Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Causing All Sorts of Problems


  • This topic is locked This topic is locked
9 replies to this topic

#1 cobrien

cobrien

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 23 December 2015 - 11:29 PM

Hello, I'm here hoping I can get some help regarding some adware that's been installed on my computer.

 

Audio adverts can be heard no matter what application I'm in and it's becoming extremely irritating. It started with a program I found called Sound+ which I thought I had successfully removed. When I open task manager and sort through running processes, I've discovered a few of the problem processes are called "cellar," "mellow," and "spade" (which as far as I can tell adds a bogus google chrome shortcut to my desktop when run). They seem to be run out of folders located in program files titled "obscene" and "willing." I've already jumped through some of the hoops and run various pieces of malware detection software but it doesn't solve a single problem even if Malwarebytes claims it has taken care of potential unwanted programs. I should mention that whatever malware I have on my PC actually restricts me from visiting any sites that are remotely helpful for removing malware, and I've had to install all anti-malware software using a separate computer through dropbox and the use of RKill.

 

The last thing I wanted to do was resort to posting on a forum for help, as I've always considered myself fairly tech-savvy but I'm really stumped here. It's also worth noting that I'd like to avoid a clean install of Windows, as my PC doesn't have an optical drive and I've left my USB optical drive in my apartment back up at school as I'm on holiday break. Thank you in advance for your help.


Edited by cobrien, 23 December 2015 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 24 December 2015 - 01:44 PM

Hi & :welcome: to Bleeping Computer Forums! :santa:
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 cobrien

cobrien
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 24 December 2015 - 04:27 PM

Thanks for the quick reply.

