application" ac=I fn="C:\Users\David Ridley\AppData\LocalLow\Oracle\Java\jre1.8.0_91\java_sp\JavaIC.dll"

deeprybka · October 27, 2016

Step 1

Start FRST with Administrator privileges.
Write the following text into the Search textbox:

procurator.exe

Click on the Search Files button.
When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

DeeRid · October 27, 2016

Came back with nothing by the looks of it. Fan still makes loud whirring sound at random times, but they all seem to be while I'm connected to the internet. When I disable my internet connection on startup the noise does not appear until I connect again.

Here is the search logs.

Spoiler

Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by David Ridley (27-10-2016 15:36:21)
Running from C:\Users\David Ridley\Desktop
Boot Mode: Normal

================== Search Files: "procurator.exe" =============

====== End of Search ======

deeprybka · October 28, 2016

Hi David,

please do the following:

Step 1

Press the + R on your keyboard at the same time. Type notepad and click OK.

Copy the entire content of the codebox below and paste into the notepad document:

CloseProcesses:
HKLM\...\Run: [garnett] => "C:\Program Files (x86)\pecs\procurator.exe"
C:\Program Files (x86)\pecs
C:\Program Files (x86)\colorado\
HKLM-x32\...\Run: [treasure] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-18\...\Run: [] => 0
Startup: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\widder.lnk [2016-10-20]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction
GroupPolicyScripts\User: Restriction
ManualProxies:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR StartupUrls: Default ->
Task: {066CA2FD-2EEE-4567-A924-254F4360C182} - \{3B6B6946-268B-4AC2-A53F-34A3AD06FC7F} -> No File
Task: {18B370CC-9F98-4110-BCB4-EFCE1044ABB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File
Task: {1D1B914A-B70A-4E7B-AF2B-AEF2D3A85150} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File
Task: {2079B8DE-E268-4495-BC7E-46EFCE19D7C3} - \PDVDServ12 Task -> No File
Task: {38CEB8BA-C652-4BBE-B9D8-68B7B07D0ECF} - \Hybrid -> No File
Task: {4739AB92-8A29-41F6-9D20-DA05ED7393E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File
Task: {4A25F926-6845-4106-95EA-058CC24EAB37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File
Task: {5264A9B3-EF97-4C70-B882-89AC966D6249} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File
Task: {610CB0AD-1785-45A6-A0E6-99B7BBD92312} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File
Task: {6AF3FA41-5668-40D2-A3C4-139C1DBB02BD} - \{2B718C9E-6D7F-43FF-BFE0-151467B356CE} -> No File
Task: {6D33EB5A-97B9-43DE-9D18-58D596B609CF} - \GoogleUpdateTaskMachineUA -> No File
Task: {79FDB2BF-30D7-4D12-BD6A-7EDAD466045C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File
Task: {7F6A29EA-D5D7-46BD-80FE-EF92751C9514} - \Adobe Acrobat Update Task -> No File
Task: {81C7A793-69A0-4F82-9F53-60C4C969B8F4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
Task: {82EFB4BA-1671-4566-8FD3-ED4F69632B90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File
Task: {99414DB9-0F1E-4C40-A4E5-74E0B24F9E89} - \GoogleUpdateTaskMachineCore -> No File
Task: {9FFBB102-ABA9-4A76-B917-BFE5371D620D} - \OneDrive Standalone Update Task -> No File
Task: {A83BEC46-1879-42A7-B8A1-8078B502A71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File
Task: {ACF6FB99-40EE-4999-9B00-631B71984061} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File
Task: {BB7901AA-970C-4491-813D-18026E59F0E9} - \Adobe Flash Player Updater -> No File
Task: {F8647838-96CA-4502-B91D-4FD9EF931CE5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
EmptyTemp:

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Edited October 28, 2016 by deeprybka

DeeRid · October 29, 2016

Here's the log attached. I looked through it and the pecs and colorado folder are familiar. Before the fan noise started I had manually removed these two and the .exe's that were contained in them. They were a bit of a hassle since they were constantly running. Was removing them myself my big problem?

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by David Ridley (29-10-2016 17:06:36) Run:2
Running from C:\Users\David Ridley\Desktop
Loaded Profiles: David Ridley (Available Profiles: David Ridley & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [garnett] => "C:\Program Files (x86)\pecs\procurator.exe"
C:\Program Files (x86)\pecs
C:\Program Files (x86)\colorado\
HKLM-x32\...\Run: [treasure] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
HKU\S-1-5-18\...\Run: [] => 0
Startup: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\widder.lnk [2016-10-20]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction
GroupPolicyScripts\User: Restriction
ManualProxies:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR StartupUrls: Default ->
Task: {066CA2FD-2EEE-4567-A924-254F4360C182} - \{3B6B6946-268B-4AC2-A53F-34A3AD06FC7F} -> No File
Task: {18B370CC-9F98-4110-BCB4-EFCE1044ABB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File
Task: {1D1B914A-B70A-4E7B-AF2B-AEF2D3A85150} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File
Task: {2079B8DE-E268-4495-BC7E-46EFCE19D7C3} - \PDVDServ12 Task -> No File
Task: {38CEB8BA-C652-4BBE-B9D8-68B7B07D0ECF} - \Hybrid -> No File
Task: {4739AB92-8A29-41F6-9D20-DA05ED7393E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File
Task: {4A25F926-6845-4106-95EA-058CC24EAB37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File
Task: {5264A9B3-EF97-4C70-B882-89AC966D6249} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File
Task: {610CB0AD-1785-45A6-A0E6-99B7BBD92312} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File
Task: {6AF3FA41-5668-40D2-A3C4-139C1DBB02BD} - \{2B718C9E-6D7F-43FF-BFE0-151467B356CE} -> No File
Task: {6D33EB5A-97B9-43DE-9D18-58D596B609CF} - \GoogleUpdateTaskMachineUA -> No File
Task: {79FDB2BF-30D7-4D12-BD6A-7EDAD466045C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File
Task: {7F6A29EA-D5D7-46BD-80FE-EF92751C9514} - \Adobe Acrobat Update Task -> No File
Task: {81C7A793-69A0-4F82-9F53-60C4C969B8F4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
Task: {82EFB4BA-1671-4566-8FD3-ED4F69632B90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File
Task: {99414DB9-0F1E-4C40-A4E5-74E0B24F9E89} - \GoogleUpdateTaskMachineCore -> No File
Task: {9FFBB102-ABA9-4A76-B917-BFE5371D620D} - \OneDrive Standalone Update Task -> No File
Task: {A83BEC46-1879-42A7-B8A1-8078B502A71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File
Task: {ACF6FB99-40EE-4999-9B00-631B71984061} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File
Task: {BB7901AA-970C-4491-813D-18026E59F0E9} - \Adobe Flash Player Updater -> No File
Task: {F8647838-96CA-4502-B91D-4FD9EF931CE5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\garnett => value removed successfully
"C:\Program Files (x86)\pecs" => not found.
"C:\Program Files (x86)\colorado" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\treasure => value removed successfully
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\duelling => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rankle => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\textured => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vitale => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\duelling => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\rankle => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\textured => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\vitale => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\widder.lnk => moved successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-814913500-3249027553-3533128871-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066CA2FD-2EEE-4567-A924-254F4360C182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066CA2FD-2EEE-4567-A924-254F4360C182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B6B6946-268B-4AC2-A53F-34A3AD06FC7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18B370CC-9F98-4110-BCB4-EFCE1044ABB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18B370CC-9F98-4110-BCB4-EFCE1044ABB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D1B914A-B70A-4E7B-AF2B-AEF2D3A85150}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D1B914A-B70A-4E7B-AF2B-AEF2D3A85150}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2079B8DE-E268-4495-BC7E-46EFCE19D7C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2079B8DE-E268-4495-BC7E-46EFCE19D7C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ12 Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{38CEB8BA-C652-4BBE-B9D8-68B7B07D0ECF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38CEB8BA-C652-4BBE-B9D8-68B7B07D0ECF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4739AB92-8A29-41F6-9D20-DA05ED7393E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4739AB92-8A29-41F6-9D20-DA05ED7393E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A25F926-6845-4106-95EA-058CC24EAB37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A25F926-6845-4106-95EA-058CC24EAB37}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5264A9B3-EF97-4C70-B882-89AC966D6249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5264A9B3-EF97-4C70-B882-89AC966D6249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{610CB0AD-1785-45A6-A0E6-99B7BBD92312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{610CB0AD-1785-45A6-A0E6-99B7BBD92312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF3FA41-5668-40D2-A3C4-139C1DBB02BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF3FA41-5668-40D2-A3C4-139C1DBB02BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B718C9E-6D7F-43FF-BFE0-151467B356CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D33EB5A-97B9-43DE-9D18-58D596B609CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D33EB5A-97B9-43DE-9D18-58D596B609CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79FDB2BF-30D7-4D12-BD6A-7EDAD466045C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79FDB2BF-30D7-4D12-BD6A-7EDAD466045C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F6A29EA-D5D7-46BD-80FE-EF92751C9514}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F6A29EA-D5D7-46BD-80FE-EF92751C9514}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81C7A793-69A0-4F82-9F53-60C4C969B8F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81C7A793-69A0-4F82-9F53-60C4C969B8F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82EFB4BA-1671-4566-8FD3-ED4F69632B90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82EFB4BA-1671-4566-8FD3-ED4F69632B90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99414DB9-0F1E-4C40-A4E5-74E0B24F9E89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99414DB9-0F1E-4C40-A4E5-74E0B24F9E89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FFBB102-ABA9-4A76-B917-BFE5371D620D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FFBB102-ABA9-4A76-B917-BFE5371D620D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A83BEC46-1879-42A7-B8A1-8078B502A71B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A83BEC46-1879-42A7-B8A1-8078B502A71B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACF6FB99-40EE-4999-9B00-631B71984061}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF6FB99-40EE-4999-9B00-631B71984061}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB7901AA-970C-4491-813D-18026E59F0E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB7901AA-970C-4491-813D-18026E59F0E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8647838-96CA-4502-B91D-4FD9EF931CE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8647838-96CA-4502-B91D-4FD9EF931CE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

========= dir "%ProgramFiles%" =========

Volume in drive C has no label.
Volume Serial Number is 3E5D-6E02

Directory of C:\Program Files

10/27/2016 09:39 PM <DIR> .
10/27/2016 09:39 PM <DIR> ..
10/28/2016 07:52 PM <DIR> Common Files
11/22/2015 01:36 AM <DIR> DVD Maker
11/22/2015 02:41 AM <DIR> Intel
09/30/2016 04:26 PM <DIR> Internet Explorer
04/15/2013 06:36 AM <DIR> Java
08/31/2014 09:03 PM <DIR> Logitech Gaming Software
02/21/2016 12:46 AM <DIR> Lumerical
10/20/2015 04:45 PM <DIR> Microsoft Help Viewer
02/21/2016 12:46 AM <DIR> Microsoft MPI
03/14/2013 08:38 AM <DIR> Microsoft Office
10/11/2016 08:51 PM <DIR> Microsoft Silverlight
01/10/2016 11:14 PM <DIR> Microsoft SQL Server
01/10/2016 11:16 PM <DIR> Microsoft Visual Studio 8
09/26/2016 01:54 PM <DIR> Microsoft.NET
09/26/2016 04:47 PM <DIR> MSBuild
10/29/2015 11:33 PM <DIR> Nexus Mod Manager
10/22/2016 12:41 AM <DIR> NVIDIA Corporation
09/26/2016 01:51 PM <DIR> Realtek
09/26/2016 04:47 PM <DIR> Reference Assemblies
07/23/2016 11:19 PM <DIR> TeamSpeak 3 Client
09/26/2016 07:12 PM <DIR> Windows Defender
09/30/2016 04:26 PM <DIR> Windows Defender Advanced Threat Protection
10/11/2016 08:50 PM <DIR> Windows Mail
10/28/2016 11:16 AM <DIR> Windows Media Player
07/16/2016 06:47 AM <DIR> Windows Multimedia Platform
07/16/2016 06:47 AM <DIR> Windows NT
10/11/2016 08:50 PM <DIR> Windows Photo Viewer
07/16/2016 06:47 AM <DIR> Windows Portable Devices
07/16/2016 06:47 AM <DIR> WindowsPowerShell
0 File(s) 0 bytes
31 Dir(s) 22,128,926,720 bytes free

========= End of CMD: =========

========= dir "%ProgramFiles(x86)%" =========

Volume in drive C has no label.
Volume Serial Number is 3E5D-6E02

Directory of C:\Program Files (x86)

10/28/2016 07:24 PM <DIR> .
10/28/2016 07:24 PM <DIR> ..
11/26/2014 02:47 PM <DIR> Action Replay PowerSaves 3DS
10/20/2016 07:06 PM <DIR> Adobe
03/03/2013 10:18 AM <DIR> ASM104xUSB3
03/03/2013 10:24 AM <DIR> ASM106xSATA
03/03/2013 10:25 AM <DIR> ASUS
10/20/2015 04:56 PM <DIR> Atmel
10/21/2016 11:42 AM <DIR> Avira
10/22/2016 12:59 AM <DIR> Battlelog Web Plugins
05/13/2016 11:59 PM <DIR> Cheat Engine 6.5
10/20/2016 07:06 PM <DIR> Common Files
05/20/2016 07:31 PM <DIR> CyberLink
05/14/2014 08:43 PM <DIR> Diablo III
10/26/2016 02:05 PM <DIR> ESET
03/03/2013 10:57 AM <DIR> Google
12/30/2015 06:58 PM <DIR> Intel
09/30/2016 04:26 PM <DIR> Internet Explorer
07/15/2015 12:44 PM <DIR> InViewer
07/25/2016 09:15 PM <DIR> Java
10/25/2016 09:55 AM <DIR> lg_fwupdate
04/17/2016 10:30 PM <DIR> Live2D Viewer
10/20/2016 07:52 PM <DIR> Malwarebytes Anti-Malware
01/03/2014 01:21 AM <DIR> Mars
02/15/2016 11:54 PM <DIR> MATLAB
03/14/2013 08:38 AM <DIR> Microsoft Analysis Services
08/22/2015 02:02 AM <DIR> Microsoft ASP.NET
01/12/2016 05:50 PM <DIR> Microsoft Games for Windows - LIVE
01/10/2016 11:11 PM <DIR> Microsoft Office
10/11/2016 08:51 PM <DIR> Microsoft Silverlight
01/10/2016 11:14 PM <DIR> Microsoft SQL Server
03/11/2015 05:11 PM <DIR> Microsoft SQL Server Compact Edition
03/14/2013 08:38 AM <DIR> Microsoft Sync Framework
03/14/2013 08:39 AM <DIR> Microsoft Synchronization Services
01/10/2016 08:48 PM <DIR> Microsoft Visual Studio 8
01/14/2016 11:28 PM <DIR> Microsoft XNA
09/26/2016 01:54 PM <DIR> Microsoft.NET
09/26/2016 01:57 PM <DIR> MSBuild
01/10/2016 08:26 PM <DIR> MSECache
11/22/2015 02:37 AM <DIR> NETGEAR
03/29/2016 07:02 PM <DIR> Notepad++
10/22/2016 12:41 AM <DIR> NVIDIA Corporation
07/27/2016 06:12 PM <DIR> Open Design Alliance
04/24/2016 04:18 PM <DIR> PDF to JPG Converter
03/14/2013 08:35 AM <DIR> PowerISO
03/03/2013 10:14 AM <DIR> Realtek
09/26/2016 04:47 PM <DIR> Reference Assemblies
09/28/2015 12:40 AM <DIR> Skype
10/28/2016 07:19 PM <DIR> Spybot - Search & Destroy 2
11/27/2015 03:35 AM <DIR> SystemRequirementsLab
09/09/2016 05:37 PM <DIR> Ventrilo
10/28/2016 07:24 PM <DIR> VulkanRT
09/26/2016 07:12 PM <DIR> Windows Defender
03/11/2015 05:11 PM <DIR> Windows Live
09/26/2016 07:12 PM <DIR> Windows Mail
10/28/2016 11:16 AM <DIR> Windows Media Player
07/16/2016 06:47 AM <DIR> Windows Multimedia Platform
07/16/2016 06:47 AM <DIR> Windows NT
10/11/2016 08:50 PM <DIR> Windows Photo Viewer
07/16/2016 06:47 AM <DIR> Windows Portable Devices
07/16/2016 06:47 AM <DIR> WindowsPowerShell
0 File(s) 0 bytes
61 Dir(s) 22,128,926,720 bytes free

========= End of CMD: =========

========= dir "%ProgramData%" =========

Volume in drive C has no label.
Volume Serial Number is 3E5D-6E02

Directory of C:\ProgramData

03/11/2015 02:46 PM <DIR> .mono
05/14/2015 08:30 PM <DIR> 34BE82C4-E596-4e99-A191-52C6199EBF69
04/17/2016 10:22 PM <DIR> Adobe
07/27/2016 06:12 PM <DIR> Altium
07/27/2016 06:09 PM <DIR> Altium2004
07/12/2013 09:01 AM <DIR> Apple
07/12/2013 09:02 AM <DIR> Apple Computer
10/21/2016 11:42 AM <DIR> Avira
12/24/2015 12:42 AM <DIR> Battle.net
03/20/2013 04:07 AM <DIR> BioWare
05/24/2014 11:27 AM <DIR> Blizzard Entertainment
07/16/2016 06:47 AM <DIR> Comms
09/28/2016 07:34 PM <DIR> CyberLink
01/10/2016 11:28 PM <DIR> DassaultSystemes
03/10/2014 11:00 PM <DIR> Electronic Arts
10/16/2014 03:37 PM <DIR> Encore
02/21/2016 12:50 AM <DIR> FLEXnet
06/28/2014 10:40 PM <DIR> fltk.org
05/20/2016 07:34 PM <DIR> install_clap
08/08/2015 10:25 PM <DIR> Intel
05/16/2014 06:24 PM <DIR> LogiShrd
07/01/2014 02:17 PM <DIR> Malwarebytes
10/27/2016 09:37 PM <DIR> Malwarebytes' Anti-Malware (portable)
07/12/2013 12:17 AM <DIR> McAfee
10/11/2016 08:00 PM <DIR> Microsoft Help
09/26/2016 04:29 PM <DIR> Microsoft OneDrive
03/14/2014 03:56 PM 12,586 mptmqteo.hmi
05/05/2013 03:03 AM <DIR> Norton
03/03/2013 10:25 AM <DIR> NortonInstaller
10/29/2016 05:00 PM <DIR> NVIDIA
10/28/2016 07:25 PM <DIR> NVIDIA Corporation
07/25/2016 09:16 PM <DIR> Oracle
10/29/2016 06:19 AM <DIR> Origin
10/28/2016 07:52 PM <DIR> Package Cache
05/20/2016 07:36 PM <DIR> PDVD
08/24/2015 09:16 PM <DIR> Ralink
06/07/2014 08:16 PM <DIR> Razer
09/26/2016 01:57 PM <DIR> regid.1986-12.com.adobe
09/26/2016 01:57 PM <DIR> regid.1991-06.com.microsoft
04/02/2013 07:32 AM <DIR> Sierra Wireless
09/28/2015 12:40 AM <DIR> Skype
07/16/2016 06:47 AM <DIR> SoftwareDistribution
01/10/2016 11:45 PM <DIR> SOLIDWORKS Electrical
10/27/2016 09:38 PM <DIR> Spybot - Search & Destroy
05/13/2014 10:03 PM <DIR> Steam
03/03/2013 12:09 PM <DIR> Sun
08/17/2013 11:33 PM <DIR> SystemRequirementsLab
04/02/2013 07:34 AM <DIR> Telstra
05/20/2016 07:31 PM <DIR> Temp
03/12/2014 12:56 AM <DIR> Ubisoft
09/26/2016 02:00 PM <DIR> USOPrivate
09/26/2016 02:00 PM <DIR> USOShared
12/28/2015 01:53 PM <DIR> VS
1 File(s) 12,586 bytes
52 Dir(s) 22,128,922,624 bytes free