-----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Conor (administrator) on OBRIEN-PC (24-12-2015 16:23:15)
Running from C:\Users\Conor\Downloads
Loaded Profiles: Conor (Available Profiles: Conor)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(LogMeIn Inc.) E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn, Inc.) E:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) E:\Program Files\Steam\Steam.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Valve Corporation) E:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Valve Corporation) E:\Program Files\Steam\bin\steamwebhelper.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Spotify Ltd) C:\Users\Conor\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Conor\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Conor\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Conor\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Conor\AppData\Roaming\Spotify\Spotify.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Conor\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\willing\spade.exe
HKLM\...\Run: [interpee] => C:\Program Files (x86)\willing\tall.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [Steam] => E:\Program Files\Steam\steam.exe [3013200 2015-12-18] (Valve Corporation)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [Spotify Web Helper] => C:\Users\Conor\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-14] (Spotify Ltd)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [GoogleChromeAutoLaunch_4CCC78AC4FCD38F47BBCF00FBCBB8985] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\MountPoints2: {90d8a80c-66aa-11e5-9bc2-806e6f6e6963} - "D:\DVDSetup.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-29]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-12-09]
ShortcutTarget: AudioSwitch.lnk -> C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [S-1-5-21-646440759-2328756091-327310450-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83599423-3d18-4b15-ad28-7e8010ab81e3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-646440759-2328756091-327310450-1001 -> {1775000E-DF5D-41AD-9AAE-DDA63805B580} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=FCOzamotn3614,a3d31b70-7d47-4089-902e-a80ffc9af4dc,&vp=ch&prd=set_ch
CHR NewTab: Default -> "chrome-extension://haafibkemckmbknhfkiiniobjpgkebko/index.html#/"
CHR Profile: C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2015-12-20]
CHR Extension: (Google Drive) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Adguard AdBlocker) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (reShape - Craigslist) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfgpklfbmmflakiadcefbjmokalnghm [2015-11-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Timer) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2015-09-29]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-09-29]
CHR Extension: (Google Play Music) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-08]
CHR Extension: (Google Sheets) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Bookmark Manager) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-11-11]
CHR Extension: (Panda 4 
 News & Inspiration Dashboard) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\haafibkemckmbknhfkiiniobjpgkebko [2015-12-22]
CHR Extension: (Dropbox) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-09-29]
CHR Extension: (Facebook Flat) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2015-12-18]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2015-09-29]
CHR Extension: (Steam Database) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2015-12-23]
CHR Extension: (Coupons at Checkout) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2015-12-09]
CHR Extension: (Window Resizer) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-10-28]
CHR Extension: (Google Maps) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-29]
CHR Extension: (Google Hangouts) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (friends feed) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlenanfmnogchfccgdadohbacedphodd [2015-12-20]
CHR Extension: (Enhanced Steam) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-12-22]
CHR Extension: (Readability) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2015-12-08]
CHR Extension: (Gmail) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-06] (EasyAntiCheat Ltd)
S3 EvoSvc; E:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-10-16] (Echobit LLC)
S3 GalaxyClientService; E:\Program Files\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-14] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-22] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
R2 Hamachi2Svc; E:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2546184 2015-11-12] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-14] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [51200 2015-11-19] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 axiomatic; C:\Windows\pear.exe [X]
S2 cynical; C:\Windows\fetch.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.)
S3 cpuz137; C:\Users\Conor\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [26856 2015-09-29] (CPUID)
S3 cpuz138; C:\Users\Conor\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [28392 2015-11-13] (CPUID)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-09-29] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-29] (Intel Corporation)
R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [376840 2015-10-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 16:23 - 2015-12-24 16:23 - 00029553 _____ C:\Users\Conor\Downloads\FRST.txt
2015-12-24 16:22 - 2015-12-24 16:23 - 00000000 ____D C:\FRST
2015-12-24 16:22 - 2015-12-24 16:22 - 02370560 _____ (Farbar) C:\Users\Conor\Downloads\FRST64.exe
2015-12-24 15:13 - 2015-12-24 15:13 - 00016148 _____ C:\Windows\system32\OBRIEN-PC_Conor_HistoryPrediction.bin
2015-12-24 08:38 - 2015-12-24 08:38 - 00000000 ____D C:\AdwCleaner
2015-12-23 23:16 - 2015-12-23 23:16 - 00000000 ____D C:\Users\Conor\AppData\Local\yuntnani
2015-12-23 23:05 - 2015-12-23 23:05 - 00000000 ___HD C:\$SysReset
2015-12-23 22:32 - 2015-12-23 23:16 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 21:45 - 2015-12-23 22:25 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-23 21:45 - 2015-12-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 21:41 - 2015-12-24 08:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 21:41 - 2015-12-23 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-23 21:39 - 2015-12-23 21:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 21:39 - 2015-12-23 21:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-23 21:39 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-23 21:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-23 20:32 - 2015-12-23 20:32 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-12-23 20:31 - 2015-12-24 08:32 - 00004434 _____ C:\Windows\System32\Tasks\306053349554774788
2015-12-23 20:31 - 2015-12-24 01:32 - 00003746 _____ C:\Windows\System32\Tasks\3639232363923236392323639232
2015-12-23 20:31 - 2015-12-23 23:04 - 00003922 _____ C:\Windows\System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614
2015-12-23 20:31 - 2015-12-23 20:54 - 00003902 _____ C:\Windows\System32\Tasks\Grapyy76211583Updates
2015-12-23 20:31 - 2015-12-23 20:54 - 00003738 _____ C:\Windows\System32\Tasks\MySyy76211583ytemy
2015-12-23 20:31 - 2015-12-23 20:31 - 00003854 _____ C:\Windows\System32\Tasks\7124009
2015-12-23 20:31 - 2015-12-23 20:31 - 00002560 _____ C:\Users\Conor\AppData\Local\uninstall.exe
2015-12-23 20:30 - 2015-12-23 20:31 - 00000000 ____D C:\Users\Conor\AppData\Local\62672966
2015-12-23 20:30 - 2015-12-23 20:30 - 00000097 _____ C:\Users\Conor\AppData\Local\dottmpfile.txt
2015-12-23 20:30 - 2015-12-23 20:30 - 00000000 ____D C:\Users\Conor\AppData\Local\2704469
2015-12-23 10:58 - 2015-12-24 15:44 - 00000000 ____D C:\Users\Conor\AppData\Local\CrashDumps
2015-12-22 21:57 - 2015-12-22 21:57 - 00000785 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2015-12-22 21:57 - 2015-12-22 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-22 21:57 - 2015-12-22 21:57 - 00000000 ____D C:\ProgramData\GOG.com
2015-12-22 21:45 - 2015-12-22 21:45 - 00000000 ____D C:\Users\Conor\AppData\LocalLow\Adobe
2015-12-22 21:44 - 2015-12-22 21:44 - 00003664 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-conorfreelancer@gmail.com
2015-12-22 17:00 - 2015-12-22 17:03 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-22 17:00 - 2015-12-22 17:00 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-12-22 17:00 - 2015-12-22 17:00 - 00000000 ____D C:\Users\Conor\Documents\Adobe
2015-12-22 16:59 - 2015-12-22 17:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-22 16:59 - 2015-12-22 17:01 - 00000000 ____D C:\Program Files\Adobe
2015-12-22 16:54 - 2015-12-24 09:16 - 00000000 ___RD C:\Users\Conor\Creative Cloud Files
2015-12-22 16:54 - 2015-12-24 09:16 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-22 16:53 - 2015-12-22 16:59 - 00000000 ____D C:\ProgramData\Adobe
2015-12-22 16:53 - 2015-12-22 16:53 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-12-22 16:53 - 2015-12-22 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-22 16:51 - 2015-12-24 09:16 - 00000000 ____D C:\Users\Conor\AppData\Local\Adobe
2015-12-21 17:38 - 2015-12-21 17:38 - 00001288 _____ C:\Users\Conor\Desktop\aseprite.lnk
2015-12-21 17:38 - 2015-12-21 17:38 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Aseprite
2015-12-20 15:35 - 2015-12-20 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-12-20 15:26 - 2015-12-20 15:26 - 00001266 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2015-12-20 15:26 - 2015-12-20 15:26 - 00000000 ____D C:\Users\Conor\AppData\Local\PopcornTimeDesktop
2015-12-20 15:26 - 2015-12-20 15:26 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-12-18 19:03 - 2015-12-18 19:03 - 00000671 _____ C:\Users\Conor\Desktop\osu!.lnk
2015-12-18 19:03 - 2015-12-18 19:03 - 00000671 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-12-18 14:37 - 2015-12-18 14:37 - 00000809 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-18 14:37 - 2015-12-18 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-17 21:53 - 2015-12-17 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-12-17 12:33 - 2015-12-17 12:33 - 00000757 _____ C:\Users\Conor\Desktop\Dolphin.lnk
2015-12-16 17:41 - 2015-12-16 17:41 - 00000000 ____D C:\Users\Conor\AppData\Local\StreetFighterVBeta
2015-12-16 00:49 - 2015-12-16 00:49 - 00000000 ____D C:\Users\Conor\AppData\Local\Blizzard
2015-12-16 00:47 - 2015-12-16 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-12-14 11:09 - 2015-12-14 11:09 - 00000000 ____D C:\Users\Conor\AppData\Local\Ubisoft
2015-12-13 20:12 - 2015-12-13 20:17 - 00000000 ____D C:\Users\Conor\AppData\Local\UNDERTALE
2015-12-13 20:12 - 2015-12-13 20:12 - 00001164 _____ C:\Users\Conor\Desktop\UNDERTALE.lnk
2015-12-13 20:11 - 2015-12-13 20:11 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Steam
2015-12-12 21:30 - 2015-12-12 21:30 - 00348160 _____ C:\Windows\Minidump\121215-4671-01.dmp
2015-12-11 20:54 - 2015-12-11 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 20:11 - 2015-12-11 20:11 - 00360288 _____ C:\Windows\Minidump\121115-5171-01.dmp
2015-12-11 20:11 - 2015-12-11 20:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\Users\Conor\AppData\Local\AudioSwitch
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioSwitch
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\Program Files (x86)\AudioSwitch
2015-12-08 18:13 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:13 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:13 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 18:13 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 18:13 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 18:13 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-08 18:13 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:13 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-08 18:13 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:13 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:13 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-12-08 18:13 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 18:13 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-08 18:13 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 18:13 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-08 18:13 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-12-08 18:13 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 18:13 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-08 18:13 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-08 18:13 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 18:13 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 18:13 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 18:12 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-08 18:12 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2015-12-08 18:12 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-12-08 18:12 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-12-08 18:12 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:12 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 18:12 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-08 18:12 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-08 18:12 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2015-12-08 18:12 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 18:12 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 18:12 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-12-08 18:12 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-08 18:12 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 18:12 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 18:12 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-12-08 18:12 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-08 18:12 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2015-12-08 18:12 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-12-08 18:12 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-12-08 18:12 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:12 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-08 18:12 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-12-08 18:12 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:12 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:12 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-12-08 18:12 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-08 18:12 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-12-08 18:12 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2015-12-08 18:12 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 18:12 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-08 18:12 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-08 18:12 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 18:12 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-08 18:12 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 18:12 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 18:12 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-08 18:12 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 18:12 - 2015-11-24 21:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 18:12 - 2015-11-24 21:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-08 16:50 - 2015-12-08 16:50 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-08 11:33 - 2015-12-08 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-12-08 01:29 - 2015-12-08 01:29 - 00000000 ____D C:\Users\Conor\AppData\Local\KiwiGame
2015-12-07 16:34 - 2015-12-07 16:34 - 00006144 _____ C:\Users\Conor\AppData\Local\installer.exe
2015-12-07 16:33 - 2015-12-07 16:33 - 00006656 _____ C:\Users\Conor\AppData\Local\installer4.exe
2015-12-06 23:10 - 2015-12-06 23:12 - 00222456 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2015-12-06 23:10 - 2015-12-06 23:09 - 00236832 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-12-06 23:08 - 2015-12-06 23:08 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Depressurizer
2015-12-06 14:04 - 2015-12-06 14:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Warframe
2015-12-05 20:58 - 2015-12-05 20:58 - 00000000 ____D C:\Users\Conor\Documents\Diablo III
2015-12-05 19:47 - 2015-12-05 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\AppData\Local\Melodics
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\.QtWebEngineProcess
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\.Melodics
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodics
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files\Common Files\VST3
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files (x86)\Novation
2015-12-05 17:52 - 2015-12-05 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novation
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\Program Files\VSTPlugIns
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\Program Files\Novation
2015-12-05 16:56 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\Documents\Ableton
2015-12-05 16:56 - 2015-12-05 17:00 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Ableton
2015-12-05 16:55 - 2015-12-05 16:55 - 00000671 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2015-12-05 16:27 - 2015-12-05 16:27 - 00000000 ____D C:\Users\Conor\Documents\Wizards of the Coast
2015-12-05 15:38 - 2015-12-05 15:38 - 00000000 ____D C:\Users\Conor\Documents\REAPER Media
2015-12-05 15:32 - 2015-12-05 16:56 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2015-12-05 15:32 - 2015-12-05 15:46 - 00000000 ____D C:\Users\Conor\AppData\Roaming\REAPER
2015-12-05 10:28 - 2015-12-05 10:28 - 00000000 ____D C:\Users\Conor\AppData\Local\Dragon's Vault
2015-12-04 09:47 - 2015-11-24 13:42 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-04 09:46 - 2015-11-24 18:07 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 37882672 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 22345336 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 18389624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 16561320 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 15839392 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 14844304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 13533416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 12040952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 02876536 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 02496816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01016360 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01013960 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00877872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00823232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00820856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00689784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00601424 _____ C:\Windows\system32\nvmcumd.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00539464 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00503416 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00446768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00445400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-04 09:43 - 2015-12-04 09:43 - 00347096 _____ C:\Windows\Minidump\120415-4250-01.dmp
2015-12-01 19:13 - 2015-12-01 19:13 - 00345976 _____ C:\Windows\Minidump\120115-3937-01.dmp
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Users\Conor\AppData\Local\Ubisoft Game Launcher
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-11-26 19:47 - 2015-11-26 19:47 - 00000000 ____D C:\Users\Conor\Documents\BioWare
2015-11-26 19:44 - 2015-11-26 19:44 - 00000913 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2015-11-24 11:47 - 2015-11-24 11:50 - 00000000 ____D C:\Users\Conor\Documents\STAR WARS Battlefront
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 16:22 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-24 15:43 - 2015-09-30 02:38 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-24 15:43 - 2015-09-29 08:33 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 15:33 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor
2015-12-24 15:25 - 2015-10-01 03:39 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{357248BA-1B5B-47D1-963E-55E145A91AF6}
2015-12-24 15:13 - 2015-09-29 10:28 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Spotify
2015-12-24 10:59 - 2015-09-29 17:54 - 00000000 ____D C:\Users\Conor\AppData\Local\Battle.net
2015-12-24 10:36 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-24 10:36 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\AppReadiness
2015-12-24 09:32 - 2015-09-29 08:50 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-24 09:21 - 2015-09-29 08:10 - 00876942 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 09:21 - 2015-07-10 06:02 - 00000000 ____D C:\Windows\INF
2015-12-24 09:19 - 2015-09-29 10:29 - 00000000 ____D C:\Users\Conor\AppData\Local\Spotify
2015-12-24 09:16 - 2015-09-30 02:40 - 00000000 ___RD C:\Users\Conor\Dropbox
2015-12-24 09:16 - 2015-09-30 02:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Dropbox
2015-12-24 09:15 - 2015-09-30 02:38 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-24 09:15 - 2015-09-29 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-24 09:15 - 2015-09-29 08:33 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 09:15 - 2015-07-10 07:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-24 09:15 - 2015-07-10 04:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-23 22:03 - 2015-09-29 08:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-23 22:03 - 2015-07-10 06:04 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-23 21:39 - 2015-09-29 12:54 - 00000000 ____D C:\ProgramData\Origin
2015-12-23 21:24 - 2015-09-29 10:28 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Skype
2015-12-23 21:11 - 2015-10-15 16:29 - 00000704 __RSH C:\ProgramData\ntuser.pol
2015-12-23 20:34 - 2015-09-29 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 20:33 - 2015-11-23 14:04 - 00000000 ____D C:\Users\Conor\AppData\Roaming\qBittorrent
2015-12-23 16:47 - 2015-10-01 16:00 - 00000000 ____D C:\Users\Conor\AppData\Local\Deployment
2015-12-23 11:01 - 2015-09-29 08:40 - 00000000 ____D C:\Windows\system32\MRT
2015-12-23 09:45 - 2015-07-10 07:20 - 00352528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-22 17:03 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Adobe
2015-12-22 16:59 - 2015-09-29 08:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-22 15:49 - 2015-10-08 10:07 - 00000000 ____D C:\Users\Conor\AppData\Local\LogMeIn Hamachi
2015-12-20 15:35 - 2015-11-23 14:04 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-12-18 14:37 - 2015-10-30 14:26 - 00000000 ____D C:\Users\Conor\AppData\Local\Black_Tree_Gaming
2015-12-17 22:22 - 2015-10-08 09:54 - 00000000 ____D C:\Users\Conor\AppData\Roaming\.minecraft
2015-12-17 21:51 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor\AppData\Local\VirtualStore
2015-12-17 21:38 - 2015-10-15 16:14 - 00000000 ____D C:\Users\Conor\Documents\Dolphin Emulator
2015-12-17 20:19 - 2015-10-01 11:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-12-16 03:18 - 2015-10-30 19:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Messenger
2015-12-16 00:45 - 2015-10-30 19:38 - 00001311 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2015-12-16 00:45 - 2015-09-29 17:54 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Battle.net
2015-12-16 00:45 - 2015-09-29 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-15 18:33 - 2015-10-01 11:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-12-15 08:57 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 08:56 - 2015-10-10 09:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-14 19:07 - 2015-10-01 17:52 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-12-14 18:17 - 2015-10-01 11:34 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-12-14 16:51 - 2015-10-17 16:06 - 00348360 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-12-14 16:51 - 2015-10-17 16:04 - 00000000 ____D C:\ProgramData\EA Logs
2015-12-12 21:30 - 2015-11-12 16:39 - 644691654 _____ C:\Windows\MEMORY.DMP
2015-12-12 21:30 - 2015-11-12 16:39 - 00000000 ____D C:\Windows\Minidump
2015-12-11 20:54 - 2015-09-30 02:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 20:11 - 2015-09-29 08:15 - 00000000 __RHD C:\Users\Conor\OneDrive
2015-12-11 14:52 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\rescache
2015-12-09 19:10 - 2015-07-10 05:55 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 13:52 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\oobe
2015-12-09 11:16 - 2015-09-29 08:15 - 00002363 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-08 22:39 - 2015-09-29 08:42 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 20:51 - 2015-11-22 00:32 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-12-04 09:47 - 2015-09-29 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-03 19:38 - 2015-09-29 08:33 - 00003984 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 19:38 - 2015-09-29 08:33 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 19:32 - 2015-07-10 06:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:32 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-28 19:47 - 2015-09-29 09:00 - 00000000 ____D C:\Users\Conor\Documents\My Games
2015-11-27 22:49 - 2015-09-29 10:28 - 00000000 ____D C:\ProgramData\Skype
2015-11-25 19:34 - 2015-09-29 08:43 - 11228488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-24 18:07 - 2015-09-29 08:43 - 18487360 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 18:07 - 2015-09-29 08:43 - 15933400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-24 18:07 - 2015-09-29 08:43 - 12870384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 18:07 - 2015-09-29 08:43 - 03540360 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 18:07 - 2015-09-29 08:43 - 03126800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 18:07 - 2015-09-29 08:36 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 18:07 - 2015-09-29 08:36 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 18:07 - 2015-09-29 08:36 - 00034494 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 17:02 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor\AppData\Local\Packages
2015-11-24 14:32 - 2015-09-29 08:36 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 14:32 - 2015-09-29 08:36 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 14:32 - 2015-09-29 08:36 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 14:32 - 2015-09-29 08:36 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 14:32 - 2015-09-29 08:36 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 14:32 - 2015-09-29 08:36 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-24 11:47 - 2015-11-11 18:02 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-11-24 10:24 - 2015-11-23 17:10 - 00000000 ____D C:\Users\Conor\AppData\Local\Skyrim
 
==================== Files in the root of some directories =======
 
2015-12-23 20:30 - 2015-12-23 20:30 - 0000097 _____ () C:\Users\Conor\AppData\Local\dottmpfile.txt
2015-09-29 08:27 - 2015-09-29 08:27 - 0000000 _____ () C:\Users\Conor\AppData\Local\Driver_LOM_8161Present.flag
2015-12-07 16:34 - 2015-12-07 16:34 - 0006144 _____ () C:\Users\Conor\AppData\Local\installer.exe
2015-12-07 16:33 - 2015-12-07 16:33 - 0006656 _____ () C:\Users\Conor\AppData\Local\installer4.exe
2015-11-16 11:12 - 2015-11-16 11:12 - 0007597 _____ () C:\Users\Conor\AppData\Local\Resmon.ResmonCfg
2015-09-10 08:09 - 2015-09-10 08:09 - 0008192 _____ () C:\Users\Conor\AppData\Local\uid.exe
2015-12-23 20:31 - 2015-12-23 20:31 - 0002560 _____ () C:\Users\Conor\AppData\Local\uninstall.exe
 
Some files in TEMP:
====================
C:\Users\Conor\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
C:\Users\Conor\AppData\Local\Temp\devcon64.exe
C:\Users\Conor\AppData\Local\Temp\dotnetfx45_full_x86_x64.exe
C:\Users\Conor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbroylw.dll
C:\Users\Conor\AppData\Local\Temp\DVDChangeDisc.exe
C:\Users\Conor\AppData\Local\Temp\Nexus Mod Manager-0.61.0.exe
C:\Users\Conor\AppData\Local\Temp\Nexus Mod Manager-0.61.1.exe
C:\Users\Conor\AppData\Local\Temp\Nexus Mod Manager-0.61.2.exe
C:\Users\Conor\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Conor\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Conor\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Conor\AppData\Local\Temp\nvStInst.exe
C:\Users\Conor\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Conor\AppData\Local\Temp\sfextra.dll
C:\Users\Conor\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Conor\AppData\Local\Temp\sonarinst.exe
C:\Users\Conor\AppData\Local\Temp\speccycpuid.dll
C:\Users\Conor\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Conor\AppData\Local\Temp\ytb.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-23 10:58
 
==================== End of FRST.txt ============================

 