========= End of CMD: =========

========= dir "%Appdata%" =========

Volume in drive C has no label.
Volume Serial Number is 3E5D-6E02

Directory of C:\Users\David Ridley\AppData\Roaming

10/27/2016 09:39 PM <DIR> .
10/27/2016 09:39 PM <DIR> ..
07/30/2016 10:43 PM <DIR> .minecraft
03/11/2015 02:46 PM <DIR> .mono
01/07/2015 01:41 AM <DIR> .StarMade
06/24/2015 12:04 PM <DIR> .technic
02/14/2016 09:14 PM <DIR> 7thWorkshop
04/17/2016 10:22 PM <DIR> Adobe
09/12/2015 09:15 PM 12,005 alsoft.ini
07/27/2016 06:12 PM <DIR> Altium
07/27/2016 06:09 PM <DIR> Altium2004
07/12/2013 09:53 AM <DIR> Apple Computer
10/20/2015 04:53 PM <DIR> Atmel
10/20/2016 08:22 PM <DIR> Avira
02/08/2014 09:07 PM <DIR> Awesomium
07/01/2015 05:49 PM <DIR> Azureus
09/11/2016 08:19 PM <DIR> Battle.net
03/29/2013 04:15 AM <DIR> Bioshock
07/11/2015 12:07 AM <DIR> Bioshock2Steam
09/23/2016 05:58 PM <DIR> BioshockHD
03/11/2015 02:46 PM <DIR> Colossal Order
04/11/2013 06:03 AM <DIR> Curse Advertising
05/20/2016 07:35 PM <DIR> CyberLink
05/13/2014 10:04 PM <DIR> DarkSoulsII
04/11/2016 05:22 PM <DIR> DarkSoulsIII
01/10/2016 11:28 PM <DIR> DassaultSystemes
12/23/2015 02:32 AM <DIR> dingaling
08/26/2016 09:59 PM <DIR> discord
07/14/2016 02:40 PM <DIR> Dual Monitor Tools
05/20/2016 07:21 PM <DIR> dvdcss
10/27/2016 09:30 PM <DIR> Enigma Software Group
07/27/2016 07:51 PM <DIR> EQATEC Analytics
09/13/2015 12:31 PM <DIR> FEZ
06/28/2014 10:40 PM <DIR> fltk.org
07/27/2016 10:04 PM <DIR> foobar2000
04/03/2015 12:05 AM <DIR> Frontier Developments
08/12/2016 12:28 PM <DIR> HelloGames
03/03/2013 07:34 AM <DIR> Identities
03/03/2013 10:16 AM <DIR> InstallShield
03/03/2013 10:28 AM <DIR> Intel Corporation
07/30/2016 10:35 PM <DIR> java
04/17/2016 10:30 PM <DIR> Live2DViewer
05/16/2014 06:23 PM <DIR> Logishrd
05/16/2014 06:23 PM <DIR> Logitech
02/21/2016 01:04 AM <DIR> Lumerical
03/03/2013 10:35 AM <DIR> Macromedia
07/01/2014 02:17 PM <DIR> Malwarebytes
02/16/2016 10:23 PM <DIR> MathWorks
02/07/2016 01:13 AM <DIR> MAXON
04/12/2011 03:28 AM <DIR> Media Center Programs
05/28/2013 06:37 AM <DIR> Media Player Classic
10/20/2016 06:57 PM <DIR> Microleaves
01/19/2016 03:57 PM <DIR> MiKTeX
12/23/2015 02:32 AM <DIR> mkxp
07/31/2014 11:27 PM <DIR> MotioninJoy
08/26/2016 03:06 PM <DIR> Mount&Blade Warband
10/20/2016 08:19 PM <DIR> Mozilla
09/14/2014 04:28 AM <DIR> MPC-HC
04/18/2014 12:13 AM <DIR> NCSOFT
05/15/2015 12:28 PM <DIR> New Technology Studio
03/29/2016 07:04 PM <DIR> Notepad++
03/05/2013 08:10 AM <DIR> NVIDIA
10/29/2016 06:19 AM <DIR> Origin
11/04/2015 07:47 PM <DIR> Plane9
10/16/2014 03:22 PM <DIR> Punch! Software
03/17/2013 03:57 AM <DIR> PunkBuster
08/25/2016 01:27 PM <DIR> qBittorrent
10/07/2016 02:49 PM <DIR> RenPy
04/02/2013 07:31 AM <DIR> Sierra Wireless
08/03/2016 08:02 PM <DIR> Skype
01/10/2016 11:47 PM <DIR> SOLIDWORKS
11/25/2015 02:33 AM <DIR> SpaceEngineers
08/18/2013 10:24 AM <DIR> Spore
10/27/2016 07:17 PM <DIR> Spotify
06/24/2015 04:25 PM <DIR> Steam
02/16/2016 10:26 PM <DIR> Subversion
09/16/2015 08:08 PM <DIR> Sun
08/01/2015 01:14 PM <DIR> Tap_Dungeon
05/01/2016 04:50 PM <DIR> texstudio
06/26/2014 04:25 PM <DIR> TheBannerSaga
03/06/2015 07:24 PM <DIR> uTorrent
09/09/2016 06:21 PM <DIR> Ventrilo
12/04/2015 01:13 AM <DIR> VisualAssistAtmel
10/19/2016 12:12 PM <DIR> vlc
01/17/2015 12:33 AM <DIR> WebApp
05/07/2013 02:16 PM <DIR> Winamp
02/08/2015 02:40 AM <DIR> Yacht Club Games
1 File(s) 12,005 bytes
86 Dir(s) 22,128,914,432 bytes free

========= End of CMD: =========

========= dir "%LocalAppdata%" =========

Volume in drive C has no label.
Volume Serial Number is 3E5D-6E02

Directory of C:\Users\David Ridley\AppData\Local

10/28/2016 10:48 PM <DIR> .
10/28/2016 10:48 PM <DIR> ..
05/29/2013 04:47 AM <DIR> 201280
08/08/2015 10:25 PM <DIR> 238010
12/30/2015 10:44 PM <DIR> ActiveSync
04/17/2016 10:21 PM <DIR> Adobe
07/27/2016 06:12 PM <DIR> Altium
07/27/2016 06:09 PM <DIR> Altium2004
07/27/2016 06:09 PM <DIR> AltiumSecurityService
07/12/2013 09:01 AM <DIR> Apple
07/12/2013 09:02 AM <DIR> Apple Computer
03/11/2013 07:38 AM <DIR> Apps
10/08/2016 06:09 PM <DIR> Arduino15
12/05/2015 11:02 PM <DIR> Aspyr
10/20/2015 04:53 PM <DIR> Atmel
10/20/2016 08:19 PM <DIR> Avira
10/20/2016 08:19 PM <DIR> AviraSpeedup
06/24/2015 04:25 PM <DIR> BANDAI NAMCO Games
10/29/2016 05:01 PM <DIR> Battle.net
07/05/2014 06:05 PM <DIR> BigHugeEngine
02/26/2016 08:13 PM <DIR> Bilago
11/16/2015 04:37 PM <DIR> Black_Tree_Gaming
07/19/2014 11:28 PM <DIR> Blizzard
10/11/2013 02:36 PM <DIR> Blizzard Entertainment
01/20/2016 08:46 PM <DIR> CAPCOM
07/21/2015 09:36 PM <DIR> CEF
03/11/2015 02:46 PM <DIR> Colossal Order
10/12/2016 05:23 PM <DIR> Comms
09/26/2016 07:51 PM <DIR> ConnectedDevicesPlatform
07/17/2015 09:56 PM <DIR> Corsair
10/28/2016 07:26 PM <DIR> CrashDumps
05/20/2016 07:32 PM <DIR> Cyberlink
01/10/2016 11:28 PM <DIR> DassaultSystemes
10/29/2016 05:01 PM <DIR> Deployment
07/14/2016 09:38 AM <DIR> Diagnostics
08/26/2016 09:59 PM <DIR> Discord
03/29/2014 12:13 AM <DIR> Downloaded Installations
08/21/2016 01:32 PM <DIR> dxhr
02/07/2014 08:35 PM <DIR> EdgeOfReality
10/26/2016 08:06 PM <DIR> ElevatedDiagnostics
08/21/2015 05:22 PM <DIR> Fallout3
11/19/2015 12:45 AM <DIR> Fallout4
08/19/2015 02:01 PM <DIR> FalloutNV
04/03/2015 12:05 AM <DIR> Frontier Developments
02/27/2016 01:01 AM <DIR> Frontier_Developments
05/29/2013 08:35 AM <DIR> Game Dev Tycoon
07/01/2015 08:55 PM 114,776 GDIPFONTCACHEV1.DAT
01/07/2015 01:25 AM <DIR> Gods_Will_Be_Watching
09/15/2015 10:51 PM <DIR> Google
07/19/2015 02:18 AM <DIR> GWX
04/10/2016 02:04 AM <DIR> HyperLightDrifter
05/14/2016 08:27 PM <DIR> id Software
04/21/2014 10:56 AM <DIR> Introversion
10/20/2015 04:58 PM <DIR> IsolatedStorage
05/16/2014 06:24 PM <DIR> Logitech
04/25/2013 02:54 AM <DIR> LogMeIn Rescue Applet
02/11/2016 06:40 PM <DIR> LOOT
01/18/2014 02:49 AM <DIR> LucasArts
02/27/2016 10:40 PM <DIR> Lumerical
02/16/2016 10:26 PM <DIR> MathWorks
05/20/2016 07:37 PM <DIR> MediaShow
09/26/2016 06:56 PM <DIR> Microsoft
03/14/2013 08:38 AM <DIR> Microsoft Help
02/15/2016 11:47 PM <DIR> MicrosoftEdge
01/19/2016 03:57 PM <DIR> MiKTeX
03/17/2013 09:33 AM <DIR> My Games
01/12/2016 12:14 AM <DIR> NBGI
04/18/2014 12:13 AM <DIR> NCSOFT
11/22/2015 09:21 PM <DIR> NetworkTiles
05/15/2015 12:28 PM <DIR> New Technology Studio
10/20/2016 09:14 PM <DIR> NVIDIA
10/22/2016 09:19 PM <DIR> NVIDIA Corporation
04/17/2015 06:51 PM <DIR> openvr
10/27/2016 03:45 PM <DIR> Origin
09/26/2016 05:01 PM <DIR> Packages
06/28/2014 01:43 PM <DIR> PAYDAY 2
04/24/2016 04:18 PM <DIR> PDF-TIFF-Tools.com
11/23/2015 04:21 PM <DIR> PeerDistRepub
03/03/2013 10:04 AM <DIR> Power2Go
01/19/2016 03:54 PM <DIR> Programs
11/22/2015 02:11 AM <DIR> Publishers
10/22/2016 03:05 PM <DIR> PunkBuster
03/10/2015 04:37 PM <DIR> qBittorrent
06/07/2014 08:16 PM <DIR> Razer
03/11/2014 02:16 AM <DIR> Razer_Inc
10/25/2016 04:30 PM 7,599 resmon.resmoncfg
04/17/2015 09:22 PM <DIR> Rockstar Games
10/20/2016 06:58 PM 3 run1.txt
03/03/2013 12:47 PM <DIR> SCE
02/05/2008 01:28 AM 51 setup.txt
06/28/2013 11:31 PM <DIR> SKIDROW
06/18/2014 03:50 AM <DIR> Skype
08/23/2015 10:53 PM <DIR> Skyrim
01/11/2016 04:11 PM <DIR> SolidWorks
10/27/2016 07:18 PM <DIR> Spotify
08/02/2016 10:15 PM <DIR> SquirrelTemp
12/26/2015 03:19 PM <DIR> Steam
07/15/2015 12:45 PM <DIR> Stefan_Wobbe
03/04/2013 05:49 AM <DIR> SWTOR
04/02/2013 08:53 AM <DIR> SWTORPerf
03/06/2013 06:00 AM <DIR> Targem
10/29/2016 05:06 PM <DIR> Temp
01/19/2016 11:17 PM <DIR> TempSWBackupDirectory
04/23/2013 03:58 AM <DIR> The Witcher 2
11/22/2015 02:11 AM <DIR> TileDataLayer
03/29/2014 12:13 AM <DIR> Tukui
07/11/2014 08:27 PM <DIR> Ubisoft
05/02/2013 03:55 AM <DIR> Ubisoft Game Launcher
07/23/2016 11:03 PM <DIR> VirtualStore
12/04/2015 01:13 AM <DIR> VisualAssistAtmel
08/01/2015 01:46 PM <DIR> Warframe
10/11/2016 08:29 PM <DIR> Windows Live
4 File(s) 122,429 bytes
108 Dir(s) 22,128,910,336 bytes free

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17120884 B
Java, Flash, Steam htmlcache => 62105578 B
Windows/system/drivers => 843187 B
Edge => 4249931 B
Chrome => 548738013 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 245302 B
NetworkService => 7036 B
David Ridley => 202627443 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 797.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:06:39 ====

deeprybka · October 30, 2016

18 hours ago, DeeRid said:

Was removing them myself my big problem

I don't think so, but for analytical purposes they were interesting. Let's do a final check up to make sure that no other malicious files are present:

Step 1

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to install the scanner.
It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
Agree to the terms, select Launch herdProtect and click Finish.
Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
When it finishes click on Save Results.
A Notepad with a report should open.

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

DeeRid · October 31, 2016

Here are the results of the scan. I made sure not to remove anything yet. A lot of it looks pretty familiar too.

Spoiler

Saved date:         10/31/2016 12:13:39 AM
Files detected:    79
Files scanned:        10,861
Processes scanned:    103
Modules scanned:    1,113
ASEPs scanned:        630
Downloads scanned:    1
Deep analysis:        13/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:        c:\program files (x86)\asus\assysctrlservice\1.00.11\asacpi.dll
Publisher:        ASUS
MD5:            a7a060977abc1d51246580efc3106293
SHA-1:            80171e4ad14d959a3ac61d484e6423cb5230e5e8
Created:        10/29/2016 5:28:34 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\program files (x86)\asus\axsp\1.02.00\pebiosinterface32.dll
Publisher:
MD5:            a5e71ec30f3c188c147cbe8fde94fba7
SHA-1:            64e5adc9b53d925ca4df1e8ff4f05103d578e8a8
Created:        10/29/2016 5:21:00 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - Trend Micro House Call as PAK_Generic.005
           - Trend Micro as PAK_Generic.005

---------------------------------------------------------------------------------

File path:        c:\program files (x86)\common files\battleye\beservice.exe
Publisher:
Signer:        Bastian Suter
MD5:            34c68197b2a3214b6200036d4e9d2653
SHA-1:            28568079b25b13dc19f4d77459e0e97718c015c4
Created:        4/26/2014 12:59:50 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - McAfee as Generic Obfuscated.c
           - McAfee Web Gateway as Generic Obfuscated.c

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\microsoft\windows\start menu\programs\startup\curseclientstartup.ccip
Publisher:
MD5:            d41d8cd98f00b204e9800998ecf8427e
SHA-1:            da39a3ee5e6b4b0d3255bfef95601890afd80709
Created:        3/11/2013 7:41:28 AM
Detections:        2
Determination:        Inconclusive
           - Microsoft Security Essentials as MonitoringTool:Win32/Ardamax (Undefined)
           - F-Secure as Application:W32/Generic.76bd994e9f!Online (Undefined)

---------------------------------------------------------------------------------

File path:        d:\programs\combined community codec pack\mpc\mpc-hc.exe
Publisher:        MPC-HC Team
MD5:            4572e2a72d8069ef51059c25f00d759a
SHA-1:            1c66636bc13ab816d2240e2c612e37c27cc04f68
Created:        9/14/2014 4:27:40 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Avira AntiVirus as TR/Crypt.EPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\program files (x86)\cyberlink\powerdvd10\pdvdlaunchpolicy.exe
Publisher:        CyberLink Corp.
Signer:        CyberLink Corp.
MD5:            a6f41bf69b7648d3a545f08cb187378a
SHA-1:            b2b07a455fdd1da15076540b8d07b215d4f858f0
Created:        3/8/2013 3:18:52 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\autohotkey112305_install.exe
Publisher:
MD5:            74fdbaf763d4b30c87dbe566c257095b
SHA-1:            b5528eae1b59c37f20a8bf6d4d72abee7a4d4f48
Created:        4/5/2016 1:29:32 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Rising Antivirus as PE:Malware.Generic(Thunder)!1.A1C4 [F] (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\ai_suite_ii_win7_z10215\drvresource\acpi\winvista\asacpi.sys
Publisher:
MD5:            dcdaab8697a47894a554050ce18d0b56
SHA-1:            27689d845d0afe300c8006c9721118638455a519
Created:        10/29/2016 5:27:19 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - The Hacker as Trojan/AutoRun.VB.bae (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\ai_suite_ii_win7_z10215\matrix_1.02.70\assysctrlservice\asacpi.dll
Publisher:        ASUS
MD5:            a7a060977abc1d51246580efc3106293
SHA-1:            80171e4ad14d959a3ac61d484e6423cb5230e5e8
Created:        10/29/2016 5:27:19 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\bin\win32\nativewebproxy.dll
Publisher:
MD5:            627ca8b0435781aa156e2bf242e59941
SHA-1:            2457a1b4a1f7000cc171c4569c6eca3c0948d750
Created:        1/16/2013 6:14:32 PM
Detections:        1
Determination:        Inconclusive
           - Emsisoft Anti-Malware as Android.Adware.Wapsx (Adware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\fdtd_solutions-8.15.758\fdtd_solutions\dotnetfx35\dotnetfx35setup.exe
Publisher:        Microsoft Corporation
Signer:        Microsoft Corporation
MD5:            269f314b87e6222a20e5f745b6b89783
SHA-1:            b0ca05c12ebb9a3610206bad7f219e02b7873cbd
Created:        1/29/2016 4:18:54 PM
Detections:        1
Determination:        Inconclusive
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\sakura-swim-club_windows_1_1_0\sakura_swim_club-all\lib\windows-i686\lib\bz2.pyd
Publisher:
MD5:            2309952a1136740f3871869cc13ab620
SHA-1:            7d9eb3ef678537c0026dc06e36f4d42b96b2627f
Created:        10/7/2016 5:51:48 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\sakura-swim-club_windows_1_1_0\sakura_swim_club-all\lib\windows-i686\lib\select.pyd
Publisher:
MD5:            3449bbfac55bfa14cdfd83e2d90f3d7e
SHA-1:            6bd778f81d672453b06e09dd405bd45e22062a70
Created:        10/7/2016 5:51:48 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\sakura-swim-club_windows_1_1_0\sakura_swim_club-all\lib\windows-i686\lib\_ctypes.pyd
Publisher:
MD5:            f9982f8b1176597b81ed1285d1616ce7
SHA-1:            7cf74cce8b20adeeff83e29eacc028bdf2d7c18a
Created:        10/7/2016 5:51:48 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\sakura-swim-club_windows_1_1_0\sakura_swim_club-all\lib\windows-i686\lib\_hashlib.pyd
Publisher:
MD5:            199bde23ef347dbccc6bf5a112b43c93
SHA-1:            ba98ef27c64eb858ac7c3ae6ff1dece53094e753
Created:        10/7/2016 5:51:48 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\downloads\sakura-swim-club_windows_1_1_0\sakura_swim_club-all\lib\windows-i686\lib\_socket.pyd
Publisher:
MD5:            07789a8c23bcebe32f8bfd4ce4af5ffb
SHA-1:            132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10
Created:        10/7/2016 5:51:48 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\desktop\adwcleaner.exe
Publisher:
Signer:        ToolsLib
MD5:            121f06c1da71965212f3b6c13c17c514
SHA-1:            45cbe2bef2e20e95d372a5a85112471107f483db
Created:        10/25/2016 3:09:51 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - Invincea as virus.win32.sality.at (Undefined)
           - Clam AntiVirus as Win.Trojan.Philadelphia-1 (Undefined)