-----

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Conor (2015-12-24 16:23:36)
Running from C:\Users\Conor\Downloads
Windows 10 Pro (X64) (2015-09-29 13:14:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-646440759-2328756091-327310450-500 - Administrator - Disabled)
Conor (S-1-5-21-646440759-2328756091-327310450-1001 - Administrator - Enabled) => C:\Users\Conor
DefaultAccount (S-1-5-21-646440759-2328756091-327310450-503 - Limited - Disabled)
Guest (S-1-5-21-646440759-2328756091-327310450-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.3.189 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.1.3.0 - )
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bionic Commando Rearmed (HKLM-x32\...\Steam App 21680) (Version:  - Capcom)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Citizens of Earth (HKLM-x32\...\Steam App 258910) (Version:  - Eden Industries)
CMake 3.4.0-rc1, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.4.0-rc1) (Version: 3.4.0-rc1 - Kitware)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z MSI 1.74 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.74 - CPUID, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version:  - WayForward)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.11 - Electronic Arts)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM\...\{D9D18DA0-DA2D-497C-8D71-E6489890EA58}) (Version: 1.1.40.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.17 - Echobit, LLC)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geekbench 3 (HKLM-x32\...\Geekbench 3) (Version:  - Primate Labs Inc.)
Ghost in the Shell Stand Alone Complex First Assault Online (HKLM-x32\...\Steam App 369200) (Version:  - Neople)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IdleMaster (HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launchkey Reason Installer 1.0 (HKLM\...\{Launchkey}}_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version:  - Almost Human Games)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Melodics version 1.0.1709.0 (HKLM\...\Melodics_is1) (Version: 1.0.1709.0 - )
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-5e196edf-d73a-447c-af89-4de56a6cb373) (Version:  - Epic Games, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{5af0cac3-d852-4187-a921-da8b83dce6e9}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Rivals of Aether v0.0.2 (HKLM-x32\...\Rivals of Aether v0.0.2v0.0.2) (Version: v0.0.2 - Rivals of Aether v0.0.2)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - Big Robot Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sonic Adventure™ 2  (HKLM-x32\...\Steam App 213610) (Version:  - SEGA)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamTool 1.1 (HKLM-x32\...\{B442D7D6-5153-4DBC-954D-BFFAACACDFDC}_is1) (Version: 1.1 - Stefan Jones)
Street Fighter V Beta (HKLM-x32\...\Steam App 386800) (Version:  - )
Strider (HKLM-x32\...\Steam App 235210) (Version:  - Double Helix Games)
System Requirements Lab Detection (HKLM-x32\...\{0687AB5E-8A5A-42FD-8EA4-49689A593514}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Uplay (HKLM-x32\...\Uplay) (Version: 13.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
V-Station 2.2 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.2 - Novation)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BD122BF139DD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Conor\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
12-12-2015 21:42:44 Windows Update
14-12-2015 11:09:21 Installed DirectX
17-12-2015 21:53:43 Installed LogMeIn Hamachi
22-12-2015 16:59:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
22-12-2015 16:59:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
23-12-2015 22:39:16 JRT Pre-Junkware Removal
23-12-2015 23:03:46 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {005CEE4B-2C3A-4861-B5B1-66D18A025460} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {04FCE915-B0F5-448C-8B10-A0D2E284EC87} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {12592F60-9ECA-4CC9-BD41-A269A7CD5BDE} - System32\Tasks\MySyy76211583ytemy => C:\Program Files (x86)\obscene\concentrate.exe
Task: {18D1CAD0-B4AD-470C-AAC7-F78C9EC4DE2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {1EFF10B7-C838-45DF-8ED2-E1D5755D132F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-conorfreelancer@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {20B73ADF-C425-4917-A1FF-6ECD1BA8CAB7} - \WebDnsio2-daily -> No File <==== ATTENTION
Task: {22F52402-A1ED-41EB-AC4F-27898EA3FED8} - System32\Tasks\Grapyy76211583Updates => C:\Program Files (x86)\obscene\concentrate.exe
Task: {25697FDE-05DE-4734-AF99-529A5CCD0528} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {3B261E2F-822F-460F-A3E5-4AE9B561FB98} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {47FCE398-6093-4A7C-957B-0A72E94CE938} - System32\Tasks\7124009 => C:\Program Files (x86)\fix\tearful.exe <==== ATTENTION
Task: {576AA519-CCA6-4B10-B5B0-E630EAA7307B} - System32\Tasks\306053349554774788 => C:\Program Files (x86)\willing\tall.exe <==== ATTENTION
Task: {633DEDBA-F1E8-430C-83DB-7020D2885BDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {888DCF77-5B34-4A23-A0C8-509F1B865BBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {95E7C926-D5FF-433A-9200-EC411E2227C7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {9FD1A047-567E-4A7C-B3EA-90507B4AE76C} - \WebDnsio2 -> No File <==== ATTENTION
Task: {AB76D8B4-448C-4386-9016-C0DC4AB971D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation)
Task: {BA568E30-9662-464D-BE85-7843FAA009B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {DD392639-42E0-4B22-9A5A-BEF569440970} - System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614 => C:\Program Files (x86)\willing\tall.exe
Task: {DECA92CF-63FB-492A-97E5-758E5CB84C4E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {E098E180-D738-4132-BCBD-ABBF581CB5EA} - System32\Tasks\3639232363923236392323639232 => C:\Program Files (x86)\willing\tall.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FCOzamotn3614,a3d31b70-7d47-4089-902e-a80ffc9af4dc,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-29 08:39 - 2015-07-14 21:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-09-29 08:36 - 2015-11-24 14:32 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-10 09:46 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-29 08:39 - 2015-08-11 04:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-12-22 15:49 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-01 17:52 - 2015-12-14 19:07 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-06-23 14:11 - 2015-06-23 14:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-10-01 13:55 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-01 13:55 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 13:55 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2014-04-17 13:02 - 2014-04-17 13:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-12-09 16:40 - 2015-12-04 12:44 - 00136192 _____ () C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-07-08 01:58 - 2015-07-08 01:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-12-08 18:13 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 18:12 - 2015-11-24 23:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 13:55 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-01 13:55 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-08 18:12 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-12-11 14:40 - 2015-12-11 14:40 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-11 14:40 - 2015-12-11 14:40 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-24 10:17 - 2015-11-24 10:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-29 08:44 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-16 00:24 - 2015-12-15 00:54 - 00782336 _____ () E:\Program Files\Steam\SDL2.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 04962816 _____ () E:\Program Files\Steam\v8.dll
2015-12-19 11:50 - 2015-12-18 21:37 - 02546768 _____ () E:\Program Files\Steam\video.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 02549248 _____ () E:\Program Files\Steam\libavcodec-56.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00491008 _____ () E:\Program Files\Steam\libavformat-56.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00332800 _____ () E:\Program Files\Steam\libavresample-2.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00442880 _____ () E:\Program Files\Steam\libavutil-54.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00485888 _____ () E:\Program Files\Steam\libswscale-3.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 01556992 _____ () E:\Program Files\Steam\icui18n.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 01187840 _____ () E:\Program Files\Steam\icuuc.dll
2015-12-19 11:50 - 2015-12-18 21:37 - 00802896 _____ () E:\Program Files\Steam\bin\chromehtml.DLL
2015-12-16 00:24 - 2015-12-15 00:54 - 00206848 _____ () E:\Program Files\Steam\bin\openvr_api.dll
2015-12-11 20:54 - 2015-10-30 19:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 20:54 - 2015-10-30 19:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 20:54 - 2015-12-08 16:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-11 20:54 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2015-09-30 02:39 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-11 20:54 - 2015-12-08 16:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-11 20:54 - 2015-12-08 16:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-09-30 02:39 - 2015-10-30 20:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-12-16 00:24 - 2015-12-15 00:54 - 47846688 _____ () E:\Program Files\Steam\bin\libcef.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-07 01:04 - 2015-12-07 01:04 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-09-29 10:48 - 2015-09-24 18:56 - 00119208 _____ () E:\Program Files\Steam\winh264.dll
2015-12-03 03:18 - 2015-12-03 03:18 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 03:19 - 2015-12-03 03:19 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2015-12-03 03:19 - 2015-12-03 03:19 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-07 00:56 - 2015-12-07 00:56 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-12-03 03:18 - 2015-12-03 03:18 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-09-29 10:29 - 2015-12-14 14:26 - 50679920 _____ () C:\Users\Conor\AppData\Roaming\Spotify\libcef.dll
2015-09-29 10:29 - 2015-12-14 14:26 - 01882224 _____ () C:\Users\Conor\AppData\Roaming\Spotify\libglesv2.dll
2015-09-29 10:29 - 2015-12-14 14:26 - 00082544 _____ () C:\Users\Conor\AppData\Roaming\Spotify\libegl.dll