---------------------------------------------------------------------------------

File path:        c:\windows\system32\maxxaudioaposhell64.dll
Publisher:        Waves Audio Ltd.
Signer:        US Waves inc
MD5:            a543f21f7ad2c1105f8e36872f934b56
SHA-1:            f3a734b363772023fa2da28f4ca151eb6cbbe5e9
Created:        3/3/2013 9:14:34 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\battle.net\client\blizzard launcher.1997\imageformats\qico4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            28a8046905a3a6c0e61b25927186411a
SHA-1:            71136a80fcb9d828d4db3918aad535d5ae2f2e5e
Created:        10/11/2013 9:22:32 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\battle.net\client\blizzard launcher.1997\imageformats\qsvg4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            5da61ec770494cb7450e62987eadd659
SHA-1:            b8b4e37ff0bbf2829a30ae9af401870d1a47e847
Created:        10/11/2013 9:22:32 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\battle.net\client\blizzard launcher.2005\imageformats\qico4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            28a8046905a3a6c0e61b25927186411a
SHA-1:            71136a80fcb9d828d4db3918aad535d5ae2f2e5e
Created:        11/8/2013 9:49:28 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\battle.net\client\blizzard launcher.2005\imageformats\qsvg4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            5da61ec770494cb7450e62987eadd659
SHA-1:            b8b4e37ff0bbf2829a30ae9af401870d1a47e847
Created:        11/8/2013 9:49:28 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\blizzard entertainment\battle.net\cache\03\65\0365085e6db8869534846414c5dcbdc1d1ffe13f8db92c1f12ea5c7eddf9298f.auth
Publisher:
MD5:            6813baa5e8df0427d5ee15f29fc86524
SHA-1:            eb06022c6648d7b07b7c94644e0077e839f21adb
Created:        7/1/2013 6:39:21 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Clam AntiVirus as WIN.Downloader.Adload-47 (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\application data\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
Publisher:
MD5:            140d0aaf310055ebebcdd91d3f0f522e
SHA-1:            8b0b8779b18467e4e180a74971aa469542a18f50
Created:        5/14/2014 5:36:31 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - Trend Micro House Call as PAK_Generic.001
           - Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path:        c:\programdata\battle.net\client\blizzard launcher.1997\imageformats\qico4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            28a8046905a3a6c0e61b25927186411a
SHA-1:            71136a80fcb9d828d4db3918aad535d5ae2f2e5e
Created:        10/11/2013 9:22:32 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\battle.net\client\blizzard launcher.1997\imageformats\qsvg4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            5da61ec770494cb7450e62987eadd659
SHA-1:            b8b4e37ff0bbf2829a30ae9af401870d1a47e847
Created:        10/11/2013 9:22:32 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\battle.net\client\blizzard launcher.2005\imageformats\qico4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            28a8046905a3a6c0e61b25927186411a
SHA-1:            71136a80fcb9d828d4db3918aad535d5ae2f2e5e
Created:        11/8/2013 9:49:28 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\battle.net\client\blizzard launcher.2005\imageformats\qsvg4.dll
Publisher:        Nokia Corporation and/or its subsidiary(-ies)
MD5:            5da61ec770494cb7450e62987eadd659
SHA-1:            b8b4e37ff0bbf2829a30ae9af401870d1a47e847
Created:        11/8/2013 9:49:28 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\blizzard entertainment\battle.net\cache\03\65\0365085e6db8869534846414c5dcbdc1d1ffe13f8db92c1f12ea5c7eddf9298f.auth
Publisher:
MD5:            6813baa5e8df0427d5ee15f29fc86524
SHA-1:            eb06022c6648d7b07b7c94644e0077e839f21adb
Created:        7/1/2013 6:39:21 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Clam AntiVirus as WIN.Downloader.Adload-47 (Undefined)

---------------------------------------------------------------------------------

File path:        c:\programdata\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
Publisher:
MD5:            140d0aaf310055ebebcdd91d3f0f522e
SHA-1:            8b0b8779b18467e4e180a74971aa469542a18f50
Created:        5/14/2014 5:36:31 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - Trend Micro House Call as PAK_Generic.001
           - Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\apps\2.0\ewqcz0pq.2cv\c7x1mp55.0n3\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee691d9d167f1e07\esmodinstaller\lua51.dll
Publisher:
MD5:            ab3e86ca543538979e1456ba3eac05d9
SHA-1:            f8ed571f55b2c9e47220237bb69ee4aa758495ec
Created:        7/18/2016 12:02:46 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\apps\2.0\ewqcz0pq.2cv\c7x1mp55.0n3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\esmodinstaller\lua51.dll
Publisher:
MD5:            ab3e86ca543538979e1456ba3eac05d9
SHA-1:            f8ed571f55b2c9e47220237bb69ee4aa758495ec
Created:        7/18/2016 12:02:46 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\downloaded installations\{4e9a8dd7-e12a-42ff-839f-796cdaaed052}\tukui client.msi
Publisher:
MD5:            d3b16ecf2cff28e418559e8d5b74f56d
SHA-1:            1318a5143cc14ece7315c67e4ea6830c5979be6d
Created:        3/29/2014 12:13:18 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Trend Micro House Call as TROJ_GEN.F47V0318 (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\new technology studio\apps\openiv\system\bass.dll
Publisher:        Un4seen Developments
MD5:            fd6b5b4d4e8fbcf58b8178eff29c35aa
SHA-1:            ee6c552221e893be9d742155dd49fdd97c45b9be
Created:        5/15/2015 12:28:03 PM
Detections:        2
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.CDB (Undefined)
           - Antiy Labs AVL as Worm/Win32.NetSky (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\new technology studio\apps\openiv\system\qsort.dll
Publisher:
MD5:            fa6596d0393fd4acb6b11d9a090e1286
SHA-1:            b2d1720c54e3a31d5ba1c70c22550321b8490748
Created:        5/15/2015 12:28:03 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - ByteHero BDV as Trojan.Malware.Win32.xPack.i (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\nvidia\nvbackend\streamingassets\fallout_4\automated_launch.exe
Publisher:
MD5:            f14333f98fd707f70039aa79dcd88b24
SHA-1:            2774ad744d4c864eb0bb25568265f82d7b49e9f6
Created:        11/9/2015 9:43:24 AM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Spy.Viking.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\arctrl.exe
Publisher:
MD5:            7ba97d8e2c706056ba0410139bda7d40
SHA-1:            03728d1b70b289e576c3fff692e0fdcdccb4fe8d
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AG (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\bg5pluslatex.exe
Publisher:
MD5:            14b1265433c555b0ff8e01c0af7c4d3d
SHA-1:            b85e2431b44ff477f2beecd5b335f09ca6159d3d
Created:        1/2/2016 6:22:18 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Patched.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\biber.exe
Publisher:
MD5:            ce6b3a8e493132ac5f8cc4181b9322d9
SHA-1:            fcc95bb73f36923b3bf4eaa27e536ea89bfcfc90
Created:        12/22/2015 9:51:53 AM
Detections:        3
Determination:        Inconclusive
           - Bkav FE as HW32.Packed (Undefined)
           - Jiangmin as TrojanDownloader.Agent.favj (Undefined)
           - Qihoo 360 Security as HEUR/QVM20.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\bibtex.exe
Publisher:
MD5:            2dbb14ccc862f67835435b041d1ac064
SHA-1:            682a0c8b1595989345c342e8545123b93449d571
Created:        1/2/2016 6:22:09 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\cef5pdflatex.exe
Publisher:
MD5:            fec29ab0a56667bc3b96f2cb0b970e74
SHA-1:            25830fb847e8ae55925c4e12fcc05dc2196b6be1
Created:        1/2/2016 6:22:16 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\ceflatex.exe
Publisher:
MD5:            7fe3b97ded2cd6770ae6cdfa38f86606
SHA-1:            2b21f007be2c42ac388b82054040f5e4828319f9
Created:        1/2/2016 6:22:04 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\dvicopy.exe
Publisher:
MD5:            bfd2e529365725aa0ee656328cd6f2f5
SHA-1:            135314784c7d9747c34134a795d6dddc03dbe2bf
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\dvipdfmx.exe
Publisher:
MD5:            ca3031adda4e3319a67948f2e3cc91d8
SHA-1:            36c3df2e44cece748ebe4bc220c57501983ebd61
Created:        1/2/2016 6:22:18 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AG (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\epsffit.exe
Publisher:
MD5:            ddb9c9696aa14db220d1070696413226
SHA-1:            5f19777995acc808d001eccd71f13430e5843a4a
Created:        1/2/2016 6:22:15 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.XPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-luatex.exe
Publisher:
MD5:            0a93cdfa7eded35bc0db1dcf6f9b4db7
SHA-1:            13338e0eb52049ee757c072f959d88a606b0b4cf
Created:        1/2/2016 6:22:08 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.XPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-makebase.exe
Publisher:
MD5:            6905dac77558d19283dc9e8530164505
SHA-1:            4143410d5950f2cf27d8eeb8db2642f168e38ced
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-makefmt.exe
Publisher:
MD5:            35da7b28f3b28ddc56b25ecb6e061090
SHA-1:            821d3d1d19145184e57ca4cee24c73bf866cb6ce
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Werly.A (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-mf.exe
Publisher:
MD5:            0ac399a3afd511bfc53cd591aaccfdb7
SHA-1:            4682d46c34a44828d7919241fdc613d5710296a3
Created:        1/2/2016 6:22:14 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.A (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-taskbar-icon.exe
Publisher:
MD5:            6ce61ba1f40187ab5f5a5441f08222e6
SHA-1:            117be8aaeec6f51d796b3f50db8aa7825ddd3c95
Created:        1/19/2016 2:57:41 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.EPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-update.exe
Publisher:
MD5:            6ce61ba1f40187ab5f5a5441f08222e6
SHA-1:            117be8aaeec6f51d796b3f50db8aa7825ddd3c95
Created:        1/19/2016 2:57:41 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.EPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\miktex-update_admin.exe
Publisher:
MD5:            28e4d77ea5bff041d95a70b78a9e0f12
SHA-1:            587b64e4f6b87592d584b855911d712f383c6171
Created:        1/19/2016 2:57:41 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Qihoo 360 Security as HEUR/QVM20.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\mktexlsr.exe
Publisher:
MD5:            bd80762f072dfd87b0645781125b2184
SHA-1:            783dc4a66ecb1d25b1f6c1dfc9f498bc18f6c400
Created:        1/2/2016 6:22:10 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\mthelp.exe
Publisher:
MD5:            0ed1394b5ce3cb6a6ae93941e5eb317b
SHA-1:            7bdf0be332359d00319f88b744410e324ca6066d
Created:        1/2/2016 6:22:13 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.XPACK.Gen3

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\odvicopy.exe
Publisher:
MD5:            1715e82b0a650ba7f81c86d005e600c3
SHA-1:            912defd7864e3916ac39d79281d2a2cc75433430
Created:        1/2/2016 6:22:10 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\pdfclose.exe
Publisher:
MD5:            bcb2f67292bf6dfa158a272ecbf7cb10
SHA-1:            1d7ac50d10da33c78b4010825aa88225f012cc40
Created:        1/2/2016 6:22:16 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AG (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\pdftohtml.exe
Publisher:
MD5:            2c7f7209a3a8d89ab93538803e7460e2
SHA-1:            81d4c6d72656a2ce2bd66065fbac999c308a79e3
Created:        1/2/2016 6:22:10 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Virut.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\pdfunite.exe
Publisher:
MD5:            91228968cb0637622e405ab7ef60f419
SHA-1:            0e5c5aa1d7858c35fdd8eaf7fdb39712b1d55001
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\psnup.exe
Publisher:
MD5:            143455588f73ee5719ef7b8b0da67b10
SHA-1:            9629c2107289875a11c405b6fd00970d61668108
Created:        1/2/2016 6:22:11 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\sjislatex.exe
Publisher:
MD5:            e29333f8fc99d57d652684cc67dcefff
SHA-1:            6972303f173451e3399a45351ff95eebd019cba4
Created:        1/2/2016 6:22:15 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\texify.exe
Publisher:
MD5:            5746eb3f2d80a1f46716897ef87c06f7
SHA-1:            c60b5fcaf87b2cef6151048337cae007c6991f43
Created:        1/2/2016 6:22:06 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Virut.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\vftovp.exe
Publisher:
MD5:            429c0211c6ceb6d8a2d79bb07f05486b
SHA-1:            9dae1f4db0362c044e28c1cf8fe1edfda12a5f17
Created:        1/2/2016 6:22:16 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AG (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\vptovf.exe
Publisher:
MD5:            ef8e82f3b76f93a7bf7747dae0690936
SHA-1:            4a6337ab1159179f902bc663d80d5e29ea3aabca
Created:        1/2/2016 6:22:06 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AG (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\weave.exe
Publisher:
MD5:            d1378b2afff9dab38dfe637758b75cfd
SHA-1:            8db18d77e5abaa21cc632331670ec3e6db20cf2d
Created:        1/2/2016 6:22:16 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as W32/Sality.AT (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\internal\copystart.exe
Publisher:
MD5:            6ce61ba1f40187ab5f5a5441f08222e6
SHA-1:            117be8aaeec6f51d796b3f50db8aa7825ddd3c95
Created:        1/9/2016 2:12:52 PM
Detections:        1
Determination:        Inconclusive
           - Avira AntiVirus as TR/Crypt.EPACK.Gen2

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\local\programs\miktex 2.9\miktex\bin\internal\copystart_admin.exe
Publisher:
MD5:            28e4d77ea5bff041d95a70b78a9e0f12
SHA-1:            587b64e4f6b87592d584b855911d712f383c6171
Created:        1/9/2016 2:13:02 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Qihoo 360 Security as HEUR/QVM20.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\lapitos-galacticraft\bin\natives\jinput-dx8.dll
Publisher:
MD5:            ae25629d223b95f73f2f27800da6bbb3
SHA-1:            8bddc9f7498593c38d8b46e4742b9da676ac2ac4
Created:        4/17/2013 8:27:07 AM
Detections:        1
Determination:        Inconclusive
           - F-Secure as Win32.Ramnit.N (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\lapitos-galacticraft\bin\natives\lwjgl.dll
Publisher:
MD5:            517d0f050ebbf8a7d2c6a4def78218dd
SHA-1:            dbce970a2d4cf6485519ef1b730bd3246fa390d9
Created:        4/17/2013 8:27:07 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.Keylogger (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\tekkit\bin\natives\jinput-dx8.dll
Publisher:
MD5:            ae25629d223b95f73f2f27800da6bbb3
SHA-1:            8bddc9f7498593c38d8b46e4742b9da676ac2ac4
Created:        4/17/2013 5:00:37 AM
Detections:        1
Determination:        Inconclusive
           - F-Secure as Win32.Ramnit.N (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\tekkit\bin\natives\lwjgl.dll
Publisher:
MD5:            517d0f050ebbf8a7d2c6a4def78218dd
SHA-1:            dbce970a2d4cf6485519ef1b730bd3246fa390d9
Created:        4/17/2013 5:00:37 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.Keylogger (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\tekkitmain\bin\natives\jinput-dx8.dll
Publisher:
MD5:            ae25629d223b95f73f2f27800da6bbb3
SHA-1:            8bddc9f7498593c38d8b46e4742b9da676ac2ac4
Created:        5/21/2013 4:26:53 AM
Detections:        1
Determination:        Inconclusive
           - F-Secure as Win32.Ramnit.N (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\tekkitmain\bin\natives\lwjgl.dll
Publisher:
MD5:            517d0f050ebbf8a7d2c6a4def78218dd
SHA-1:            dbce970a2d4cf6485519ef1b730bd3246fa390d9
Created:        5/21/2013 4:26:53 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.Keylogger (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\vanilla\bin\natives\twitchsdk.dll
Publisher:
MD5:            e48df0804e70ce357b31b3825f5e238e
SHA-1:            0035c49d3855ba095ee89cc88e322d9c32bcd3f7
Created:        2/8/2014 9:15:50 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Clam AntiVirus as Win.Adware.Browsefox-12346 (Adware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\voltz\bin\natives\jinput-dx8.dll
Publisher:
MD5:            ae25629d223b95f73f2f27800da6bbb3
SHA-1:            8bddc9f7498593c38d8b46e4742b9da676ac2ac4
Created:        4/17/2013 9:22:43 AM
Detections:        1
Determination:        Inconclusive
           - F-Secure as Win32.Ramnit.N (Malware)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\.technic\voltz\bin\natives\lwjgl.dll
Publisher:
MD5:            517d0f050ebbf8a7d2c6a4def78218dd
SHA-1:            dbce970a2d4cf6485519ef1b730bd3246fa390d9
Created:        4/17/2013 9:22:43 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as HW32.Keylogger (Undefined)

---------------------------------------------------------------------------------

File path:        c:\users\david ridley\appdata\roaming\punkbuster\pbsetup\pbsvc.exe
Publisher:
Signer:        Even Balance, Inc.
MD5:            3a5b5a6404badfb949979dbacd8b1688
SHA-1:            d86bc47f0572b6f43bc67c3e8d0f455724c8cdd6
Created:        11/23/2011 10:38:29 AM
Detections:        1
Determination:        Ignore detections (false positive)
           - Bkav FE as W32.Clode00.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:        c:\program files\logitech gaming software\uninstallhlpr.exe
Publisher:
MD5:            5495d071ad71b06fec988d3878624d0f
SHA-1:            4a41f132a280423bb1da2ca476ab3e2164133bb6
Created:        5/16/2014 6:24:15 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Qihoo 360 Security as Malware.QVM06.Gen (Undefined)

---------------------------------------------------------------------------------

File path:        c:\program files\nexus mod manager\scripttypes\antlrutil.dll
Publisher:        Black Tree Gaming
MD5:            075c82f971e9eed51f0f683ee33dd358
SHA-1:            1f99b3d76b170f7b8fbf096795649b90d24e51a0
Created:        8/19/2015 1:47:09 PM
Detections:        1
Determination:        Ignore detections (false positive)
           - Avira AntiVirus as TR/Crypt.XPACK.Gen

---------------------------------------------------------------------------------

File path:        c:\program files\nvidia corporation\ansel\tools\nvcameraconfiguration.exe
Publisher:
Signer:        NVIDIA Corporation
MD5:            c3b4e74f1a06bf1589454c5b5c9f2c7b
SHA-1:            5a2193260e70946f7ed14ec86569557d6fe83ef1
Created:        7/15/2016 1:49:00 PM
Detections:        1
Determination:        Adware
           - Reason Heuristics as Adware.Eorezo.RE (M) (Adware)

deeprybka · October 31, 2016

Step 1

Start FRST with administator privileges.

Make sure the following option ischecked:
Press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

DeeRid · November 2, 2016

Here are the logged results.

FRST.txt

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by David Ridley (administrator) on TARS (01-11-2016 23:37:16)
Running from C:\Users\David Ridley\Desktop
Loaded Profiles: David Ridley (Available Profiles: David Ridley & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Electronic Arts) D:\Programs\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Lumerical\MPICH2\smpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) D:\Steam\Steam.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
(Blizzard Entertainment) D:\Games\Battle.net\Battle.net.8098\Battle.net.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Curse) C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() D:\Games\Battle.net\Battle.net.8098\Battle.net Helper.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Valve Corporation) D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() D:\Games\Battle.net\Battle.net.8098\Battle.net Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\David Ridley\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hammer & Chisel, Inc.) C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Electronic Arts) D:\Programs\Origin\Origin.exe
() D:\Programs\Origin\QtWebEngineProcess.exe
() D:\Programs\Origin\QtWebEngineProcess.exe
() D:\Programs\Origin\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-03-04] (Bitleader)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => "D:\Programs\Corsair HeadSET\HeadsetControlPanel.exe" /minimized
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61648 2016-09-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-29] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [Spotify Web Helper] => C:\Users\David Ridley\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-31] (Spotify Ltd)
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [Battle.net] => D:\Games\Battle.net\Battle.net Launcher.exe [3122152 2016-07-14] (Blizzard Entertainment)
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\Plane9.sCr [78336 2015-10-08] ()
Startup: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-03-11] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{20a4417c-953a-4bac-b61f-11a9eafd7705}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b51a0e4-7ccd-4b49-9eca-220ea0c9cf7e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86cc98c1-c0c1-4b55-93de-bd174cd7f7b7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> {FEDB1E4F-05DC-4E24-B331-915E81941509} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> D:\Programs\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programs\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Programs\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-814913500-3249027553-3533128871-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.humble.k12.tx.us/Domain/3571
CHR StartupUrls: Default -> "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AU&userid=4fc629e6-6836-4b2d-811b-bab603bdbc8a&searchtype=hp&installDate=29/03/2013","hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN25722812452941331&UM=2","hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch","hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - D:\Programs\Java\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U45) - D:\Programs\Java\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - D:\Programs\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Programs\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Profile: C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (Private Joe - Zombie Invasion) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlnhoafokheabjinmbkfiibnjjiglgf [2013-03-03]
CHR Extension: (Google Docs) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Floating for YouTube™ Extension) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2016-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-20]
CHR Extension: (Z-Type) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepkcaoeagfebfkndfjeinnnfpcgobli [2013-03-03]
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb [2015-09-27]
CHR Extension: (Floating for YouTube™) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-05-23]
CHR Extension: (Speed Dial 2) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-10-25]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-14]
CHR Extension: (Steambirds: Survival) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2013-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (4chan X) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2016-10-27]
CHR Extension: (Spring Mahjong) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl [2015-05-01]
CHR Extension: (Gmail) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\David Ridley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-09] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350584 2016-09-26] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-07] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-07-27] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [240416 2016-05-11] (EasyAntiCheat Ltd)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 mpich2_smpd; C:\Program Files\Lumerical\MPICH2\smpd.exe [1219072 2011-05-17] () [File not signed]
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-29] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-29] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-29] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programs\Origin\OriginClientService.exe [2142728 2016-10-27] (Electronic Arts)
R2 Origin Web Helper Service; D:\Programs\Origin\OriginWebHelperService.exe [2209296 2016-10-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-10-22] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-10-22] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-01-10] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [49760 2012-01-05] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-09-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-09-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-09-27] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [23640 2016-09-27] (Avira Operations GmbH & Co. KG)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-29] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 21:57 - 2016-11-01 21:57 - 00001361 _____ C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titanfall2 - Shortcut.lnk
2016-10-31 20:10 - 2016-10-31 20:10 - 00082653 _____ C:\Users\David Ridley\Downloads\3305 Exam 2 Prep F16 (3).pdf
2016-10-31 19:31 - 2016-10-31 19:31 - 08929014 _____ C:\Users\David Ridley\Downloads\Environmental Issues -.pptx
2016-10-31 19:31 - 2016-10-31 19:31 - 05675515 _____ C:\Users\David Ridley\Downloads\Environmental Ethics part 2.pptx
2016-10-31 19:30 - 2016-10-31 19:31 - 31844439 _____ C:\Users\David Ridley\Downloads\Environmental Ethics part 1.pptx
2016-10-31 18:06 - 2016-10-31 18:06 - 06828394 _____ C:\Users\David Ridley\Downloads\International Issues - EGR 3305.pptx
2016-10-31 17:43 - 2016-10-31 17:43 - 01868905 _____ C:\Users\David Ridley\Downloads\Discrimination.pptx
2016-10-31 17:32 - 2016-10-31 17:32 - 01641002 _____ C:\Users\David Ridley\Downloads\Sexual Harassment.pptx
2016-10-30 23:49 - 2016-10-30 23:49 - 03433445 _____ C:\Users\David Ridley\Downloads\Intellectual Property.pptx
2016-10-30 23:47 - 2016-10-30 23:47 - 02827152 _____ (Reason Company Software Inc.) C:\Users\David Ridley\Downloads\herdProtectScan_Portable (1).exe
2016-10-30 23:46 - 2016-10-30 23:46 - 00000000 ____D C:\Users\David Ridley\Desktop\Reason
2016-10-30 23:44 - 2016-10-30 23:44 - 02827152 _____ (Reason Company Software Inc.) C:\Users\David Ridley\Downloads\herdProtectScan_Portable.exe
2016-10-30 23:14 - 2016-10-30 23:15 - 01857991 _____ C:\Users\David Ridley\Downloads\Whistleblowing.pptx
2016-10-30 23:05 - 2016-10-30 23:05 - 02210677 _____ C:\Users\David Ridley\Downloads\Conflict of Interest.pptx
2016-10-30 22:15 - 2016-10-30 22:15 - 00082653 _____ C:\Users\David Ridley\Downloads\3305 Exam 2 Prep F16 (2).pdf
2016-10-30 21:21 - 2016-10-30 21:21 - 00082653 _____ C:\Users\David Ridley\Downloads\3305 Exam 2 Prep F16 (1).pdf
2016-10-30 21:20 - 2016-10-30 21:20 - 00029779 _____ C:\Users\David Ridley\Downloads\ELC4332_Exam_1_study_guide_Fa2016.pdf
2016-10-29 17:28 - 2010-08-03 13:21 - 00014464 _____ C:\WINDOWS\SysWOW64\Drivers\AsUpIO.sys
2016-10-29 17:28 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\WINDOWS\SysWOW64\Drivers\UpdateHelper.dll
2016-10-29 17:27 - 2016-10-29 17:27 - 00000000 ____D C:\Users\David Ridley\Downloads\AI_Suite_II_Win7_Z10215
2016-10-29 17:27 - 2008-01-04 13:34 - 00011832 ____N C:\WINDOWS\SysWOW64\Drivers\AsInsHelp64.sys
2016-10-29 17:27 - 2008-01-04 13:34 - 00010216 ____N C:\WINDOWS\SysWOW64\Drivers\AsInsHelp32.sys
2016-10-29 17:26 - 2016-10-29 17:26 - 30857076 _____ C:\Users\David Ridley\Downloads\AI_Suite_II_Win7_Z10215.zip
2016-10-29 17:21 - 2016-10-29 17:21 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2016-10-29 17:20 - 2016-10-29 17:27 - 00000000 ____D C:\ProgramData\ASUS
2016-10-29 17:20 - 2014-09-08 21:14 - 00028672 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\AsIO.dll
2016-10-29 17:20 - 2014-09-08 21:14 - 00015232 _____ C:\WINDOWS\SysWOW64\Drivers\AsIO.sys
2016-10-29 17:19 - 2016-10-29 17:19 - 70818886 _____ C:\Users\David Ridley\Downloads\AISuite3_Win7-8-81-10_SabertoothZ97_V10102.zip
2016-10-29 17:19 - 2016-10-29 17:19 - 00000000 ____D C:\Users\David Ridley\Downloads\AISuite3_Win7-8-81-10_SabertoothZ97_V10102
2016-10-28 19:52 - 2016-10-28 19:52 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-10-28 19:25 - 2016-10-25 15:00 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-28 19:24 - 2016-10-28 19:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-28 19:24 - 2016-09-09 13:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-10-28 19:24 - 2016-09-09 13:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-10-28 19:24 - 2016-09-09 13:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-10-28 19:24 - 2016-09-09 13:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-10-28 19:23 - 2016-10-25 16:40 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 28202040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 10782952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 10332664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 09120512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 08723968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 02940352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 02574784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437570.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437570.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00384448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-10-28 19:23 - 2016-10-25 16:40 - 00327224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-10-27 21:48 - 2016-10-15 00:11 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-27 21:48 - 2016-10-14 23:51 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-27 21:48 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 21:48 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 21:48 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 21:48 - 2016-10-14 23:48 - 07817568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-27 21:48 - 2016-10-14 23:48 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-27 21:48 - 2016-10-14 23:48 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-27 21:48 - 2016-10-14 23:48 - 00773712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-27 21:48 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 21:48 - 2016-10-14 23:47 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-27 21:48 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 21:48 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 21:48 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 21:48 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 21:48 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-27 21:48 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-27 21:48 - 2016-10-14 23:32 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-10-27 21:48 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 21:48 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 21:48 - 2016-10-14 23:30 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-27 21:48 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 21:48 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 21:48 - 2016-10-14 23:30 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-10-27 21:48 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 21:48 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 21:48 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 21:48 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 21:48 - 2016-10-14 23:26 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-27 21:48 - 2016-10-14 23:26 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 21:48 - 2016-10-14 23:26 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-10-27 21:48 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 21:48 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 21:48 - 2016-10-14 23:22 - 01608896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-10-27 21:48 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 21:48 - 2016-10-14 23:22 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-27 21:48 - 2016-10-14 23:22 - 00628040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-27 21:48 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 21:48 - 2016-10-14 23:19 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-27 21:48 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-27 21:48 - 2016-10-14 23:18 - 00576400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-27 21:48 - 2016-10-14 23:18 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-10-27 21:48 - 2016-10-14 23:15 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-27 21:48 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-27 21:48 - 2016-10-14 23:15 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-10-27 21:48 - 2016-10-14 23:14 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-27 21:48 - 2016-10-14 23:11 - 01424488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-10-27 21:48 - 2016-10-14 23:11 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-10-27 21:48 - 2016-10-14 23:11 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-27 21:48 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-27 21:48 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 21:48 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 21:48 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 21:48 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 21:48 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-27 21:48 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-27 21:48 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 21:48 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-27 21:48 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 21:48 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 21:48 - 2016-10-14 22:58 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-10-27 21:48 - 2016-10-14 22:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-10-27 21:48 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 21:48 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 21:48 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-27 21:48 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-27 21:48 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 21:48 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-27 21:48 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 21:48 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 21:48 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 21:48 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-27 21:48 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 21:48 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 21:48 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-27 21:48 - 2016-10-14 22:54 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-10-27 21:48 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-27 21:48 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-10-27 21:48 - 2016-10-14 22:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-10-27 21:48 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 21:48 - 2016-10-14 22:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-10-27 21:48 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 21:48 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 21:48 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 21:48 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 21:48 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-27 21:48 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 21:48 - 2016-10-14 22:48 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-27 21:48 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 21:48 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-27 21:48 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 21:48 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 21:48 - 2016-10-14 22:47 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-27 21:48 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-27 21:48 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 21:48 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 21:48 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 21:48 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 21:48 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 21:48 - 2016-10-14 22:46 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-10-27 21:48 - 2016-10-14 22:45 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-27 21:48 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 21:48 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 21:48 - 2016-10-14 22:45 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-10-27 21:48 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 21:48 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 21:48 - 2016-10-14 22:44 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-10-27 21:48 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 21:48 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-27 21:48 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 21:48 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 21:48 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-10-27 21:48 - 2016-10-14 22:42 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-27 21:48 - 2016-10-14 22:40 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-27 21:48 - 2016-10-14 22:40 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-10-27 21:48 - 2016-10-14 22:39 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-10-27 21:48 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-27 21:48 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-27 21:48 - 2016-10-14 22:36 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 21:48 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 21:48 - 2016-10-14 22:36 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-27 21:48 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 02999808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-27 21:48 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-27 21:48 - 2016-10-14 22:35 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-27 21:48 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 21:48 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-27 21:48 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-27 21:48 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-27 21:48 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-27 21:47 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-27 21:47 - 2016-10-14 23:32 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-10-27 21:47 - 2016-10-14 23:31 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-27 21:47 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 21:47 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 21:47 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 21:47 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 21:47 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 21:47 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 21:47 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-27 21:47 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 21:47 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 21:47 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 21:47 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-27 21:47 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-27 21:47 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-27 21:47 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-27 21:47 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-27 21:47 - 2016-10-14 23:15 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-27 21:47 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-27 21:47 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-27 21:47 - 2016-10-14 23:15 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-10-27 21:47 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-27 21:47 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-27 21:47 - 2016-10-14 23:02 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-27 21:47 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 21:47 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 21:47 - 2016-10-14 22:57 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-10-27 21:47 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-27 21:47 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 21:47 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 21:47 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 21:47 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 21:47 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-27 21:47 - 2016-10-14 22:54 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-27 21:47 - 2016-10-14 22:54 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-27 21:47 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-27 21:47 - 2016-10-14 22:53 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-27 21:47 - 2016-10-14 22:52 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-27 21:47 - 2016-10-14 22:51 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-27 21:47 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-27 21:47 - 2016-10-14 22:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-10-27 21:47 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-27 21:47 - 2016-10-14 22:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-10-27 21:47 - 2016-10-14 22:49 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-10-27 21:47 - 2016-10-14 22:49 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-10-27 21:47 - 2016-10-14 22:48 - 23680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-27 21:47 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-27 21:47 - 2016-10-14 22:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-10-27 21:47 - 2016-10-14 22:46 - 19418112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-27 21:47 - 2016-10-14 22:46 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-27 21:47 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 21:47 - 2016-10-14 22:44 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-10-27 21:47 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-27 21:47 - 2016-10-14 22:42 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-27 21:47 - 2016-10-14 22:42 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-27 21:47 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 21:47 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-27 21:47 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 21:47 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 21:47 - 2016-10-14 22:40 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-27 21:47 - 2016-10-14 22:39 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-27 21:47 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-27 21:47 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 21:47 - 2016-10-14 22:39 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-10-27 21:47 - 2016-10-14 22:38 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-10-27 21:47 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-27 21:47 - 2016-10-14 22:37 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-27 21:47 - 2016-10-14 22:37 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-27 21:47 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-27 21:47 - 2016-10-14 22:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-10-27 21:47 - 2016-10-14 22:35 - 02670592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-27 21:47 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-27 21:47 - 2016-10-14 22:35 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-27 21:47 - 2016-10-14 22:35 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-27 21:47 - 2016-10-14 22:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-27 21:47 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 21:40 - 2016-10-27 21:40 - 00082653 _____ C:\Users\David Ridley\Downloads\3305 Exam 2 Prep F16.pdf
2016-10-27 21:38 - 2016-10-27 21:38 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-10-27 20:10 - 2016-10-27 20:42 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-10-27 15:36 - 2016-11-01 23:36 - 00000000 ____D C:\Users\David Ridley\Desktop\FRST-OlderVersion
2016-10-27 15:36 - 2016-10-27 15:36 - 00000255 _____ C:\Users\David Ridley\Desktop\Search.txt
2016-10-26 20:04 - 2016-10-26 20:04 - 00221662 _____ C:\Users\David Ridley\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-10-26 15:39 - 2016-10-26 15:39 - 00217749 _____ C:\Users\David Ridley\Downloads\ELC4332_Fa16_Quiz8_study_material.pdf
2016-10-26 14:05 - 2016-10-26 14:05 - 00000000 ____D C:\Program Files (x86)\ESET
2016-10-26 14:04 - 2016-10-26 14:04 - 02870984 _____ (ESET) C:\Users\David Ridley\Desktop\esetsmartinstaller_enu.exe
2016-10-26 13:57 - 2016-10-27 21:30 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Enigma Software Group
2016-10-26 13:57 - 2016-10-26 13:57 - 00000000 _____ C:\autoexec.bat
2016-10-26 13:56 - 2016-10-26 13:58 - 28076656 _____ (SUPERAntiSpyware) C:\Users\David Ridley\Downloads\SUPERAntiSpyware.exe
2016-10-26 13:56 - 2016-10-26 13:56 - 00000000 ____D C:\sh4ldr
2016-10-26 13:54 - 2016-10-26 13:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\David Ridley\Downloads\spybot-2.4-1.exe
2016-10-26 13:31 - 2016-10-26 13:31 - 02222091 _____ C:\Users\David Ridley\Downloads\Amish Technology.pdf
2016-10-25 19:20 - 2016-11-01 19:20 - 00003308 _____ C:\WINDOWS\System32\Tasks\IORRT
2016-10-25 15:52 - 2016-10-25 15:52 - 08355803 _____ C:\Users\David Ridley\Downloads\E7246_Sabertooth_Z77.zip
2016-10-25 15:25 - 2016-10-27 21:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-25 15:25 - 2016-10-25 15:34 - 00000000 ____D C:\Users\David Ridley\Desktop\mbar
2016-10-25 15:24 - 2016-10-25 15:24 - 16563352 _____ (Malwarebytes Corp.) C:\Users\David Ridley\Desktop\mbar-1.09.3.1001.exe
2016-10-25 15:18 - 2016-10-25 15:20 - 50110688 _____ (Microsoft Corporation) C:\Users\David Ridley\Desktop\Windows-KB890830-x64-V5.41 (1).exe
2016-10-25 15:17 - 2016-10-25 15:17 - 00000933 _____ C:\Users\David Ridley\Desktop\JRT.txt
2016-10-25 15:15 - 2016-10-25 15:15 - 01631928 _____ (Malwarebytes) C:\Users\David Ridley\Desktop\JRT.exe
2016-10-25 15:10 - 2016-10-27 20:38 - 00000000 ____D C:\AdwCleaner
2016-10-25 15:09 - 2016-10-25 15:09 - 03910208 _____ C:\Users\David Ridley\Desktop\AdwCleaner.exe
2016-10-25 14:57 - 2016-10-29 17:06 - 00039412 _____ C:\Users\David Ridley\Desktop\Fixlog.txt
2016-10-25 14:56 - 2016-10-25 14:56 - 00001401 _____ C:\Users\David Ridley\Downloads\Fixlist.txt.5c3c0f315de9711050e9aec10152ba05
2016-10-25 14:54 - 2016-10-25 14:54 - 00026983 _____ C:\Users\David Ridley\Downloads\Addition.txt.7205e7d26a4a4035e53e435a0d4a670e
2016-10-25 14:54 - 2016-10-25 14:54 - 00026983 _____ C:\Users\David Ridley\Downloads\Addition.txt (1).7205e7d26a4a4035e53e435a0d4a670e
2016-10-25 14:53 - 2016-11-01 23:37 - 00027106 _____ C:\Users\David Ridley\Desktop\FRST.txt
2016-10-25 14:53 - 2016-11-01 23:37 - 00000000 ____D C:\FRST
2016-10-25 14:53 - 2016-10-25 15:48 - 00121445 _____ C:\Users\David Ridley\Desktop\Addition.txt
2016-10-25 14:53 - 2016-10-25 14:53 - 00099648 _____ C:\Users\David Ridley\Downloads\FRST.txt.9be9238ce438ed3497c2ec7040426373
2016-10-25 14:52 - 2016-11-01 23:36 - 02408960 _____ (Farbar) C:\Users\David Ridley\Desktop\FRST64.exe
2016-10-25 09:52 - 2016-10-25 09:52 - 00000000 _____ C:\WINDOWS\ab3954e3ffac60da92a20e48c52ee2c5.VIR
2016-10-24 17:45 - 2016-10-22 02:25 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437563.dll
2016-10-24 17:45 - 2016-10-22 02:25 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437563.dll
2016-10-23 15:42 - 2016-10-23 15:42 - 00292184 _____ (Microsoft Corporation) C:\Users\David Ridley\Downloads\dxwebsetup.exe
2016-10-23 15:42 - 2016-10-23 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-10-23 15:28 - 2016-10-23 15:28 - 00120187 _____ C:\Users\David Ridley\Downloads\WRobot.zip
2016-10-22 15:15 - 2016-10-22 15:15 - 00076152 _____ C:\WINDOWS\system32\PnkBstrA.exe
2016-10-22 15:05 - 2016-10-22 15:05 - 00000000 ____D C:\Users\David Ridley\AppData\Local\PunkBuster
2016-10-22 15:03 - 2016-10-22 15:06 - 00000000 ____D C:\Users\David Ridley\Documents\Battlefield 4
2016-10-22 00:59 - 2016-10-22 15:15 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-10-22 00:59 - 2016-10-22 15:05 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-10-22 00:59 - 2016-10-22 00:59 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-10-22 00:59 - 2016-10-22 00:59 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2016-10-22 00:40 - 2016-10-19 17:43 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-10-22 00:40 - 2016-10-18 16:27 - 01951680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437557.dll
2016-10-22 00:40 - 2016-10-18 16:27 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437557.dll
2016-10-22 00:40 - 2016-10-18 16:27 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-10-22 00:40 - 2016-10-18 16:27 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-10-21 17:22 - 2016-11-01 15:10 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A125248F-296C-4D29-BB40-D1DC2CCBDF86}
2016-10-21 15:37 - 2016-10-21 15:37 - 00123217 _____ C:\Users\David Ridley\Downloads\FOOTBALL TICKETS.pdf
2016-10-20 21:40 - 2016-10-01 16:11 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-10-20 21:39 - 2016-10-01 16:11 - 01935808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437306.dll
2016-10-20 21:39 - 2016-10-01 16:11 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437306.dll
2016-10-20 21:12 - 2016-10-25 15:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-10-20 21:12 - 2016-10-20 21:12 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00003966 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00003930 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00003904 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00003742 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00003700 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-20 21:12 - 2016-10-20 21:12 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-20 21:12 - 2016-09-29 23:22 - 01844280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 01445944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-10-20 20:22 - 2016-10-20 20:22 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Avira
2016-10-20 20:19 - 2016-10-21 11:39 - 01368548 _____ C:\WINDOWS\SysWOW64\winapp2_disk.csv
2016-10-20 20:19 - 2016-10-20 20:19 - 00000000 ____D C:\Users\David Ridley\AppData\Local\AviraSpeedup
2016-10-20 20:19 - 2016-10-20 20:19 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Avira
2016-10-20 20:18 - 2016-10-29 23:44 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-10-20 20:18 - 2016-10-20 20:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-10-20 20:18 - 2016-09-27 14:19 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-10-20 20:18 - 2016-09-27 14:19 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-10-20 20:18 - 2016-09-27 14:19 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-10-20 20:18 - 2016-09-27 14:19 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-10-20 20:16 - 2016-10-29 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-20 20:16 - 2016-10-21 11:42 - 00000000 ____D C:\ProgramData\Avira
2016-10-20 20:16 - 2016-10-21 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2016-10-20 20:16 - 2016-10-20 20:16 - 04480896 _____ (Avira Operations GmbH & Co. KG) C:\Users\David Ridley\Downloads\avira_en_fass0_58096bd1c09e3__ws.exe
2016-10-20 20:15 - 2016-10-20 20:15 - 01875208 _____ (Malwarebytes ) C:\Users\David Ridley\Downloads\mbae-setup-1.08.1.2572.exe
2016-10-20 20:06 - 2016-10-20 20:11 - 127726872 _____ (Microsoft Corporation) C:\Users\David Ridley\Downloads\mpam-fe.exe
2016-10-20 19:50 - 2015-11-18 02:11 - 00447225 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161020-195054.backup
2016-10-20 19:29 - 2016-10-20 19:29 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-20 18:57 - 2016-10-20 18:58 - 00000003 _____ C:\Users\David Ridley\AppData\Local\run1.txt
2016-10-20 18:56 - 2016-10-20 18:57 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Microleaves
2016-10-20 18:55 - 2016-10-20 19:01 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-10-12 00:03 - 2016-10-12 00:03 - 00743868 _____ C:\Users\David Ridley\Downloads\AskMrRobot-45.zip
2016-10-11 19:42 - 2016-10-05 05:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-11 19:42 - 2016-10-05 05:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-11 19:42 - 2016-10-05 05:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-11 19:42 - 2016-10-05 05:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-11 19:42 - 2016-10-05 05:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-11 19:42 - 2016-10-05 05:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-11 19:42 - 2016-10-05 05:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-11 19:42 - 2016-10-05 04:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-11 19:42 - 2016-10-05 04:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-11 19:42 - 2016-10-05 04:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-11 19:42 - 2016-10-05 04:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-11 19:42 - 2016-10-05 04:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-11 19:42 - 2016-10-05 04:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-11 19:42 - 2016-10-05 04:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-11 19:42 - 2016-10-05 04:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-11 19:42 - 2016-10-05 04:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-11 19:42 - 2016-10-05 04:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-11 19:42 - 2016-10-05 04:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-11 19:42 - 2016-10-05 04:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-11 19:42 - 2016-10-05 04:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-11 19:42 - 2016-10-05 04:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-11 19:42 - 2016-10-05 04:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-11 19:42 - 2016-10-05 04:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-11 19:42 - 2016-10-05 04:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-11 19:42 - 2016-10-05 04:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-11 19:42 - 2016-10-05 04:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-11 19:42 - 2016-10-05 04:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-11 19:42 - 2016-10-05 04:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-11 19:42 - 2016-10-05 04:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-11 19:42 - 2016-10-05 04:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-11 19:42 - 2016-10-05 04:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-11 19:42 - 2016-10-05 04:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-11 19:42 - 2016-10-05 04:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-11 19:42 - 2016-10-05 04:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-11 19:42 - 2016-10-05 04:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-11 19:42 - 2016-10-05 04:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-11 19:42 - 2016-10-05 04:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-11 19:42 - 2016-10-05 04:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-11 19:42 - 2016-10-05 04:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-11 19:42 - 2016-10-05 04:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-11 19:42 - 2016-10-05 04:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-11 19:42 - 2016-10-05 04:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-11 19:42 - 2016-10-05 04:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-11 19:42 - 2016-10-05 04:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-11 19:42 - 2016-10-05 04:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-11 19:42 - 2016-10-05 04:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-11 19:42 - 2016-10-05 04:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-11 19:42 - 2016-10-05 04:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-11 19:42 - 2016-10-05 04:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-11 19:42 - 2016-10-05 04:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-11 19:42 - 2016-10-05 04:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-11 19:42 - 2016-10-05 04:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-11 19:42 - 2016-10-05 04:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-11 19:42 - 2016-10-05 04:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-11 19:42 - 2016-10-05 04:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-11 19:42 - 2016-10-05 04:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-11 19:42 - 2016-10-05 04:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-11 19:42 - 2016-10-05 04:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-11 19:42 - 2016-10-05 04:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-11 19:42 - 2016-10-05 04:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-11 19:42 - 2016-10-05 04:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-11 19:42 - 2016-10-05 04:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-11 19:42 - 2016-10-05 04:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-11 19:42 - 2016-10-05 04:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-11 19:42 - 2016-10-05 04:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-11 19:42 - 2016-10-05 04:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-11 19:42 - 2016-10-05 04:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-11 19:42 - 2016-10-05 04:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-11 19:42 - 2016-10-05 04:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-11 19:42 - 2016-10-05 04:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-11 19:42 - 2016-10-05 04:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-11 19:42 - 2016-09-07 00:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-11 19:41 - 2016-10-05 05:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-11 19:41 - 2016-10-05 05:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-11 19:41 - 2016-10-05 05:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-11 19:41 - 2016-10-05 05:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-11 19:41 - 2016-10-05 05:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-11 19:41 - 2016-10-05 05:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-11 19:41 - 2016-10-05 05:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-11 19:41 - 2016-10-05 04:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-11 19:41 - 2016-10-05 04:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-11 19:41 - 2016-10-05 04:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-11 19:41 - 2016-10-05 04:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-11 19:41 - 2016-10-05 04:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-11 19:41 - 2016-10-05 04:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-11 19:41 - 2016-10-05 04:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-11 19:41 - 2016-10-05 04:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-11 19:41 - 2016-10-05 04:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-11 19:41 - 2016-10-05 04:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-11 19:41 - 2016-10-05 04:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-11 19:41 - 2016-10-05 04:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-11 19:41 - 2016-10-05 04:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-11 19:41 - 2016-10-05 04:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-11 19:41 - 2016-10-05 04:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-11 19:41 - 2016-10-05 04:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-11 19:41 - 2016-10-05 04:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-11 19:41 - 2016-10-05 04:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-11 19:41 - 2016-10-05 04:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-11 19:41 - 2016-10-05 04:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-11 19:41 - 2016-10-05 04:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-11 19:41 - 2016-10-05 04:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-11 19:41 - 2016-10-05 04:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-11 19:41 - 2016-10-05 04:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-11 19:41 - 2016-10-05 04:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-11 19:41 - 2016-10-05 04:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-11 19:41 - 2016-10-05 04:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-11 19:41 - 2016-10-05 04:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-11 19:41 - 2016-10-05 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-11 19:41 - 2016-10-05 04:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-11 19:41 - 2016-10-05 04:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-11 19:41 - 2016-10-05 04:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-11 19:41 - 2016-10-05 04:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-11 19:41 - 2016-10-05 04:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-11 19:41 - 2016-10-05 04:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-11 19:41 - 2016-10-05 04:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-11 19:41 - 2016-10-05 04:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-11 19:41 - 2016-10-05 04:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-11 19:41 - 2016-10-05 04:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-11 19:41 - 2016-10-05 04:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-11 19:41 - 2016-10-05 04:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-11 19:41 - 2016-10-05 04:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-11 19:41 - 2016-10-05 04:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-11 19:41 - 2016-10-05 04:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-11 19:41 - 2016-10-05 04:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-11 19:41 - 2016-10-05 04:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-11 19:41 - 2016-10-04 19:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-09 00:04 - 2016-10-09 00:04 - 00000000 ____D C:\Users\David Ridley\.QtWebEngineProcess
2016-10-09 00:04 - 2016-10-09 00:04 - 00000000 ____D C:\Users\David Ridley\.Origin
2016-10-07 17:51 - 2016-10-07 17:51 - 00000000 ____D C:\Users\David Ridley\Downloads\sakura-swim-club_Windows_1_1_0
2016-10-07 16:37 - 2016-10-07 16:37 - 00000000 ____D C:\Users\David Ridley\Desktop\ROCKET_-_NA
2016-10-02 13:50 - 2016-10-02 13:50 - 00012656 _____ C:\Users\David Ridley\Downloads\ELC4320HW6.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 23:35 - 2013-03-03 14:59 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Origin
2016-11-01 23:34 - 2014-05-14 17:36 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Battle.net
2016-11-01 22:43 - 2016-09-26 16:29 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Deployment
2016-11-01 21:55 - 2013-03-03 14:58 - 00000000 ____D C:\ProgramData\Origin
2016-11-01 21:54 - 2015-08-29 17:29 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Spotify
2016-11-01 20:20 - 2016-09-26 13:52 - 00000000 ____D C:\Users\David Ridley
2016-11-01 20:20 - 2015-08-29 17:28 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Spotify
2016-11-01 19:35 - 2016-09-26 13:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-01 18:41 - 2016-09-26 13:51 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-01 15:10 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-01 15:10 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-31 16:02 - 2016-09-26 13:52 - 01611358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-31 13:11 - 2016-09-26 13:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-31 13:11 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-10-31 13:11 - 2016-05-20 19:33 - 00190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_99E320F5.sys
2016-10-31 13:11 - 2015-11-22 01:40 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2016-10-30 20:16 - 2016-09-26 13:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-10-29 18:29 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-29 18:11 - 2013-03-03 08:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-29 18:11 - 2013-03-03 08:02 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-10-29 17:48 - 2014-03-10 23:00 - 00000000 ____D C:\Users\David Ridley\Documents\Respawn
2016-10-29 17:06 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-29 17:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-29 17:00 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-28 19:52 - 2013-11-09 04:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-28 19:26 - 2013-03-04 10:53 - 00000000 ____D C:\Users\David Ridley\AppData\Local\CrashDumps
2016-10-28 19:25 - 2016-09-26 13:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-28 19:25 - 2013-03-03 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-28 19:20 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-28 19:19 - 2016-09-26 13:51 - 04967016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-28 19:19 - 2016-01-30 22:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-28 11:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-28 11:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-28 11:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-28 11:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-28 11:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-28 11:15 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 10:12 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-27 21:38 - 2016-01-30 22:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-27 21:36 - 2016-09-26 13:51 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-10-27 21:36 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-27 21:05 - 2014-07-01 14:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-27 15:45 - 2013-03-03 14:59 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Origin
2016-10-26 20:06 - 2013-03-03 07:56 - 00000000 ____D C:\Users\David Ridley\AppData\Local\ElevatedDiagnostics
2016-10-25 16:40 - 2016-09-22 11:30 - 03927288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-10-25 16:40 - 2016-09-22 11:30 - 03468736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-10-25 16:40 - 2016-09-22 11:30 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-10-25 16:30 - 2015-02-08 01:41 - 00007599 _____ C:\Users\David Ridley\AppData\Local\resmon.resmoncfg
2016-10-25 15:25 - 2014-07-01 14:17 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-25 15:20 - 2013-03-05 12:14 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-25 15:17 - 2016-09-26 13:51 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-10-25 15:17 - 2016-09-26 13:51 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-10-25 09:55 - 2013-03-03 08:13 - 00000344 _____ C:\WINDOWS\lgfwup.ini
2016-10-25 09:55 - 2013-03-03 08:13 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2016-10-25 09:54 - 2016-07-16 06:49 - 00000000 ____D C:\WINDOWS\Setup
2016-10-24 18:30 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 18:30 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 16:06 - 2013-03-03 10:57 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 01:31 - 2016-09-26 13:51 - 07507695 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-10-22 21:19 - 2014-03-12 20:00 - 00000000 ____D C:\Users\David Ridley\AppData\Local\NVIDIA Corporation
2016-10-22 00:41 - 2016-09-26 13:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-22 00:41 - 2016-09-26 13:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-21 16:28 - 2013-03-03 11:27 - 00000000 ____D C:\Users\David Ridley\Documents\my games
2016-10-20 22:30 - 2015-12-07 00:29 - 00000000 ____D C:\Users\David Ridley\Downloads\PsychoPadLite_v1.1_install
2016-10-20 22:30 - 2015-05-20 23:42 - 00000000 ____D C:\Users\David Ridley\Downloads\ros-bot_1.052
2016-10-20 21:14 - 2013-08-17 23:49 - 00000000 ____D C:\Users\David Ridley\AppData\Local\NVIDIA
2016-10-20 20:19 - 2016-07-27 18:12 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\Mozilla
2016-10-20 19:52 - 2014-07-01 14:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-20 19:29 - 2014-07-01 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-20 19:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-10-20 19:06 - 2013-03-23 00:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-19 17:43 - 2016-08-27 00:30 - 01595456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-10-19 17:43 - 2016-08-27 00:30 - 00212936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-10-19 12:12 - 2013-03-03 12:25 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\vlc
2016-10-12 17:23 - 2015-11-22 02:50 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Comms
2016-10-11 23:02 - 2015-11-04 19:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-11 20:51 - 2013-07-11 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 20:51 - 2013-07-11 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 20:50 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-11 20:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-11 20:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-11 20:50 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-11 20:50 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-11 20:29 - 2015-03-11 17:11 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Windows Live
2016-10-11 20:03 - 2013-07-12 21:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-11 19:59 - 2013-07-11 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 19:33 - 2016-07-16 06:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-11 19:33 - 2016-07-16 06:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-08 18:09 - 2016-03-01 18:37 - 00000000 ____D C:\Users\David Ridley\AppData\Local\Arduino15
2016-10-07 14:49 - 2013-04-30 07:19 - 00000000 ____D C:\Users\David Ridley\AppData\Roaming\RenPy