2015-11-16 05:48 - 2015-11-16 05:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 40622592 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 00911360 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 00134144 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-10-28 09:14 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-16 02:26 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 02:26 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-646440759-2328756091-327310450-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Conor\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{18998bee-669b-4d2e-9978-03dcb755d6e4}.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "cutoauto"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "cutoauto"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "dutoauto"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99E254CC-805E-4C91-9CFA-52D200F1AB68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{572C0ACB-13AB-4F49-93B6-EA76E268A7D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7BB0690-2B1C-43D3-AAAA-90967F21E2C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BD17D65C-7521-4825-81B2-E92D19CC0A10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{715C7222-53EB-4015-9BB6-543BA4548F31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1DBFD5A3-81F5-4555-BD11-35D526F385BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4D332601-11BD-4B56-A51B-1C2E29F9A5B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7E2C502F-F6B6-44F3-BF87-8526F14010E2}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{476A6147-B014-49A1-BF04-B8E2171B8921}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{8C4DA482-62B0-4A6D-9EC2-FC8BCDC902F5}] => (Allow) E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{FB567B75-8240-42AD-86F6-A14DE528D304}] => (Allow) E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{3866CAC5-15FC-494D-96A2-10CE66B44ED6}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFA6EA5D-7D0E-4771-9660-14DD8D2AA066}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9675D84E-2D18-46C8-B204-F9CB23A19264}] => (Allow) D:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{10C3BD01-C71C-4B30-BA7A-7392209A064E}] => (Allow) D:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{33385FE2-A402-4CA5-BDFB-6DF2323CD610}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{14CFBAFC-3CC9-4608-9882-03C9946AB7E1}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{E3B3E643-7731-430A-AD4F-CE2C59F1F4CF}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{7D8449F8-ABA8-49BD-815A-0549158CB4CE}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{6DF56554-9330-4CF1-95BD-2B1C5374F037}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0A38877A-9D47-461B-9723-A73D88AC838F}C:\users\conor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\conor\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B23B056-3050-4DF1-B519-89C039AEDFA4}C:\users\conor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\conor\appdata\roaming\spotify\spotify.exe
FirewallRules: [{72659D7D-FF79-4083-87D7-CDBE04799CCB}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{BDCB81A8-4574-4897-B3C1-E4CD6F1F5A4B}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5525DB3C-DF26-4FCC-9B81-38C5AA36E888}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{2C2A2CC4-7D3D-448A-98EE-77D81D4F560A}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{D0013DF9-94CD-495E-90D0-09D458F5EEE2}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{1A34C039-44A9-40AC-8EEA-792D3E4B6BBD}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{5718D08F-BEC3-46D8-8687-72F67738A5C6}] => (Allow) E:\Program Files\Steam\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{236C00F0-E964-4A5D-BB82-7891E4194F43}] => (Allow) E:\Program Files\Steam\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{8FE48596-7F73-4893-9937-F15E8DB210B7}] => (Allow) E:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{5F700121-2706-4114-A576-19F88410A1B1}] => (Allow) E:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{1D2038BB-8A75-4F44-8E36-00A1B0A6369B}E:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{AD221209-F141-4B5F-96C1-91D4AC881F3F}E:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{A71D5B00-3ABE-435E-8101-F9C43979299C}] => (Allow) E:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{000A0CC1-62BC-41D9-A367-667CA61F6B73}] => (Allow) E:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70C54F29-343C-4516-B6E1-2AADE55B9AA6}] => (Allow) E:\Program Files\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{9241F7F2-DCFC-4A86-80A2-0E8426C2D6E3}] => (Allow) E:\Program Files\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{EAAC2788-4F4C-4099-B508-74108822143B}] => (Allow) E:\Program Files\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{02E53EC6-8363-4310-8605-1E048CD184F1}] => (Allow) E:\Program Files\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [TCP Query User{221BAD2C-E609-4020-AAD7-8FCE2992ABED}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{311E4EA3-51A8-48F9-8043-56E566921E3B}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{C128CE5E-D874-4475-8F6E-8AF19CA6210B}] => (Allow) E:\Program Files\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{2D66035B-EC66-48EA-82B9-A0F3FE883D86}] => (Allow) E:\Program Files\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{11402DBD-5909-4CCF-A456-249FF593C283}E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{D71FD3F2-0123-4C44-B238-FE9574711A2F}E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{C33BE168-93F8-4825-8BAF-9AD22A5A7666}] => (Allow) E:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7B584BC9-F81D-4EB2-BB09-D5D51A267C3A}] => (Allow) E:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{53042488-796D-4AC8-BAA6-28C2A0C44068}E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe] => (Allow) E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe
FirewallRules: [UDP Query User{300CCB6B-975D-466E-961F-6C1C405FCBBA}E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe] => (Allow) E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe
FirewallRules: [{C1D22C08-108C-49F6-9092-F4DFDCADC905}] => (Allow) E:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{3E08A41A-ACD5-4ADD-B532-D403E168F73A}] => (Allow) E:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{870D24C7-CC0A-40DB-A87A-1DF3B4E80529}] => (Allow) E:\Program Files\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FB5FDCBF-C3FD-498D-8E4A-75A303B9B007}] => (Allow) E:\Program Files\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{840E743F-B1B2-4BE3-AB11-EB33E5B72B3A}] => (Allow) E:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1E51E27C-A671-442D-B3E8-780C7F8A4216}] => (Allow) E:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{AF6E1884-DD8E-41A2-9B9D-193FD975AAD9}] => (Allow) E:\Program Files\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{532894AE-32C5-46A6-AB31-16D539540B14}] => (Allow) E:\Program Files\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [TCP Query User{F190FC36-848D-425E-8638-0E2FC3A26C62}E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3ACC9A9C-7E7B-44A9-BD81-A68BD443E438}E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{86CDC47D-55B8-4509-AD25-7EACD3BB1ED5}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{9EB4EF72-736F-48AD-A02E-B7C0FD33AF87}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{F7AF53BF-3BB6-4BD2-AA1A-F634AECB6C12}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{B5E20C7C-C64C-4F07-857D-B38459CCF266}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{1102863E-F1B9-4075-B0E8-703EB2F71708}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{82ADCEE3-4E46-488E-BF12-B4BDB4A4F5CB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B9F77E40-902C-4DDD-BEE6-43C76DC84CEB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FA9293C9-6E49-4C6A-8B0F-9B786192B22F}] => (Allow) E:\Program Files\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{9A871263-846D-4D75-8F93-6CEC19E20288}] => (Allow) E:\Program Files\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{0D0C941F-C9F3-4F16-84D9-628022AFA8C3}] => (Allow) E:\Program Files\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{6E253ABE-4CB5-4903-8938-36BA681CBB2D}] => (Allow) E:\Program Files\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{0203CE1A-015F-4745-AD82-E57C7D0A679A}] => (Allow) E:\Program Files\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{7BF90791-63A8-41C8-8E9D-7564A6E20648}] => (Allow) E:\Program Files\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [TCP Query User{D22F9E10-097B-41A8-A00E-53854213C88B}E:\program files\halo\eldorado.exe] => (Allow) E:\program files\halo\eldorado.exe
FirewallRules: [UDP Query User{6DC9E39A-41F8-4F33-A15D-2DD7B16E2183}E:\program files\halo\eldorado.exe] => (Allow) E:\program files\halo\eldorado.exe
FirewallRules: [{42FDE941-7738-4270-B046-89F6EDE7EF77}] => (Allow) E:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{2C596465-E9EE-4FB5-974D-CA1D7183AA7D}] => (Allow) E:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{83536318-AC0C-40C2-8488-D316AE7047AC}] => (Allow) E:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{673356EF-A73F-4B8D-A696-ED2C1B00A913}] => (Allow) E:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{E099657F-093F-4B8F-9191-1C686F875CCB}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{C9A21DD7-7178-46CD-96F8-9BEEC8029855}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{5BDD939D-3EF5-4112-BCE5-DCC8372E994A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{FAAB4B5E-D696-44CA-A536-88D565FF2972}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{57279828-1EF0-4EB5-A3B0-75E4A1876667}E:\program files\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [UDP Query User{E45D39E2-B446-46E9-ABAC-9233A12BEF47}E:\program files\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [{F70A59E8-15B7-46DE-BA5E-51695E68DDB9}] => (Allow) E:\Program Files\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{0ACDA4C3-F347-428F-AFE8-5612C2AD8359}] => (Allow) E:\Program Files\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{47224762-488F-4FA3-9E96-4B10661CFF60}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{ABACE77B-0054-479D-B859-B4217BC628FD}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{965CF456-D4F7-4074-BC70-566F36322B49}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{BAB3C23C-C351-4499-97F8-76DE83133994}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D785A00D-1599-41BB-86A3-D27885AD20F7}] => (Allow) E:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1E22BB12-2F2E-4A75-BDBB-5BA333F0C1DE}] => (Allow) E:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{A0F0B841-273B-4B62-B366-E88AFE6E4401}] => (Allow) E:\Program Files\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{DE5D4AC6-F832-4650-BDB2-610683A8FB08}] => (Allow) E:\Program Files\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [TCP Query User{846F320C-126A-492F-8A38-8964C56FFA74}E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{51B11A4F-CA81-4EFB-96CC-5BEB0A7844CC}E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{A3F9B851-55E7-4E98-95C3-9722350D2B11}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{43673E18-131D-4302-BD6D-F92691AF1DF3}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C30AAFEE-DE13-4D2D-A8D3-0DDC86751378}] => (Allow) E:\Program Files\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2D4C7296-ADE5-4D34-966A-A7EE265AB87D}] => (Allow) E:\Program Files\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5F4137E6-BD55-401D-BEDC-120158A5CD69}] => (Allow) E:\Program Files\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{194B8CC8-9298-41C5-95B4-5318B646B031}] => (Allow) E:\Program Files\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{E46BFE42-71B4-422B-BFA8-9A779FBF2D4C}] => (Allow) E:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{9F07AD12-1D36-4CA7-9C70-C3820AD77D30}] => (Allow) E:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{C5D8095B-7F78-4786-94F2-645EA910CDBA}] => (Allow) E:\Program Files\Steam\steamapps\common\Citizens of Earth\CitizensOfEarth.exe
FirewallRules: [{9AC05C66-B01A-412A-8C4A-EEC28EBBFABB}] => (Allow) E:\Program Files\Steam\steamapps\common\Citizens of Earth\CitizensOfEarth.exe