==================== Files in the root of some directories =======

2015-09-13 11:30 - 2015-09-12 21:15 - 0012005 _____ () C:\Users\David Ridley\AppData\Roaming\alsoft.ini
2015-02-08 01:41 - 2016-10-25 16:30 - 0007599 _____ () C:\Users\David Ridley\AppData\Local\resmon.resmoncfg
2016-10-20 18:57 - 2016-10-20 18:58 - 0000003 _____ () C:\Users\David Ridley\AppData\Local\run1.txt
2008-02-05 01:28 - 2008-02-05 01:28 - 0000051 _____ () C:\Users\David Ridley\AppData\Local\setup.txt
2014-03-14 15:56 - 2014-03-14 15:56 - 0012586 _____ () C:\ProgramData\mptmqteo.hmi

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-28 19:31

==================== End of FRST.txt ============================

Addition.txt

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by David Ridley (01-11-2016 23:37:48)
Running from C:\Users\David Ridley\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-26 19:00:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-814913500-3249027553-3533128871-500 - Administrator - Disabled)
David Ridley (S-1-5-21-814913500-3249027553-3533128871-1000 - Administrator - Enabled) => C:\Users\David Ridley
DefaultAccount (S-1-5-21-814913500-3249027553-3533128871-503 - Limited - Disabled)
Guest (S-1-5-21-814913500-3249027553-3533128871-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-814913500-3249027553-3533128871-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Atmel ARM GNU Toolchain (HKLM-x32\...\{736745FA-6A66-4654-9397-1321B2B4D196}) (Version: 4.8.1443 - Atmel)
Atmel AVR (32 bit) GNU Toolchain (HKLM-x32\...\{C342B5D0-D95A-4B39-9262-2CC3CE3F39B2}) (Version: 3.4.1067 - Atmel)
Atmel AVR (8 bit) GNU Toolchain (HKLM-x32\...\{6E3D61B8-F3EC-462D-91F9-49D03A97053E}) (Version: 3.4.1061 - Atmel)
Atmel Driver Files (x32 Version: 7.0.928 - Atmel Corporation) Hidden
Atmel Jungo USB Driver (x32 Version: 7.0.120 - Atmel) Hidden
Atmel Kits (HKLM-x32\...\{3C85CFF3-91DE-4520-B836-5F4C2F247FF5}) (Version: 6.2.338 - Atmel)
Atmel LibUSB0 Driver (x32 Version: 7.0.73 - Atmel) Hidden
Atmel Segger USB Drivers (497f) (x32 Version: 7.0.140 - Atmel) Hidden
Atmel Studio 6.2 (HKLM-x32\...\{C179E170-07D6-4D8D-A34D-FDB3FCC79FEC}) (Version: 6.2.1563 - Atmel)
Atmel Studio Backend (HKLM-x32\...\{1B2C7C63-4659-49A1-8BC9-F845FE0F0D35}) (Version: 1.12.4144 - Atmel Corporation)
Atmel Studio Memory Logger (HKLM-x32\...\{053538A7-0B52-4CA9-9728-D506BFAA42BD}) (Version: 6.2.171 - Atmel)
Atmel USB Driver Package (HKLM-x32\...\{88a482c9-18e3-43d5-b426-3d1cdf85b391}) (Version: 7.0.666 - Atmel)
Atmel WinUSB (x32 Version: 6.2.30 - Atmel) Hidden
AtmelSoftwareFramework (HKLM-x32\...\{35BD89A1-47F3-4E42-B393-B8DB123F5215}) (Version: 3.21.0.1310 - Atmel)
Audiosurf (HKLM\...\Steam App 12900) (Version: - Dylan Fitterer)
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{ee247a19-722f-4096-884b-47ec3b7ec396}) (Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG) Hidden
AVR macro Assembler (HKLM-x32\...\{251D9F73-6297-4941-9016-EA787F708FDF}) (Version: 2.1.1175 - Atmel)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Remastered (HKLM\...\Steam App 409710) (Version: - 2K Boston)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
CircuitMaker (HKLM-x32\...\CircuitMaker {F11EE9F6-0902-4104-9945-2D18E716B90C}) (Version: 1.2.0.63861 - Altium Limited)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse Client (HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7316.52 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5522.55 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.)
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version: - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Dual Monitor Tools (HKLM-x32\...\{14DF3258-CA2F-4166-9713-EB7BB9D55307}) (Version: 2.3.0.0 - GNE)
Empyrion - Galactic Survival (HKLM\...\Steam App 383120) (Version: - Eleon Game Studios)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version: - )
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version: - Dennaton Games)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version: - Heart Machine)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 17.1.55.0 (HKLM\...\PROSetDX) (Version: 17.1.55.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6020 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6020 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4919 - CyberLink Corp.)
LG CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Blu-ray Disc Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LIGHTNING RETURNS: FINAL FANTASY XIII (HKLM-x32\...\Steam App 345350) (Version: - SQUARE ENIX)
LISA (HKLM-x32\...\Steam App 335670) (Version: - Dingaling)
Live2D Viewer (HKLM-x32\...\Live2DViewer) (Version: 2.1.0 - Live2D Inc.)
Live2D Viewer (x32 Version: 2.1.0 - Live2D Inc.) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Lumerical FDTD Solutions 8.15.758 for x64 (HKLM\...\{9EA711BD-16E6-4485-8452-4DA984DF41AB}) (Version: 8.15.758 - Lumerical Solutions)
Lumerical MPICH2 Framework (x64) (HKLM\...\{074987B2-5830-4CE4-99F0-E9794C9AB257}) (Version: 1.3.2 - Lumerical Solutions)
Mad Max (HKLM-x32\...\Steam App 234140) (Version: - Avalanche Studios)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft MPI (6.0.12436.10) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 6.0.12436.10 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Neverwinter (HKLM-x32\...\Neverwinter) (Version: - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF to JPG Converter 1.3 (HKLM-x32\...\PDF to JPG Converter) (Version: 1.3 - )
Photo Viewer (HKLM-x32\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer)
Plane9 v2.3.3.3 (HKLM-x32\...\Plane9) (Version: v2.3.3.3 - Joakim Dahl / Planestate Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.2.5 (HKLM-x32\...\qBittorrent) (Version: 3.2.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Shoppe Keep (HKLM-x32\...\Steam App 381120) (Version: - Arvydas Žemaitis)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version: - Yacht Club Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic Adventure DX (HKLM\...\Steam App 71250) (Version: - SEGA)
Sonic Adventure™ 2 (HKLM-x32\...\Steam App 213610) (Version: - SEGA)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spotify (HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Spotify) (Version: 1.0.41.375.g040056ca - Spotify AB)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.26 - Bioware/EA)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.6.35326 - Electronic Arts)
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{45FA75C8-9032-4E7B-9B02-71B9C04D4511}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeighaX 3.09 (HKLM-x32\...\{3D63579F-2398-418B-9227-A852FB201D2D}) (Version: 3.9.0 - Open Design Alliance)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version: - Black Pants Game Studio)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.2 - Electronic Arts, Inc.)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-814913500-3249027553-3533128871-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\David Ridley\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01040BA2-DB2C-4560-A94C-B97819FA5B2D} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2013-03-14] () <==== ATTENTION
Task: {01CC1897-F367-4F9E-B95D-1381CA8CFD85} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-29] (NVIDIA Corporation)
Task: {02654AE3-9AC0-44AA-BE73-34ABF550CB47} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CE3FE83-20D0-4922-922F-444BA4288FCD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {233342F8-FAF2-46ED-BA8F-0D8D40D3AD26} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B950F1E-8EEE-46EA-B321-8C8EA8501E8E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D9F39D7-4DF6-4733-A49B-45EB060CCE6B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {357D493B-E639-485F-825D-2C6CBC4B934E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37F6B9DA-09D8-4C7F-98AC-E0F1321CC95D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42705391-9A17-4BEA-AF0E-E4220955E13C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A1A37DF-2EE7-47FB-B313-25AFA6128B70} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {58343E34-5752-4725-8EF2-0DA162015056} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\David Ridley\Downloads\openhardwaremonitor-v0.7.1-beta\OpenHardwareMonitor\OpenHardwareMonitor.exe [2014-12-30] ()
Task: {5CFA4AD3-623D-4EE5-82F8-748F1C15C6CA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-29] (NVIDIA Corporation)
Task: {7199CA70-BDC7-45DD-A63E-38BEE3ABA615} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-29] (NVIDIA Corporation)
Task: {753704E3-E129-48C6-8BE7-AADE1B3C2C7C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {773C75D9-148C-4439-832E-928BC8EF2050} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-29] (NVIDIA Corporation)
Task: {7AE3EFAA-F767-4687-8F09-F97009A35BA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8077A9B4-D78A-46C6-B122-949384F209B3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-29] (NVIDIA Corporation)
Task: {8365E42F-EB3D-485E-8669-76C11A0E1276} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {975432D1-B15C-4B3B-9D07-CBBF5DEB831A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0216769-37BF-40DB-B68E-89F83DF3817D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A3AA2229-9D61-439B-A39A-08D59962C937} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8A3C978-0D53-4762-A4F3-B2E95082B0E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B8658559-64D1-41C4-8787-E9E2118AB90A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BAB5472E-5D89-45D8-9729-A97B6FCF8355} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {BD9DF62D-B1A5-47A0-B1EB-AC6BC20D0F64} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-29] (NVIDIA Corporation)
Task: {C50E489B-4069-4C16-A66F-4AC661EAF989} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CF7A78BF-CA9A-4E73-8DAF-7B292D96CBE4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB5E2DAE-6B59-43FD-A650-C36DF0AED1AB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4DAF8A1-9518-4930-A2EE-1EA07B0FC48A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAA5F5A4-E5EC-46C6-8F4E-30ED94AF9C87} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FAFA3109-C635-4FD1-B7D2-D33D01B35D67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com/

ShortcutWithArgument: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Floating for YouTube™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jjphmlaoffndcnecccgemfdaaoighkel
ShortcutWithArgument: C:\Users\David Ridley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9adfcdbc623017ee\Popout for YouTube™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pofekaindcmmojfnfgbpklepkjfilcep

==================== Loaded Modules (Whitelisted) ==============

2016-10-29 17:27 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2016-10-29 17:28 - 2010-10-21 17:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2016-10-22 15:15 - 2016-10-22 15:15 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2013-03-03 08:09 - 2009-07-02 09:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-10-20 21:12 - 2016-09-29 23:22 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-20 21:12 - 2016-09-29 23:22 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2011-05-17 18:50 - 2011-05-17 18:50 - 01219072 _____ () C:\Program Files\Lumerical\MPICH2\smpd.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-26 13:51 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-29 20:58 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-26 16:29 - 2016-09-26 16:29 - 01864384 _____ () C:\Users\David Ridley\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 02:23 - 2010-10-20 02:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-17 17:42 - 2016-05-17 17:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-26 18:40 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 19:41 - 2016-10-05 04:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 21:48 - 2016-10-14 22:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-27 21:48 - 2016-10-14 22:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 21:48 - 2016-10-14 22:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-07-28 13:29 - 2014-07-28 13:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 13:32 - 2014-07-28 13:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 13:29 - 2014-07-28 13:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 13:31 - 2014-07-28 13:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-07-18 12:02 - 2016-07-18 12:02 - 00016384 _____ () C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2016-07-18 12:02 - 2016-07-18 12:02 - 00035840 _____ () C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2016-07-18 12:02 - 2016-07-18 12:02 - 00099840 _____ () C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
2016-10-20 18:28 - 2016-10-20 18:28 - 01484776 _____ () D:\Games\Battle.net\Battle.net.8098\Battle.net Helper.exe
2016-10-20 18:30 - 2016-10-20 18:30 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 18:30 - 2016-10-20 18:30 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 18:30 - 2016-10-20 18:30 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-05 20:47 - 2016-10-05 20:48 - 04152000 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-10-09 00:03 - 2016-10-27 15:50 - 00022024 _____ () D:\Programs\Origin\QtWebEngineProcess.exe
2016-10-29 17:27 - 2016-10-31 13:11 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2016-10-29 17:27 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2016-10-09 00:03 - 2016-10-27 15:50 - 02493440 _____ () D:\Programs\Origin\libGLESv2.dll
2013-03-03 10:17 - 2012-02-07 04:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-04-02 20:36 - 2016-09-29 23:22 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-20 21:12 - 2016-09-29 12:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-20 21:12 - 2016-09-29 12:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-20 21:12 - 2016-09-29 12:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-20 21:12 - 2016-09-29 12:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-20 21:12 - 2016-09-29 12:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-20 21:12 - 2016-09-29 12:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-20 21:12 - 2016-09-29 12:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2013-03-12 04:10 - 2016-09-07 22:14 - 00784672 _____ () D:\Steam\SDL2.dll
2015-02-06 21:53 - 2016-08-31 20:02 - 04969248 _____ () D:\Steam\v8.dll
2014-05-22 00:22 - 2016-10-12 20:58 - 02321696 _____ () D:\Steam\video.dll
2014-08-29 19:45 - 2016-01-27 02:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2014-08-29 19:45 - 2016-01-27 02:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
2014-08-29 19:45 - 2016-01-27 02:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
2014-08-29 19:45 - 2016-01-27 02:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
2014-08-29 19:45 - 2016-01-27 02:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
2015-02-06 21:53 - 2016-08-31 20:02 - 01563936 _____ () D:\Steam\icui18n.dll
2015-02-06 21:53 - 2016-08-31 20:02 - 01195296 _____ () D:\Steam\icuuc.dll
2013-02-24 18:39 - 2016-10-12 20:58 - 00836896 _____ () D:\Steam\bin\chromehtml.DLL
2016-03-08 20:56 - 2016-07-04 17:17 - 00266560 _____ () D:\Steam\openvr_api.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 37247976 _____ () D:\Games\Battle.net\Battle.net.8098\libcef.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 00540336 _____ () D:\Games\Battle.net\Battle.net.8098\ortp.dll
2016-10-20 18:28 - 2016-10-20 18:28 - 06402560 _____ () D:\Games\Battle.net\Battle.net.8098\battle.net.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 00133632 _____ () D:\Games\Battle.net\Battle.net.8098\libEGL.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 03384832 _____ () D:\Games\Battle.net\Battle.net.8098\libGLESv2.dll
2009-12-15 00:46 - 2009-12-15 00:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 00:49 - 2009-12-15 00:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 03384832 _____ () D:\Games\Battle.net\Battle.net.8098\libglesv2.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 00133632 _____ () D:\Games\Battle.net\Battle.net.8098\libegl.dll
2016-10-14 13:39 - 2016-08-04 15:56 - 49825056 _____ () D:\Steam\bin\cef\cef.winxp\libcef.dll
2016-10-20 18:29 - 2016-10-20 18:29 - 00990696 _____ () D:\Games\Battle.net\Battle.net.8098\ffmpegsumo.dll
2016-08-26 21:59 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-26 21:59 - 2016-08-26 21:59 - 01050296 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-26 21:59 - 2016-08-26 21:59 - 03793080 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-26 21:59 - 2016-08-26 21:59 - 00894136 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-26 21:59 - 2016-08-26 21:59 - 01119416 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-26 21:59 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-26 21:59 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\David Ridley\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-11-01 20:21 - 2016-11-01 20:21 - 00170496 _____ () \\?\C:\Users\David Ridley\AppData\Local\Temp\CF34.tmp.node
2016-08-26 21:59 - 2016-10-14 19:42 - 02658304 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-10-07 22:36 - 2016-10-14 19:42 - 02147328 _____ () \\?\C:\Users\David Ridley\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-10-09 00:03 - 2016-10-27 15:50 - 00012288 _____ () D:\Programs\Origin\libEGL.DLL
2014-03-07 19:21 - 2016-10-09 00:01 - 00266240 _____ () D:\Programs\Origin\imageformats\qmng.dll
2016-10-24 16:06 - 2016-10-20 03:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-24 16:06 - 2016-10-20 03:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE trusted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\123simsen.com -> www.123simsen.com

There are 7915 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-10-20 19:50 - 00453382 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15556 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-814913500-3249027553-3533128871-1000\Control Panel\Desktop\\Wallpaper -> c:\users\david ridley\appdata\roaming\microsoft\windows live photo gallery\photo gallery wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5767534C-B098-42AD-9C07-CC3B84FFC078}] => (Allow) D:\Steam\SteamApps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{E56E365E-6EE5-456E-82D5-191451B69A67}] => (Allow) D:\Steam\SteamApps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{58A6F48D-EEB4-42A6-AD62-C578258CD37C}] => (Allow) D:\Steam\SteamApps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{1FC0AA5A-4BC6-4139-A5EA-62B94FC5B2EF}] => (Allow) D:\Steam\SteamApps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{70B97BA9-EA18-427B-80A5-94CAB2FEC1AE}] => (Allow) D:\Steam\SteamApps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{1F2D1A22-30FA-48F4-BE52-61D48D5EA251}] => (Allow) D:\Steam\SteamApps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{D5926742-0A8D-49FA-B373-6A6E7D12C46E}] => (Allow) D:\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{BE8BB9FB-2F36-45CE-A93A-2F0C47807378}] => (Allow) D:\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{5C7296A1-89A5-474A-8F04-7FCDD66EA1BA}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{55768730-5CA7-4B11-ADBA-AA89D8435F94}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{D76F0A25-DB0C-449C-9102-7BFD21741751}] => (Allow) D:\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{385791B7-1862-4D37-80DB-EAACC2451502}] => (Allow) D:\Steam\SteamApps\common\Mount and Blade\runme.exe
FirewallRules: [{758C96B6-F14C-4D65-B7E0-7CF0CAE183A6}] => (Allow) D:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{300DC751-E4E1-40D9-BDC5-9095D0447B7C}] => (Allow) D:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{639A6C81-FACA-4A71-B8EC-76E0EB6AE69A}] => (Allow) D:\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{D7B92F00-CA0E-44A2-9165-AE075E34506C}] => (Allow) D:\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{13ACC93C-ED75-43BF-B3EE-3DF4A28DE6D7}] => (Allow) D:\Steam\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{6CA66AEB-18B0-4ADD-A5B8-0238CBAB7022}] => (Allow) D:\Steam\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [UDP Query User{01F60210-8093-4CC2-A01D-3B7F4C12F33B}D:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) D:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{4BC6AD13-20E4-452E-8BA3-87678FEE73BE}D:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) D:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{2306DCBD-ED52-4447-99B1-897011CC381D}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{3E55D698-7F8F-427E-9627-92FEA63309CA}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{432F60DC-B3EF-44D3-BFCC-0D4ED9508364}] => (Allow) D:\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{BB23846B-4242-47A0-9952-146D1EE86682}] => (Allow) D:\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [UDP Query User{628EA1F9-7609-4135-8D07-07E1CA55D60B}D:\programs\circuit maker\dxp.exe] => (Allow) D:\programs\circuit maker\dxp.exe
FirewallRules: [TCP Query User{6031C450-D103-44C9-B8BE-B6A19A61F195}D:\programs\circuit maker\dxp.exe] => (Allow) D:\programs\circuit maker\dxp.exe
FirewallRules: [{F2767F58-A1FE-4CEE-B7B5-617C9780A382}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{137772DE-4710-4C83-8A4E-DEE026D81D49}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{855CA6FC-A0B1-409F-9123-79329ACC0415}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D2E1D07E-BFC0-4EC7-9044-0E264BF1D0CE}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{027F8995-91C1-4932-936F-C2E28289CF4D}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{DFE1B1F2-7B25-49C2-BC97-3B57EDA182CF}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [UDP Query User{781D07E8-A05A-4626-84FC-61EFD6992C4C}D:\games\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A4B8DB5B-5C80-4FF1-BAE8-5B4EBD63CC80}D:\games\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{0FF8CA9B-3B50-47B9-8F21-698007A95067}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{EFD50CF4-DCF4-46C9-A264-4BCD79880B2A}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [UDP Query User{6AC4EF48-4A01-493A-B2CE-8AF5958DAA80}D:\games\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{724C873C-54EC-4CC0-9E5A-FCB308B523E8}D:\games\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E86AB0B8-E8D9-4524-8396-6ECA6C41D9D9}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{BEFD335B-2B49-4173-980E-D6B795EB0E63}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{80287C3E-36C0-4198-B0BA-1FABA63CBD94}] => (Allow) D:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{C95F589B-BFB8-4175-B280-5513E790FD2C}] => (Allow) D:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{0856D2FD-19F6-457C-BDBD-4EA6482A1A8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{D57ABC48-3FE5-48A9-9BFC-688C855FDE78}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{669B335A-9E1F-49C3-9400-1B6D7673F962}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{2FD34EBA-184A-46D1-A2AC-10AC3C3E95C1}] => (Allow) D:\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{8D79EA7F-AD23-41F7-8BA7-61B6B4AA859D}] => (Allow) D:\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [UDP Query User{DE4F68F1-CC32-416B-B4AE-3130D7DBA123}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{EFE3622C-49BB-4778-A744-AE5353508300}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{F24444C8-E8FD-4C73-A9E2-DE389CDED86E}] => (Allow) D:\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{19F1629C-7487-4233-BC4A-97A5F91D8A7E}] => (Allow) D:\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [UDP Query User{F7E3C040-CBAB-44B8-BCD1-ECCA61232B02}D:\programs\arduino\java\bin\javaw.exe] => (Allow) D:\programs\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{42703544-55B5-4361-B3E9-7EAE82CDD9A8}D:\programs\arduino\java\bin\javaw.exe] => (Allow) D:\programs\arduino\java\bin\javaw.exe
FirewallRules: [{FB04A4B7-5DDD-45A6-AFE1-2ABDD238D9FF}] => (Allow) D:\Games\Origin\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{8435C0B7-F7E3-4210-B74D-689B9DE680B9}] => (Allow) D:\Games\Origin\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{1AA470C2-A70F-4920-A6E8-12C4E556E8C9}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{549C0ADF-FCD4-4B80-A140-82CF5B627E7D}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{E569A1C6-7F79-43BB-858B-7400074DC9E9}] => (Allow) D:\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{E74336C7-3A6C-4FFC-B876-39867BE64B9B}] => (Allow) D:\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{68FEBF06-6737-49DF-B91E-536F61BF61AF}] => (Allow) D:\Programs\Lumerical\bin\fdtd-engine-msmpi.exe
FirewallRules: [{B702E293-820E-4CBF-B714-47BFF22F0793}] => (Allow) D:\Programs\Lumerical\mpitest\cpi-msmpi.exe
FirewallRules: [{BB4B5A32-0D65-4143-A04E-02E19A9BFAC2}] => (Allow) D:\Programs\Lumerical\mpitest\cpi-impi.exe
FirewallRules: [{F4867CF4-1A63-4F51-AC4F-03A360A3F7A3}] => (Allow) D:\Programs\Lumerical\bin\fdtd-engine-impi.exe
FirewallRules: [{D1CFEB8D-C690-4F64-BA35-BDFFB13EACFE}] => (Allow) D:\Programs\Lumerical\bin\fdtd-engine.exe
FirewallRules: [{92F962F7-9D84-4124-AE43-D126991BAE6D}] => (Allow) D:\Programs\Lumerical\mpitest\cpi-mpich2.exe
FirewallRules: [{C9ECBA84-9832-430B-BB98-E12579329117}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{9EBE7096-C029-4692-9E26-8B1F29F2CA6E}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{4233503B-CA07-441A-A65C-195FBB8B3B30}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{1C06F777-8180-4CEF-8E93-0B38B1331583}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{1397A299-7863-458E-AF7F-DDF85A249DA8}] => (Allow) C:\Program Files\Lumerical\MPICH2\mpiexec.exe
FirewallRules: [{A0CBB246-75EB-4C43-ADAB-9DAA637382D0}] => (Allow) C:\Program Files\Lumerical\MPICH2\mpiexec.exe
FirewallRules: [{A4E207CC-D8DF-4D72-846C-A78CBEB07E9D}] => (Allow) C:\Program Files\Lumerical\MPICH2\smpd.exe
FirewallRules: [{7B8B943A-B12B-465F-91BB-9E832D8D959B}] => (Allow) C:\Program Files\Lumerical\MPICH2\smpd.exe
FirewallRules: [UDP Query User{F3B53D4C-CB51-4E54-A90B-5DD248F8B903}D:\programs\matlab\bin\win64\matlab.exe] => (Allow) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{F82E3FF7-7F26-4F95-AD8A-CC8B60DB2AD4}D:\programs\matlab\bin\win64\matlab.exe] => (Allow) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{4364284B-2BCE-4AAD-92D3-004D07AA93F0}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{E378BDE8-D1E0-432D-81BB-D2488DF0B089}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{96436BAF-0011-4BB8-8CB6-5C10EAEB15A1}D:\games\eldewrito_0.5.0.2_release\eldorado.exe] => (Allow) D:\games\eldewrito_0.5.0.2_release\eldorado.exe
FirewallRules: [TCP Query User{ED38CF54-A092-4CED-BA48-DBA54FAD8F5C}D:\games\eldewrito_0.5.0.2_release\eldorado.exe] => (Allow) D:\games\eldewrito_0.5.0.2_release\eldorado.exe
FirewallRules: [{109A5B2A-332F-4DE9-A8A5-77A6ACD67AFE}] => (Block) %ProgramFiles%\SOLIDWORKS Corp\SOLIDWORKS\SLDWORKS.exe
FirewallRules: [{E3A99540-00D0-441F-9074-AC9FFC72DEAF}] => (Block) %ProgramFiles%\SOLIDWORKS Corp\SOLIDWORKS\SLDWORKS.exe
FirewallRules: [{3F098ADB-A7E6-44EA-A945-10847D9DA79E}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{75B113EC-C3C7-491D-8013-B830135E66C9}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [UDP Query User{25052439-530D-4457-8A0C-73D3F16529F1}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{D70602D0-2081-4450-8F0A-1C053B52CAAB}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{5EC38BE2-A259-4686-BA1E-C4F1D3AD158F}] => (Allow) D:\Games\Origin\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{B3EA7AD6-F5A6-4B6B-B9AD-62FDBEE19D9B}] => (Allow) D:\Games\Origin\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{CC4A1326-771A-41DD-B696-15B1B8CB0E84}] => (Allow) C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{2D032A0D-3DE7-4270-A8C1-16CE5DFCFDCE}] => (Allow) C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [UDP Query User{13FB85AE-AE11-471E-9C8D-5AD030475567}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [TCP Query User{AA79148C-DDA0-4AC9-876B-A4EB74F57BA5}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [UDP Query User{96347D57-7C24-4D50-8187-1D31EB381204}D:\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{E9636FA2-B433-4910-B99C-AD9C3E54EAEE}D:\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{6B5587F3-F044-48DD-A2A6-FDB1B3561F93}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{6EEE4967-BA30-42FC-A46A-D3A90B7517A9}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [UDP Query User{DB2B2325-6386-4BA3-9ACA-9745CC03082A}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{BFF9D15D-C58E-48C9-B975-D7C9EBDA0B9B}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C57AB329-B6A4-4E86-A5CC-2A5824407C28}D:\programs\atmel\atmelstudio.exe] => (Allow) D:\programs\atmel\atmelstudio.exe
FirewallRules: [TCP Query User{3C3D5D96-34B0-4A31-A79E-17BA355625F3}D:\programs\atmel\atmelstudio.exe] => (Allow) D:\programs\atmel\atmelstudio.exe
FirewallRules: [{69F104FB-204C-4241-A1E7-18E1FF95AB92}] => (Allow) D:\Steam\SteamApps\common\Shoppe Keep\Shoppe Keep.exe
FirewallRules: [{6AB7E1D2-55BB-47DD-8DC5-A1B16758AE3D}] => (Allow) D:\Steam\SteamApps\common\Shoppe Keep\Shoppe Keep.exe
FirewallRules: [UDP Query User{E2374B5E-4CC9-45AE-922F-77EDA4689BE7}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{3B4C9359-4F55-458C-B49D-92D1FFAF4CB7}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{7ADC314D-405D-4AA1-8229-3A6A8A8783E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CBEC8F44-1DE2-46DA-90D2-6EBA12BD7CCC}] => (Allow) D:\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{00237D49-C995-4404-B3B1-CF782FA5AAC2}] => (Allow) D:\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{4459E5AF-704B-4721-A7AB-8AA47785695E}] => (Allow) D:\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{BAA116B0-ECD6-4044-A522-D00F43C10B4C}] => (Allow) D:\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [UDP Query User{798584B4-5054-447A-86EE-6A129C3297EF}C:\users\spotify.exe] => (Allow) C:\users\spotify.exe
FirewallRules: [TCP Query User{9D0C55CE-D1AE-4533-AA60-3004A62349E6}C:\users\spotify.exe] => (Allow) C:\users\spotify.exe
FirewallRules: [{91FD3956-A23B-433D-B74C-78C671B00D8C}] => (Allow) C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{411EE4F9-98F1-4F35-9765-7E6F22BC9089}] => (Allow) C:\Users\David Ridley\AppData\Local\Apps\2.0\EWQCZ0PQ.2CV\C7X1MP55.0N3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{77AF8326-76B9-424B-BABA-78475F2D64EB}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{CDEDEE90-E253-435A-801B-BF4B1A1F172C}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6C92CF5C-E8C3-4F13-803D-871195098690}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FEF9AE51-FB3F-449B-BF4D-EF8F247908AA}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A36BD904-E66D-4BB2-84F5-A78ADEC07D0B}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4A981C48-FF23-431B-AC90-78F2B22DA3C9}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{11172C26-38DF-49ED-A075-4C89CB5933B8}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{FD643EB0-324F-46CC-BB49-7C79B37D03E1}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F526D4D7-5B96-46F2-B072-0EBD5AE370B8}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D1CE5609-01B7-4100-A75A-76928F3FF69D}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EC8DBB0E-BFC0-49D6-B66B-9892305B6A52}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B7EC6466-3632-4D60-B112-3E9E272B080A}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9E947564-0288-4383-A342-919CB256E252}] => (Allow) D:\Games\Origin\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{052C72A3-A49F-4259-9637-4F196A7FC64D}] => (Allow) D:\Games\Origin\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{B01EA97B-66A1-4CDF-AF68-BBDF5DF9A1B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E714570D-A81C-4279-8E70-A40531E81B3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94955377-8DA7-49B6-A31F-E69596A24DB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8B92BA9E-C2AA-4EF5-A3BD-C9AF9290A153}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2E47C45E-A57E-454D-BD2E-211F92E31B9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7C943A7E-9231-43DF-92A5-1D07F4A855A0}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{59A95208-4EE8-45E0-ADBD-7C7410240DD9}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{62AB8190-922D-4C93-AEEA-D3B9F7238489}] => (Allow) D:\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{23AB3638-0AD2-425E-A18A-E3C820A5B12A}] => (Allow) D:\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{2F3327F1-0A02-494F-93E4-89B68BD13857}] => (Allow) D:\Games\Origin\Titanfall\Titanfall.exe
FirewallRules: [{889CA846-59CD-4BCF-8ACE-F940BDD0368C}] => (Allow) D:\Games\Origin\Titanfall\Titanfall.exe
FirewallRules: [{5B332367-B81D-4010-B03E-8FD3CF85F796}] => (Allow) D:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{072EF99B-FA95-4966-A9C9-258BEF9F992D}] => (Allow) D:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{4C498F90-F97E-4E2F-BAD1-433A8F7B9F62}] => (Allow) D:\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{A533C24F-A2E8-40E9-A3D1-DD29D5227BC4}] => (Allow) D:\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [UDP Query User{33F5954E-BE3F-4851-844A-B81486AE9241}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{9DA19359-6EA9-424D-9CBB-4FAA88B3E2E9}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{38821B39-AF97-4F1D-8873-2206F66DAEF6}] => (Allow) D:\Games\Mr DJ\Dragon Ball Xenoverse\DBXV.exe
FirewallRules: [{5B6A8E7C-FEEF-42DD-A844-36BA91674E18}] => (Allow) D:\Games\Mr DJ\Dragon Ball Xenoverse\DBXV.exe
FirewallRules: [UDP Query User{66C4CC54-6813-4459-B403-DFB7E743B8A8}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{AA3A14BC-194E-4433-9B94-1CD37916E8D7}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E61A7CA9-44B1-4B54-9724-190BA538B3B4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5798D7F1-55AE-434E-9507-1F66E50826FD}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{E2D43674-AB6E-4EAB-A7E2-9BD0351F2E2C}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{6F6CDC9D-0190-4809-B6AC-438A12366027}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [{340AA36F-9323-48F1-883D-C67A82F7AF39}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{DB0B7956-DC80-4031-983E-8653C744CCBC}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{960D7F1A-51D8-4267-A0A9-0698239B61B2}] => (Allow) D:\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5B511C15-313C-45E7-B1BC-B2F6E4A5B251}] => (Allow) D:\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [UDP Query User{712FCFE9-704C-4E0C-830D-E8D1F06E0C31}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4F5029A8-F68B-47D0-B189-94949DE5CCC4}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{D551CDAD-B143-4BB4-B02F-9EB677BD12D3}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{4ABFA29E-8598-48FC-BFAC-8EBB152B042F}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A89F08BD-4050-4681-BB46-0A8193A5AA9B}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{5227E24F-5F9B-48ED-91A6-13D6E71FEC89}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{48D215F6-DD5C-4B8A-AE8D-ECEA57D744EA}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{81722D55-2AD7-41CD-A2C4-DB1DDE27950D}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [UDP Query User{2364CC2C-21EB-42E7-94B0-AA4295AB11D1}C:\users\david ridley\downloads\combatdemodownloader\combat_tutorial_demo\elitedangerous32.exe] => (Allow) C:\users\david ridley\downloads\combatdemodownloader\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [TCP Query User{D1249712-8207-447E-AE54-D7ABCFF5598D}C:\users\david ridley\downloads\combatdemodownloader\combat_tutorial_demo\elitedangerous32.exe] => (Allow) C:\users\david ridley\downloads\combatdemodownloader\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [{549CE815-2E5B-4E19-8F69-33100A7CD63D}] => (Allow) LPort=1900
FirewallRules: [{099C6C07-3739-4841-86ED-40991B215872}] => (Allow) LPort=2869
FirewallRules: [{69880B47-99D7-4B7D-8199-67F2FF3930CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{602A07F6-C96B-4864-BE78-3451B1BA2E96}] => (Allow) D:\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{F62055ED-2D95-4113-BB11-5D7F1F883D12}] => (Allow) D:\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{1B11D84A-4874-413A-AA4C-68331B224054}] => (Allow) D:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{715DF044-5359-4A04-92C8-AF8BFFEDE0D3}] => (Allow) D:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{3F131385-D812-4452-942E-B61C5E9216D5}] => (Allow) D:\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{57A40419-309B-4345-8A73-EAB23E3D3AA7}] => (Allow) D:\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{ACD31E11-71FC-4116-A26D-8032F7C1913E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C4FEED5A-DFA1-4195-86EB-CCF192703EF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [UDP Query User{16884BD2-B32C-49E4-A991-311A6071A241}D:\steam\steamapps\common\dayz\dayz.exe] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{9A9F028A-CA08-438F-BF8F-7ACCCFFC6429}D:\steam\steamapps\common\dayz\dayz.exe] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{374A7F63-5541-4741-A2C0-0152A67279ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4800862D-E410-4B8F-AF32-517C5A8D8C2D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{680262E3-6DF7-4B1A-AB1D-3CAE270C15C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2AD71DCE-0F4A-46C7-B1F5-D59E10F2337C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C883F47D-DADF-4E86-A010-D5EE34EA6FE3}] => (Allow) D:\Steam\SteamApps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{9D5AEFB1-A353-427A-A72F-1FEB2DBAD0D3}] => (Allow) D:\Steam\SteamApps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{819C2016-4F0E-43AA-AF22-6575AAB2AA83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{955C0A8C-F3DF-41E5-B3C2-C717B04187A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D3AC6E20-C77C-4146-85F5-10D9CDE3CD62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5530C483-D598-4D55-8F73-CDA7BF9F7077}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4BAFB35B-1B2D-4DAC-99BB-0D670783661F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{A82BF680-735D-41F9-8264-53A4CA2F2CCD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CDBC4AC8-6E37-4D03-BE89-327028B08BDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{8F0BADFC-3BD8-4B60-8CC6-BFD2EEE7651F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{84275090-33F0-473A-AF07-505DFD490C42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{62B89617-5FB7-4CD4-8E8C-77A8E24C17CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{9D38EDE5-FF97-410C-80CC-E6A7DF5CA65A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B4E8BF38-70CC-4E94-8E4A-35B4B2304FDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{46BCC6FF-5FBD-4EB9-8F09-CF298EEFA75B}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{AE896556-AC3B-405C-AF5B-5D7B7E418ABB}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [UDP Query User{9C46706A-0BBD-4345-ABD3-7A4B75D8D161}D:\games\divinity original sin\shipping\eocapp.exe] => (Block) D:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [TCP Query User{02FE690F-9D86-4124-A465-431595FBCC3F}D:\games\divinity original sin\shipping\eocapp.exe] => (Block) D:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [{5E7126E6-9FC7-4766-8F4F-FEA4AD854ACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C0168A00-CECB-47B5-B5B2-7E7A992C813B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{E71BDEF8-E30C-4EA1-AB96-643AAA4D1936}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{AB0CE9B4-F2AA-49EC-B633-138A4B8D9256}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4C8E203-87B2-494F-95FC-0208E304ABC3}] => (Allow) D:\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{D10E434B-8A24-4A5F-A699-CC53135C4533}] => (Allow) D:\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{097D53F4-6E33-4EA9-990F-87B8AAAE3208}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{0A409911-2C37-4FCF-8144-DB6655CD11DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{55524273-7AD9-4626-8637-CAA0990745A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{9D0F2D35-56DA-47DF-9EE8-B5329A337804}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C6C6AD0B-80B6-47C4-8BF1-A0060569CC9F}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{AD24D92D-D3B7-4E34-99D5-DF815D0C8791}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{22F41B67-8A06-469F-BE07-65E473FC96EB}D:\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) D:\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{32459B65-8ED6-4D1A-8ED1-CE3CB3027011}D:\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) D:\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{7418715A-AFC3-4B93-B6E5-BC0DC117E340}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{321DE5C7-5AE3-4D74-BC92-BCF31EC02A43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{88396918-F0E7-4CAD-B0FC-85FB5E5F1F5C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8CBE5C0B-C619-43F7-8C09-00CEA9519799}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D08D9360-1266-41DE-A0F6-B2C65650383D}] => (Allow) D:\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{08EBD847-AB28-4490-8838-263169AAA8B7}] => (Allow) D:\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [UDP Query User{CA36C8CD-8B27-4092-9238-152109FB7B65}D:\steam\steamapps\common\half-life\hltv.exe] => (Block) D:\steam\steamapps\common\half-life\hltv.exe