FirewallRules: [{A1F0BDD5-E6BF-4D49-83C6-9110EB36D5C1}] => (Allow) E:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F290E1C7-7E8A-43AF-8C5E-ADF2D178329E}] => (Allow) E:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{06B242E8-E773-43DE-87B5-FD08A2DF5F5A}] => (Allow) E:\Program Files\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{D6CF9E9F-9C63-4D68-912F-BBF2D6257E04}] => (Allow) E:\Program Files\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{23572C56-1D47-4911-9914-E6B0526F156E}] => (Allow) E:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{E06D0410-16B8-440C-8609-4F2BDA0FF042}] => (Allow) E:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F7D4971E-B855-4DB2-8C4C-C36DA8AFF2FC}] => (Allow) E:\Program Files\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{9F81BD22-36C0-433B-9929-DBC029867349}] => (Allow) E:\Program Files\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{963D66C8-FD49-4A36-9174-F005328612BD}] => (Allow) E:\Program Files\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{4AB70F61-54CE-4B55-B385-70EA276FB464}] => (Allow) E:\Program Files\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [TCP Query User{9A2CF29B-CEB3-4AD0-9D46-56B28C5D1DE7}E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C236348D-F982-4FAF-A559-630A46CF4B16}E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{55BF272A-18E1-4502-81E6-82F0B16DFC67}E:\program files\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\program files\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{7E3FE2FA-3112-4B2C-9CA5-63EBD870FF86}E:\program files\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\program files\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{68E5D475-3549-4A99-A2C1-8399CC39D0F1}] => (Allow) E:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{93C3C0D6-26C4-42D7-A09A-DCDF7C7B9304}] => (Allow) E:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{781B3471-3B29-4FA2-AE8A-299E57013EFC}] => (Allow) E:\Program Files\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{12D295AB-ED6E-4E20-9382-6685014540A4}] => (Allow) E:\Program Files\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [TCP Query User{D1E9D4A4-B7E0-4EBA-82EE-5A908DE3535C}C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe
FirewallRules: [UDP Query User{B6D9BD02-F8DD-48CE-B348-F3DB4A743EF6}C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe
FirewallRules: [TCP Query User{3AF5C2D4-7056-4B26-8967-6689CAFE9ACF}C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe
FirewallRules: [UDP Query User{1FB5497B-76EC-4C19-9E71-48CEAA160900}C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe
FirewallRules: [{93E45EB9-D752-428A-8E73-8717171A9EBC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E4941D0A-6C1A-4895-9778-DB2BFB892D49}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BA11BFCB-1070-41C8-B796-D7A7F8351F62}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{5DC52216-9747-4885-84A8-6A4292187C3C}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A39652E5-959D-48D3-816B-82E9C9ECEF67}] => (Allow) E:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C115C17F-1684-4B09-A518-B58385AA4BA6}] => (Allow) E:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{8797EA87-D888-47EC-8F35-ECB1354E538B}] => (Allow) E:\Program Files\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{F402ABAE-2F16-4CC4-951A-1F871D271DF7}] => (Allow) E:\Program Files\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{194E10A7-0881-42E6-AD09-ABC1A225E61D}] => (Allow) E:\Program Files\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{43ABA683-7323-4626-9630-88D027A3A525}] => (Allow) E:\Program Files\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{21554AA2-F135-4B85-96B0-DE7E7596E8B2}] => (Allow) E:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{8374A94A-75D0-4CD7-89D9-95EEB79D14B7}] => (Allow) E:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E9851236-4227-4BCB-883F-D12963B4A0D1}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{BA3F53A3-44D3-4F63-A979-478E0CFDCA0C}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{079959B9-4B07-4140-ACE3-FB99FB8C8E1F}] => (Allow) E:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E75245A1-886F-49E5-8BD5-EED350687707}] => (Allow) E:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [TCP Query User{1B6B0439-F589-4CC7-959E-DFA1630B6CB0}E:\program files\diablo iii\diablo iii.exe] => (Allow) E:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D291B5DB-8229-4BD7-9AE5-E4322FC3C68D}E:\program files\diablo iii\diablo iii.exe] => (Allow) E:\program files\diablo iii\diablo iii.exe
FirewallRules: [{2F3118A7-F634-4959-867B-DDB1B7EB0B46}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A11B9933-23D2-4F89-B6F2-6CFCA61E30FA}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D9644D75-43BB-4FC6-80D2-ACD4774FF797}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{594A9A5F-3E5B-4870-A892-09E6501DBE91}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C2921FBC-9323-43C8-8417-5E2F5FEEBFEE}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C617F68C-1F4F-4847-AB0D-58AECA578E67}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{73DDB204-34D8-4FEB-8028-AE601E41CF4D}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6F9F2A29-A5CA-4FA4-8BA6-AF1A03D117F5}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{85812CEE-9A58-4136-B956-5BFE1BEC68B6}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6208A463-D8B2-4129-9644-19F11599279B}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D4CF083E-134C-447E-BA43-E4591FFDF11A}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B2A3B5E2-E391-4F34-ABD1-B96B8596E7BE}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{194E3CF4-BD3E-431C-A57C-E74B49767002}] => (Allow) E:\Program Files\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{6167435B-6D5C-42EE-8FC6-87CE92583527}] => (Allow) E:\Program Files\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{7E28B548-E48A-4173-AD17-4708ACB2EC38}] => (Allow) E:\Program Files\Steam\steamapps\common\StreetFighterVBeta\StreetFighterVBeta.exe
FirewallRules: [{77201D2C-EF5A-41FB-9792-5A60DC763868}] => (Allow) E:\Program Files\Steam\steamapps\common\StreetFighterVBeta\StreetFighterVBeta.exe
FirewallRules: [{B2D7705C-78D0-4F08-A687-E77A2BA670BE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{430E1C72-3C06-42DA-9E3A-98D7292A6E24}E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{210498A1-B2E0-48EE-81E1-CFDE18C3EF0E}E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{9D0CC211-BC84-4F5E-AF65-63EE7C6E3ABC}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{4DA58C7D-807D-43DA-BE8D-03BCE8E9BC10}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{35D34717-D1B1-48B1-A74A-6459C015393C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C8F1887-32B4-47B0-8725-80366DB25267}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{19DE7C44-2BBB-447D-92A2-9C6CC2CFBB73}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6C5AA06B-A7F8-4BCF-9706-3BB036EF31A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{443E1E36-69EB-426C-8B2F-9E1358F91010}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{18A7F9B5-BDFD-440B-AB19-23EF7B24F4F7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{F97D8897-5C53-4129-B769-E8451795B357}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{6ECFDCC8-A717-49E0-B011-F8F08E07B809}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0A7144C9-63EB-4FA4-8CB4-6AE84F37A91F}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{177CB283-B9F3-4492-967C-44CCD3357AAC}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{C4FD61E9-BD9C-41E1-8135-246E6EFDA4E0}E:\program files\hearthstone\hearthstone.exe] => (Allow) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7F799282-0181-45F5-BC23-8A98EC43E8BC}E:\program files\hearthstone\hearthstone.exe] => (Allow) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{9FA84C89-2F27-403D-B7CE-A6A90BB24CBA}] => (Block) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{FBC74CA1-7827-4FAF-A1A3-ACFC345C514D}] => (Block) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{FA078823-2DF0-48EB-8A02-C123A4198249}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2C999985-418E-4682-AAFB-5A7D6538082F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2FD2505D-DAF8-4EDB-9392-DC40D75C578B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9BB31C00-5497-48CE-99F4-7D1E68CC9108}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{99A6BCE2-C7CE-4F3B-88BF-460C98DFF704}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A634BB80-849F-44A6-A4FC-7724531F66FE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BF5550B6-9474-4DF2-85B2-EBC0D22DA242}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2810CFBF-B89C-41AC-9893-FD6385278DFD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{74B048BA-8D65-457A-9045-D4F28DB26345}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BE317E27-751B-4A06-A94C-A3DC9AE1F3F4}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{5A63B075-960A-4D7D-8083-B22A2F13AC03}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A84E78EB-46F1-4DE1-8FF4-9809BF7ACCAA}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{58728FD3-0A6E-45CA-9867-118C55F242F5}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{52E3C14A-5CA3-4179-B7E6-4B7F411F2D23}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{EB5C6D97-6F95-46D3-A0F7-98FB78F5F247}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4ADDF9BC-65FD-4D73-B240-B638A3BCDA6A}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{FD8C8B44-1A8E-4BB3-BDCA-2D48C412AD1B}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{608612DB-9CEC-4EE7-A385-16FA54B4CC4B}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{759285BB-D4AF-4893-A68A-A2109EF3BAE2}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{431AE0D4-2508-4D6D-AEB6-6C1F38722FD3}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{D9D9BF14-8F67-4E5B-B990-B42570816293}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{739658A6-0FF0-4AF3-9975-FAAADA8F7225}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{5E7248A6-1867-417A-A874-762DA2240714}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{FCE73982-A1E1-45F8-BEE7-9163448EF90F}] => (Allow) C:\Program Files (x86)\willing\tall.exe
FirewallRules: [{9E1812F2-FADD-4EAD-833C-4868D7C98F9A}] => (Allow) C:\Program Files (x86)\willing\tall.exe
FirewallRules: [{F32B4E9A-2CFA-4B49-A192-AD6ADA4E70F9}] => (Allow) C:\Program Files (x86)\willing\getcap.exe
FirewallRules: [{08D4B9B0-90C8-4A48-87C7-42C4EB11CEA0}] => (Allow) C:\Program Files (x86)\willing\getcap.exe
FirewallRules: [{CC68CD1E-C664-4BA7-B6CF-9F48147E10E9}] => (Allow) C:\a\winonit.exe
FirewallRules: [{C360CF54-0ED4-44B3-8300-9B4A3B984D72}] => (Allow) C:\a\winonit.exe
FirewallRules: [{A4303613-C6CE-432F-B951-CB5C10E24A8C}] => (Allow) C:\Program Files (x86)\willing\spade.exe
FirewallRules: [{C23F0E8C-4EA6-4AC2-9F69-4AFBA83A3D7A}] => (Allow) C:\Program Files (x86)\willing\spade.exe
FirewallRules: [{4C09F77A-C8B6-4AD3-9EA8-4E512C8185F9}] => (Allow) C:\a\vchk.exe
FirewallRules: [{A0B5095E-0A9D-4629-8408-092D0E86F2E2}] => (Allow) C:\a\vchk.exe
FirewallRules: [{272288E9-6873-46D1-8E18-8A1B3C9417DF}] => (Allow) C:\a\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614.exe
FirewallRules: [{1C1FFC03-2750-4F88-A34F-F7159C3E05A8}] => (Allow) C:\a\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614.exe
FirewallRules: [{60D73C59-83DF-408D-B591-BAE7A6E951B5}] => (Allow) C:\Program Files (x86)\obscene\concentrate.exe
FirewallRules: [{A2D05FEE-07D4-4D7F-9490-CB6CD4816146}] => (Allow) C:\Program Files (x86)\obscene\concentrate.exe
FirewallRules: [{8A6E8284-9433-49F5-9B34-BF20B08D3785}] => (Allow) C:\Program Files (x86)\fix\tearful.exe
FirewallRules: [{D9B7C4EA-F2B0-4E4B-826C-D2DAC750FB3F}] => (Allow) C:\Program Files (x86)\fix\tearful.exe
FirewallRules: [{DA8D01D7-2620-44E1-BB16-6C413726E10E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{AA8CDCB8-7161-4D56-86D5-579ADA5647F8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{69193BDF-34E4-4102-89CE-25FED07D5941}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
FirewallRules: [{751A9628-2637-417A-BD1D-77E7CC0FA49F}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{D6E24316-BFFD-4CCD-9AD3-5C896ADEF87D}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{4B7FCC22-5DD5-4265-B3A2-C16CF21BF54C}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{6EAF1D57-C706-408A-A795-2529DAF5C9CA}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\GAME.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2015 03:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GAME.exe, version: 0.0.0.0, time stamp: 0x56702c29
Faulting module name: GAME.exe, version: 0.0.0.0, time stamp: 0x56702c29
Exception code: 0xc00000fd
Fault offset: 0x007329ac
Faulting process id: 0x300c
Faulting application start time: 0xGAME.exe0
Faulting application path: GAME.exe1
Faulting module path: GAME.exe2
Report Id: GAME.exe3
Faulting package full name: GAME.exe4
Faulting package-relative application ID: GAME.exe5
 