FirewallRules: [TCP Query User{173995F1-1CBC-416E-895F-DDAB3300D377}D:\steam\steamapps\common\half-life\hltv.exe] => (Block) D:\steam\steamapps\common\half-life\hltv.exe
FirewallRules: [{4CBFD3B4-8B18-4AF3-BC64-774DD6D6DD1D}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7A99B206-D3C8-4568-AF72-806A7E3F9EEC}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{AD0EF6FA-67C4-47CC-AF62-CA02FB27D5C9}] => (Allow) D:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{39B43199-B040-463F-8D1A-7E2A8AC02F45}] => (Allow) D:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1F411DAC-F740-46A6-9B95-47B49FC404DF}] => (Allow) D:\Steam\SteamApps\common\Shattered_Horizon\client_exe\shattered_horizon.exe
FirewallRules: [{1A2F7EEA-ACEE-45EF-9480-1ECA78C74D12}] => (Allow) D:\Steam\SteamApps\common\Shattered_Horizon\client_exe\shattered_horizon.exe
FirewallRules: [{5C0545EE-ECD5-4586-8CC0-05F2C99D9EE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{9FC94BF2-9981-4E7D-8D52-A9FF84188180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{70F1D10C-D11C-4125-BEA2-8D8EEC5CD408}] => (Allow) D:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{2F00D1A1-632A-426A-8501-C2DAEE97704E}] => (Allow) D:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{299DD3B2-F6C4-40E3-AEA2-1DCE34474003}] => (Allow) D:\Steam\SteamApps\common\TinyAndBig\bin64\tinyandbig.exe
FirewallRules: [{29EA8461-055E-47B8-9605-57688FC63F0F}] => (Allow) D:\Steam\SteamApps\common\TinyAndBig\bin64\tinyandbig.exe
FirewallRules: [{EA52F0C9-CD19-4079-B521-A46D594A0284}] => (Allow) D:\Games\Heroes of the Storm\Support\HeroesSwitcher.exe
FirewallRules: [{AF8A0D60-15C2-4F9C-98EA-896BD028A98B}] => (Allow) D:\Games\Heroes of the Storm\Support\HeroesSwitcher.exe
FirewallRules: [{CAF468E5-C0CB-4525-893E-C8AC0DE72645}] => (Allow) D:\Games\Diablo III\Diablo III.exe
FirewallRules: [{26F2E149-AB99-484C-AA38-C7F2038F59B2}] => (Allow) D:\Games\Diablo III\Diablo III.exe
FirewallRules: [{A5B00127-2F90-4FA2-A760-CB1F6FE7EF9D}] => (Allow) D:\Games\Diablo 3\Battle.net\Battle.net.exe
FirewallRules: [{452CB4E2-49FF-4D7B-A536-5E7DE8C0E7D0}] => (Allow) D:\Games\Diablo 3\Battle.net\Battle.net.exe
FirewallRules: [{B2449B00-181B-440E-837C-06AD7230F7BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{60EC9E90-46B4-41D5-B79C-84021A237F95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E171FD02-454D-48FE-81A7-5B3E1ED6CF48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{484008A1-CB7C-4616-88D9-58E6B6AE954D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{38E35FC2-65B0-420E-AB24-A6E8D1D63C77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{7CA90B1B-4046-4720-807A-125526669A6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{38A87872-D5F2-4523-9CA8-827967F805F1}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DC070114-651E-4E6D-83EB-8BBC7EB8A979}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{FE72DF91-0DFE-4814-860D-CC7EE4E3653A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F19B377E-788A-4853-BE99-6365DDD4EA19}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7A13A64F-CDF8-4B98-A6DF-A6F7AFF55EDF}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{557C9FB6-BFF3-4BFD-90AE-79E53816B6D4}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{268D78B2-8B1C-4CD1-B6E2-E93BFC21223D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5F74D57D-DC75-4BAE-96E2-F32AD2AA28D4}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C938BE83-3CE8-4862-85F8-B31E4D2854F1}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{50C930EA-42E3-44AE-8418-B5DDE845F341}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{147FF765-DC98-42B9-8F26-65479FABD63B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{24C02F0F-4A56-4344-BC85-23E4FD45967C}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B57045F6-BC48-43EC-A7AC-8B1CFAEC3464}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{69F77D76-1F51-4015-B605-8D642DB90501}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{046D273B-6712-4000-8F31-830EEE9F7A7E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1D9250A1-1747-42C1-9859-11968327D9B8}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{14AAE5D0-19E2-438F-8BBA-C3487204C78F}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E421901F-A78F-446E-AEFF-3A59A41037E9}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{662B3FDF-4B85-45D0-A532-72D2B57DC119}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C11AC115-1CD7-4AC4-949A-EDA11326C017}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9D9C9EFC-10FD-431E-A647-B59CA29D6D18}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{C2CB43AB-DB6A-45E4-AB29-0C6FD1F206E3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8D4FDD49-17EB-4391-BFBD-7AF1FB509A5A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EE1DB82F-54F1-4CB4-9C4B-D3603D89D7CA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{59F760E4-35BB-4CB2-B4A1-1876DAE5E93F}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{04A77F0F-3BC4-4EFC-B5A5-93068222133A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{774FCE00-FE7F-4409-9A26-A9DB9553279C}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EACB34E9-F8FA-498D-ADA2-6EC17EDA095E}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{91910F65-7763-4A02-9C50-3FEE3F134484}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{3CABEB18-F227-4F41-9238-E2493F0EF262}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{A142C16A-3089-4AC6-97D2-830812A2B9EA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7F556562-1BCE-4DC2-8D8F-FE5AD30B83E2}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5747F502-98AA-45B0-8319-B0F1A268AAA4}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B9B6E393-44DB-4C66-91F8-10ACA414B652}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{1E49DBE5-8A93-4B85-B076-13F4F63126F3}D:\steam\steam.exe] => (Allow) D:\steam\steam.exe
FirewallRules: [TCP Query User{834A2FC0-30E5-42F1-9DD3-98F461AEDA5E}D:\steam\steam.exe] => (Allow) D:\steam\steam.exe
FirewallRules: [{5B98F761-82D6-4D2E-BB54-1AB503023B65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{ACDF0BEC-794B-48C9-A22B-CF2679202578}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{88BA9D04-01BC-4570-943F-AE6AEE226D3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{3A31E585-B726-4675-9B73-62235F9A4E7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{983D305F-3008-40C9-93C3-CFEB3AA49D4B}] => (Allow) D:\Steam\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{262233C0-71DA-4F7B-851F-4884C1CC49E4}] => (Allow) D:\Steam\SteamApps\common\Spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{830831D7-FC1A-4333-BFB0-811EB4511A21}] => (Allow) C:\Users\David Ridley\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40A50754-FA15-45D8-A5C7-0D96E3013413}] => (Allow) C:\Users\David Ridley\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80754F5A-3A0B-4346-AF51-04BFE55B1162}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{6DD98B07-2412-46A4-AC65-0D3A6AD221FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{EE39FED6-6B26-48E3-8A9E-F489CA313939}] => (Allow) D:\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{EA6FE924-8C5C-4430-9B9B-7A9B5F380A41}] => (Allow) D:\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [UDP Query User{DB9AF1EB-3C85-41A8-8EF4-7873DCB9B8F9}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{A010E1D9-BA2E-4A6E-852D-B4ECEB3C386D}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{FF4B3816-BE62-4C3E-A6BE-7C5065CF3893}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{09AEAC6A-E51E-41D8-B2D6-908EDE316607}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [UDP Query User{3F0C050E-032F-4A5A-8BF9-7D1444BCFFA2}C:\programdata\battle.net\agent\agent.1737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1737\agent.exe
FirewallRules: [TCP Query User{1F6D8F72-064B-4863-B7B5-031AF54A7DDB}C:\programdata\battle.net\agent\agent.1737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1737\agent.exe
FirewallRules: [{2175D6E9-1DE4-41F8-90E1-6063A2B3BA84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{ADE890A3-9C9D-46FC-A3DA-8748A022F36A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [UDP Query User{BEFA72F9-8B0D-478E-A300-457980469181}C:\users\david ridley\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david ridley\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{65F6C7D5-2A1A-4BF9-9C56-147A0775ED8E}C:\users\david ridley\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\david ridley\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD524F87-BE20-4834-9FCC-D2478835907E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6D56E699-3F6C-4E33-8600-D4A0DBB0CA2E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4D7583C5-BDBE-4DB3-AC67-E05146162F39}C:\users\david ridley\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david ridley\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BD87210F-6728-4472-B1B7-3A265D24AB7E}C:\users\david ridley\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david ridley\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A7A2A351-2056-474A-890E-90ED397F862E}] => (Allow) D:\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{B31E057F-CC7A-4DD9-A4B4-7F9268759C14}] => (Allow) D:\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [UDP Query User{2B4928C5-6C98-4E8F-80B8-6B7BC23B92FD}D:\programs\winamp\winamp.exe] => (Allow) D:\programs\winamp\winamp.exe
FirewallRules: [TCP Query User{B47F533B-FB01-494F-B1AD-64872393699F}D:\programs\winamp\winamp.exe] => (Allow) D:\programs\winamp\winamp.exe
FirewallRules: [UDP Query User{B415438A-773B-4A2B-B2D5-BEF9A481E7A9}D:\programs\d&d\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\programs\d&d\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{D011FF12-F700-426A-956F-C7047FA47BB5}D:\programs\d&d\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\programs\d&d\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{2B3A2C40-BB63-4E3E-9BC0-FC3E5BD6CF6D}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{D94F4AC1-C0C5-404D-BCF2-76418B33C63D}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{919365F8-20D9-48B8-8A5C-C712515AA9FB}] => (Allow) D:\Steam\SteamApps\common\Kinetic Void\KineticVoid.exe
FirewallRules: [{634F0659-E700-4FBF-9067-389A04783B17}] => (Allow) D:\Steam\SteamApps\common\Kinetic Void\KineticVoid.exe
FirewallRules: [{BC73948C-80D7-45F3-8667-74D05DE859B3}] => (Allow) D:\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{34406DBA-A627-4D3B-B6D3-75693EEF8E72}] => (Allow) D:\Steam\SteamApps\common\star conflict\game.exe
FirewallRules: [{CF3079B6-2197-4342-AA2C-30699D1E4610}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{14A55DEF-2F91-4B09-ACE2-8E0B8E7ED9B8}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09181938-2552-4C4C-ABFC-CC3067D08BBC}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{BB275F05-C43B-402D-B734-FCB65A5C56FD}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{A2771D30-169F-407F-A9D7-50FF163BFF9D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{321534BA-0F5E-4A04-A108-AC3ADFAE65BB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DAF61AFF-45D7-4B23-9D33-92B439629268}] => (Block) D:\Programs\PS CS6\PS 6\Adobe Photoshop CS6 (64 Bit)
FirewallRules: [{172C6642-06F4-4787-8609-56E453F78042}] => (Block) D:\Programs\PS CS6\PS 6\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
FirewallRules: [{9583F9AD-F016-4966-8BE2-9287D4A68B4A}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{B74FC6CC-CA3C-4C00-823C-0A6DB0B89286}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{8736C7DC-8E12-4D82-A748-41988A18E2BD}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{703BDCA3-9AF7-45E1-BD30-43D45C56F772}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{EF15203C-EC62-4995-98D6-8B16526D72EF}] => (Allow) D:\Steam\SteamApps\common\Mass Effect\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{0999496D-5424-4CB5-B71D-305EA8F187D3}] => (Allow) D:\Steam\SteamApps\common\Mass Effect\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{433FD21A-B47D-40F3-BDC9-A9C15A6E2848}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{BDE872C5-52AA-4A2B-B33F-07D8479BD83C}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{47E8FEB4-F3B2-44CC-A459-D81FA0CE7F9E}] => (Allow) D:\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{CF981E43-0BAB-4397-B3AE-79895B32D77D}] => (Allow) D:\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{884561CE-F2BC-4BF1-94B1-E61F84577935}] => (Allow) D:\Programs\ACR\AssassinsCreedRevelations.exe
FirewallRules: [{EA4DD9D7-DCD3-49ED-BD9E-813A32D29255}] => (Allow) D:\Programs\ACR\AssassinsCreedRevelations.exe
FirewallRules: [{77A91D24-742F-4582-B51F-21C2DD7E33F6}] => (Allow) D:\Programs\ACR\ACRMP.exe
FirewallRules: [{DF419FE6-A771-47DB-A5DB-FA7D6D6BC994}] => (Allow) D:\Programs\ACR\ACRMP.exe
FirewallRules: [{5CCACC04-8594-4AFE-851A-1B3CDE8EF9B0}] => (Allow) D:\Programs\ACR\ACRSP.exe
FirewallRules: [{4EC5B259-234F-40A6-948B-0FAD8BEB5030}] => (Allow) D:\Programs\ACR\ACRSP.exe
FirewallRules: [{3271E7E6-66B0-44F7-BC6B-5EE5974892E3}] => (Block) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
FirewallRules: [{CF0B1322-BAAE-499F-9358-16DDA470A194}] => (Block) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
FirewallRules: [{09018A79-172B-459A-9BF1-E60C14B6C567}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{3B679811-CCE7-45D5-90E9-FDDDE3E1457A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{263BB34C-ABCF-4F71-B178-4756B971F6AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{0311B38C-3C27-48AA-86ED-4E8FA2E97090}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{2865DB68-2F35-436A-BAFE-A1FB651FB192}] => (Block) D:\Programs\Lightroom\lightroom.exe
FirewallRules: [{6EAA9FA9-6BE2-4550-83CB-F052D5B58CDE}] => (Block) D:\Programs\Lightroom\lightroom.exe
FirewallRules: [{7FD85C2F-1E97-4816-B5BB-765C581AEE49}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{35EC3406-02BC-44D4-8D32-694DB61628A6}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [UDP Query User{8069C292-935C-4E93-A195-13399539EA51}D:\video games\steamapps\common\planetside 2\planetside2.exe] => (Block) D:\video games\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{4113A28F-B417-4945-80A3-8C98C3AB43F5}D:\video games\steamapps\common\planetside 2\planetside2.exe] => (Block) D:\video games\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{B2AE6390-4FE2-4E00-B725-533E27FA91AD}] => (Allow) D:\Video Games\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B02B391B-C737-4BA3-8F54-FAF79474340D}] => (Allow) D:\Video Games\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BC629C05-80FC-4D6A-87C0-2261D59FD907}] => (Allow) D:\Programs\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{E4B45053-5642-4250-998F-B2BAA6039048}] => (Allow) D:\Programs\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{C5D81C1A-8AA9-4F0A-BBAB-61747A89C558}] => (Allow) D:\Programs\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{5DB81892-5091-454B-9FD3-2D4D18E5172B}] => (Allow) D:\Programs\SWTOR\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3B934640-DAB8-4BDC-A206-FDB9431B849A}] => (Allow) D:\Video Games\Steam.exe
FirewallRules: [{5D3C48D8-CEFC-452E-B547-C93C2B60A934}] => (Allow) D:\Video Games\Steam.exe
FirewallRules: [TCP Query User{C6CE5EBD-74F5-4FD2-AFCE-C48FE0E5C974}D:\steam\steamapps\common\fallout 4\fallout4.exe] => (Block) D:\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{9ADFCB71-2E7D-4A72-8E78-529CF37E9C09}D:\steam\steamapps\common\fallout 4\fallout4.exe] => (Block) D:\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{55D8DBE7-6528-451F-94BA-7AB2259F7D76}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7E0FDC20-5FD4-41E0-BC52-6F0B6E08A7D2}] => (Allow) D:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DEFF3684-8298-4CA0-82F2-A093FEDFBD63}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{D6F17446-97CB-4407-A8C0-B7E119633CA3}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{1BEBF917-EACB-4554-AF13-C005F68C9BCB}] => (Allow) D:\Games\Origin\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{64D99E6A-FCFA-4A44-A557-C5F305954DEE}] => (Allow) D:\Games\Origin\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [TCP Query User{E3EAABBB-A454-448B-AC56-4EBB1724943E}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{9D959F10-279F-4496-9515-C6F1123E682F}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [{DBA16800-475D-414A-966D-AAE05D550A0A}] => (Allow) D:\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{06CF2014-4454-461B-ACF8-D1EB3679A238}] => (Allow) D:\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{1BF92FF4-1E7B-4108-9DCA-04B650321417}] => (Allow) D:\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{621FC955-178B-4539-B688-7C4DB40F8702}] => (Allow) D:\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{170E4DA4-256A-4458-ACA1-B5A487C9A6A7}] => (Allow) D:\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{65079D0C-D085-409F-85E9-DF653533A8D7}] => (Allow) D:\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{1A9E04F6-13C8-472B-9497-BED3DF2FB086}] => (Allow) D:\Games\Origin\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{1010A5D1-B354-48BC-B6AB-BB72D0F0D804}] => (Allow) D:\Games\Origin\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{B38FB29E-880B-4968-B4A8-0011078CE898}] => (Allow) D:\Games\Origin\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{C7AE0195-3588-4C8F-8225-95D980F80EDC}] => (Allow) D:\Games\Origin\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{B4F8FD99-A645-40F3-95E3-A4EADB294713}] => (Allow) D:\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{BF632D4A-293E-4247-A9B7-40CAC3EA647A}] => (Allow) D:\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{A7752502-1E4F-4344-9AD3-979F7A7835E7}] => (Allow) D:\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{D1D81BF5-957C-40EB-903D-62F4F061953F}] => (Allow) D:\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{459FD090-F422-48CC-A08E-A685274B33B8}] => (Allow) D:\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{A2614ADA-14C7-4296-8476-45F800ADE57C}] => (Allow) D:\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{C4BC3D27-43C0-400C-BFF9-1CCF65EF92EA}] => (Allow) D:\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{B4BDD383-E2BB-478F-92D6-C19253923918}] => (Allow) D:\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{2DB98BA0-01B9-40C0-9076-726030C36041}] => (Allow) D:\Steam\SteamApps\common\LIGHTNING RETURNS FINAL FANTASY XIII\LRFF13.exe
FirewallRules: [{41283372-944B-45EB-B1DB-0AEAFC5581CF}] => (Allow) D:\Steam\SteamApps\common\LIGHTNING RETURNS FINAL FANTASY XIII\LRFF13.exe
FirewallRules: [{BCF0DCEB-38A9-41F4-B8A2-F7D3E56B66F6}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D9A00643-B852-470E-B204-0A261337A3DE}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{626FE352-2475-4858-A7A4-A1A6806A9643}] => (Allow) C:\Users\David Ridley\AppData\Local\71781063.exe
FirewallRules: [{4AD99414-D020-43B9-9A88-3EB9AFACEEAF}] => (Allow) C:\Program Files (x86)\pecs\procurator.exe
FirewallRules: [{4E1C27C6-6044-40BD-8132-461BC39CF1F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{99F61B27-B8FD-4E45-B1E0-F6CEECCC0F81}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{48B588F2-6495-4964-85AA-20626C47BECC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0522D16A-CC79-41EC-8031-4A1E6F4B00C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{445D50C7-BCE7-4FB2-93B4-C5E3AAB92F99}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{C5E242EA-3B89-4105-9DAB-E0DE174255FA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{03AAB25C-22CD-4E63-8CED-B60228DC23C2}] => (Allow) D:\Games\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{FC1CA495-D301-4630-B649-45DA43F32073}] => (Allow) D:\Games\Origin\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{17BDC0F0-A939-4BB8-8D19-DD8C9377AB97}] => (Allow) D:\Games\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{06F36460-1FEC-4CE9-9372-FFD8F50B0A40}] => (Allow) D:\Games\Origin\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{3B783747-880D-4559-B880-686B274DA847}] => (Allow) D:\Games\Origin\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{BC51DE13-F073-49DE-A319-5117BDCEDD70}] => (Allow) D:\Games\Origin\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [TCP Query User{08BAF6F9-54FB-4066-B34C-506DB6C0CD41}D:\games\origin\battlefield 4\bf4.exe] => (Allow) D:\games\origin\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{E11AC56F-E20C-4986-B046-7F947F21FD6C}D:\games\origin\battlefield 4\bf4.exe] => (Allow) D:\games\origin\battlefield 4\bf4.exe
FirewallRules: [{30CA8CCA-FA96-4C60-B749-E27585E6B2FD}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{B21C840A-85FE-4EB2-B204-3CA8E94815D7}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{9E1AFAEB-D5A3-4384-A114-616A9C5AA66E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5994E0B2-69DE-40F5-9639-FD2E8E30E529}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{E20C3029-BDCE-4F29-8634-8862C7F18F64}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe

==================== Restore Points =========================

28-10-2016 10:11:10 Windows Update
29-10-2016 17:28:34 Installed AI Suite II
01-11-2016 15:09:24 Installed DirectX

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2016 07:41:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 07:41:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/01/2016 07:41:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 07:41:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 07:41:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 06:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 04:07:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 04:07:44 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/01/2016 04:07:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/01/2016 04:07:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

System errors:
=============
Error: (11/01/2016 06:41:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/01/2016 03:07:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/01/2016 10:34:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/31/2016 03:58:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/31/2016 01:11:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/31/2016 11:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/30/2016 07:39:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/29/2016 07:43:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/29/2016 05:24:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/29/2016 05:24:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2016-10-27 20:06:16.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-10-25 15:17:25.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-25 15:17:25.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-25 15:17:25.341
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-20 19:58:14.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-20 19:58:14.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-20 19:58:14.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-11 19:08:39.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 17:54:54.482
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 17:54:54.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 12236 MB
Available physical RAM: 8052.08 MB
Total Virtual: 24524 MB
Available Virtual: 18462.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:19.1 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:107.08 GB) NTFS
Drive h: (LEXAR) (Removable) (Total:14.61 GB) (Free:10.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: FEA9E29E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FEA9E286)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: CE5138F0)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

deeprybka · November 3, 2016

Hi,

I don't think that the issue is caused by active malware.

Please do the following to remove some adware remnants:

Open Chrome and click the customize and control button ("3 streaks” icon or wrench icon in older versions).

Select settings. In the On Startup section, click on Set Pages and delete the entries. Click Ok to save the changes. Please reboot your pc and check if the entries are gone.

DeeRid · November 3, 2016

I went through and deleted the three or four pages and they were still removed after a reboot.

Thank you so much for all the help and advice you've given me. It's a relief to know I was just overreacting. I guess it's time to start looking into new fans.

deeprybka · November 3, 2016

That's it!
Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware:
Thank you!

Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
Download DelFix (by Xplode) and save it to your Desktop.
- Close all running programs and start delfix.exe.
- Make sure that all available options are checked.
- Click on Run
- DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited November 3, 2016 by deeprybka

AdvancedSetup · November 5, 2016

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Convinced there's hidden Malware and I can't find it

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information