Error: (12/24/2015 03:13:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 01:41:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 01:41:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 09:18:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6756) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 09:18:00 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6756) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 09:17:49 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6756) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 09:17:49 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6756) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 09:17:39 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6756) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 09:17:39 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6756) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/24/2015 09:21:22 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (12/24/2015 09:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The claim service failed to start due to the following error: 
%%2
 
Error: (12/24/2015 09:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scare service failed to start due to the following error: 
%%2
 
Error: (12/24/2015 09:15:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/24/2015 09:15:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/24/2015 09:15:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/24/2015 09:15:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/24/2015 09:11:25 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (12/24/2015 09:05:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The claim service failed to start due to the following error: 
%%2
 
Error: (12/24/2015 09:05:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The scare service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2015-12-23 20:32:58.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 20:32:58.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-08 16:43:39.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-08 16:43:39.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 23:08:38.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 23:08:38.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 01:52:58.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 01:52:58.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-05 19:43:06.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-05 19:43:06.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8140.77 MB
Available physical RAM: 4257.54 MB
Total Virtual: 10828.77 MB
Available Virtual: 5557.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.4 GB) (Free:156.45 GB) NTFS
Drive e: (Mass Media Storage) (Fixed) (Total:1863.01 GB) (Free:958.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3683339B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E1DCAF39)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 25 December 2015 - 10:57 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\willing\spade.exe
    HKLM\...\Run: [interpee] => C:\Program Files (x86)\willing\tall.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    S2 axiomatic; C:\Windows\pear.exe [X]
    S2 cynical; C:\Windows\fetch.exe [X]
    2015-12-23 23:16 - 2015-12-23 23:16 - 00000000 ____D C:\Users\Conor\AppData\Local\yuntnani
    2015-12-23 20:31 - 2015-12-24 08:32 - 00004434 _____ C:\Windows\System32\Tasks\306053349554774788
    2015-12-23 20:31 - 2015-12-24 01:32 - 00003746 _____ C:\Windows\System32\Tasks\3639232363923236392323639232
    2015-12-23 20:31 - 2015-12-23 23:04 - 00003922 _____ C:\Windows\System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614
    2015-12-23 20:31 - 2015-12-23 20:54 - 00003902 _____ C:\Windows\System32\Tasks\Grapyy76211583Updates
    2015-12-23 20:31 - 2015-12-23 20:54 - 00003738 _____ C:\Windows\System32\Tasks\MySyy76211583ytemy
    2015-12-23 20:31 - 2015-12-23 20:31 - 00003854 _____ C:\Windows\System32\Tasks\7124009
    2015-12-23 20:31 - 2015-12-23 20:31 - 00002560 _____ C:\Users\Conor\AppData\Local\uninstall.exe
    2015-12-23 20:30 - 2015-12-23 20:31 - 00000000 ____D C:\Users\Conor\AppData\Local\62672966
    CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BD122BF139DD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => 
    C:\Program Files (x86)\willing
    C:\Program Files\KMSpico\
    C:\Program Files (x86)\obscene
    Task: {12592F60-9ECA-4CC9-BD41-A269A7CD5BDE} - System32\Tasks\MySyy76211583ytemy => C:\Program Files (x86)\obscene\concentrate.exe
    Task: {20B73ADF-C425-4917-A1FF-6ECD1BA8CAB7} - \WebDnsio2-daily -> No File 
    Task: {22F52402-A1ED-41EB-AC4F-27898EA3FED8} - System32\Tasks\Grapyy76211583Updates => C:\Program Files (x86)\obscene\concentrate.exe
    Task: {3B261E2F-822F-460F-A3E5-4AE9B561FB98} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
    Task: {47FCE398-6093-4A7C-957B-0A72E94CE938} - System32\Tasks\7124009 => C:\Program Files (x86)\fix\tearful.exe 
    Task: {576AA519-CCA6-4B10-B5B0-E630EAA7307B} - System32\Tasks\306053349554774788 => C:\Program Files (x86)\willing\tall.exe 
    Task: {9FD1A047-567E-4A7C-B3EA-90507B4AE76C} - \WebDnsio2 -> No File 
    Task: {DD392639-42E0-4B22-9A5A-BEF569440970} - System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614 => C:\Program Files (x86)\willing\tall.exe
    Task: {E098E180-D738-4132-BCBD-ABBF581CB5EA} - System32\Tasks\3639232363923236392323639232 => C:\Program Files (x86)\willing\tall.exe 
    RemoveProxy:
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 cobrien

cobrien
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 25 December 2015 - 09:14 PM

Hi, thanks again for a quick reply! :)
 
-----
 
Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Conor (2015-12-25 21:05:09) Run:1
Running from C:\Users\Conor\Desktop\FRST64
Loaded Profiles: Conor (Available Profiles: Conor)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\willing\spade.exe
HKLM\...\Run: [interpee] => C:\Program Files (x86)\willing\tall.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
S2 axiomatic; C:\Windows\pear.exe [X]
S2 cynical; C:\Windows\fetch.exe [X]
2015-12-23 23:16 - 2015-12-23 23:16 - 00000000 ____D C:\Users\Conor\AppData\Local\yuntnani
2015-12-23 20:31 - 2015-12-24 08:32 - 00004434 _____ C:\Windows\System32\Tasks\306053349554774788
2015-12-23 20:31 - 2015-12-24 01:32 - 00003746 _____ C:\Windows\System32\Tasks\3639232363923236392323639232
2015-12-23 20:31 - 2015-12-23 23:04 - 00003922 _____ C:\Windows\System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614
2015-12-23 20:31 - 2015-12-23 20:54 - 00003902 _____ C:\Windows\System32\Tasks\Grapyy76211583Updates
2015-12-23 20:31 - 2015-12-23 20:54 - 00003738 _____ C:\Windows\System32\Tasks\MySyy76211583ytemy
2015-12-23 20:31 - 2015-12-23 20:31 - 00003854 _____ C:\Windows\System32\Tasks\7124009
2015-12-23 20:31 - 2015-12-23 20:31 - 00002560 _____ C:\Users\Conor\AppData\Local\uninstall.exe
2015-12-23 20:30 - 2015-12-23 20:31 - 00000000 ____D C:\Users\Conor\AppData\Local\62672966
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BD122BF139DD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => 
C:\Program Files (x86)\willing
C:\Program Files\KMSpico\
C:\Program Files (x86)\obscene
Task: {12592F60-9ECA-4CC9-BD41-A269A7CD5BDE} - System32\Tasks\MySyy76211583ytemy => C:\Program Files (x86)\obscene\concentrate.exe
Task: {20B73ADF-C425-4917-A1FF-6ECD1BA8CAB7} - \WebDnsio2-daily -> No File 
Task: {22F52402-A1ED-41EB-AC4F-27898EA3FED8} - System32\Tasks\Grapyy76211583Updates => C:\Program Files (x86)\obscene\concentrate.exe
Task: {3B261E2F-822F-460F-A3E5-4AE9B561FB98} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {47FCE398-6093-4A7C-957B-0A72E94CE938} - System32\Tasks\7124009 => C:\Program Files (x86)\fix\tearful.exe 
Task: {576AA519-CCA6-4B10-B5B0-E630EAA7307B} - System32\Tasks\306053349554774788 => C:\Program Files (x86)\willing\tall.exe 
Task: {9FD1A047-567E-4A7C-B3EA-90507B4AE76C} - \WebDnsio2 -> No File 
Task: {DD392639-42E0-4B22-9A5A-BEF569440970} - System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614 => C:\Program Files (x86)\willing\tall.exe
Task: {E098E180-D738-4132-BCBD-ABBF581CB5EA} - System32\Tasks\3639232363923236392323639232 => C:\Program Files (x86)\willing\tall.exe 
RemoveProxy:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\interpee => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
axiomatic => service removed successfully
cynical => service removed successfully
C:\Users\Conor\AppData\Local\yuntnani => moved successfully
C:\Windows\System32\Tasks\306053349554774788 => moved successfully
C:\Windows\System32\Tasks\3639232363923236392323639232 => moved successfully
C:\Windows\System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614 => moved successfully
C:\Windows\System32\Tasks\Grapyy76211583Updates => moved successfully
C:\Windows\System32\Tasks\MySyy76211583ytemy => moved successfully
C:\Windows\System32\Tasks\7124009 => moved successfully
C:\Users\Conor\AppData\Local\uninstall.exe => moved successfully
C:\Users\Conor\AppData\Local\62672966 => moved successfully
"HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BD122BF139DD}" => key removed successfully
"C:\Program Files (x86)\willing" => not found.
"C:\Program Files\KMSpico" => not found.
"C:\Program Files (x86)\obscene" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12592F60-9ECA-4CC9-BD41-A269A7CD5BDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12592F60-9ECA-4CC9-BD41-A269A7CD5BDE}" => key removed successfully
C:\Windows\System32\Tasks\MySyy76211583ytemy => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySyy76211583ytemy" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20B73ADF-C425-4917-A1FF-6ECD1BA8CAB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20B73ADF-C425-4917-A1FF-6ECD1BA8CAB7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDnsio2-daily => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22F52402-A1ED-41EB-AC4F-27898EA3FED8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22F52402-A1ED-41EB-AC4F-27898EA3FED8}" => key removed successfully
C:\Windows\System32\Tasks\Grapyy76211583Updates => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Grapyy76211583Updates" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B261E2F-822F-460F-A3E5-4AE9B561FB98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B261E2F-822F-460F-A3E5-4AE9B561FB98}" => key removed successfully
C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47FCE398-6093-4A7C-957B-0A72E94CE938}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47FCE398-6093-4A7C-957B-0A72E94CE938}" => key removed successfully
C:\Windows\System32\Tasks\7124009 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7124009" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{576AA519-CCA6-4B10-B5B0-E630EAA7307B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{576AA519-CCA6-4B10-B5B0-E630EAA7307B}" => key removed successfully
C:\Windows\System32\Tasks\306053349554774788 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\306053349554774788" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FD1A047-567E-4A7C-B3EA-90507B4AE76C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD1A047-567E-4A7C-B3EA-90507B4AE76C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDnsio2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD392639-42E0-4B22-9A5A-BEF569440970}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD392639-42E0-4B22-9A5A-BEF569440970}" => key removed successfully
C:\Windows\System32\Tasks\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E098E180-D738-4132-BCBD-ABBF581CB5EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E098E180-D738-4132-BCBD-ABBF581CB5EA}" => key removed successfully
C:\Windows\System32\Tasks\3639232363923236392323639232 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3639232363923236392323639232" => key removed successfully
 
========= RemoveProxy: =========
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-646440759-2328756091-327310450-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-646440759-2328756091-327310450-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:06:23 ====
 
-----
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Conor (administrator) on OBRIEN-PC (25-12-2015 21:13:11)
Running from C:\Users\Conor\Desktop\FRST64
Loaded Profiles: Conor (Available Profiles: Conor)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(LogMeIn Inc.) E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(LogMeIn, Inc.) E:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) E:\Program Files\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Valve Corporation) E:\Program Files\Steam\bin\steamwebhelper.exe
(Razer, Inc.) C:\Users\Conor\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [Steam] => E:\Program Files\Steam\steam.exe [3013200 2015-12-18] (Valve Corporation)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [Spotify Web Helper] => C:\Users\Conor\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-14] (Spotify Ltd)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Run: [GoogleChromeAutoLaunch_4CCC78AC4FCD38F47BBCF00FBCBB8985] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\MountPoints2: {90d8a80c-66aa-11e5-9bc2-806e6f6e6963} - "D:\DVDSetup.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-29]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-12-09]
ShortcutTarget: AudioSwitch.lnk -> C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe ()
Startup: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RzSynapse.lnk [2015-12-25]
ShortcutTarget: RzSynapse.lnk -> C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83599423-3d18-4b15-ad28-7e8010ab81e3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{943af3f1-c45e-49e7-a491-fd6db701e4cf}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-646440759-2328756091-327310450-1001 -> {1775000E-DF5D-41AD-9AAE-DDA63805B580} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=FCOzamotn3614,a3d31b70-7d47-4089-902e-a80ffc9af4dc,&vp=ch&prd=set_ch
CHR NewTab: Default -> "chrome-extension://haafibkemckmbknhfkiiniobjpgkebko/index.html#/"
CHR Profile: C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2015-12-20]
CHR Extension: (Google Drive) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Adguard AdBlocker) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (reShape - Craigslist) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfgpklfbmmflakiadcefbjmokalnghm [2015-11-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Timer) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2015-09-29]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-09-29]
CHR Extension: (Google Play Music) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-08]
CHR Extension: (Google Sheets) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Bookmark Manager) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-11-11]
CHR Extension: (Panda 4 
 News & Inspiration Dashboard) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\haafibkemckmbknhfkiiniobjpgkebko [2015-12-22]
CHR Extension: (Dropbox) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-09-29]
CHR Extension: (Facebook Flat) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2015-12-18]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2015-09-29]
CHR Extension: (Steam Database) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2015-12-23]
CHR Extension: (Coupons at Checkout) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2015-12-09]
CHR Extension: (Window Resizer) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-10-28]
CHR Extension: (Google Maps) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-29]
CHR Extension: (Google Hangouts) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (friends feed) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlenanfmnogchfccgdadohbacedphodd [2015-12-20]
CHR Extension: (Enhanced Steam) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-12-22]
CHR Extension: (Readability) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2015-12-08]
CHR Extension: (Gmail) - C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-30] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-06] (EasyAntiCheat Ltd)
S3 GalaxyClientService; E:\Program Files\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-14] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-22] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
R2 Hamachi2Svc; E:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2546184 2015-11-12] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-14] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [51200 2015-11-19] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 EvoSvc; "E:\Program Files\Echobit\Evolve\EvoSvc.exe" -service -logfile "C:\ProgramData\Echobit\Evolve\EvoSvc.log"
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-09-29] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-29] (Intel Corporation)
R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [376840 2015-10-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\Conor\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 cpuz138; \??\C:\Users\Conor\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 21:07 - 2015-12-25 21:07 - 00016148 _____ C:\Windows\system32\OBRIEN-PC_Conor_HistoryPrediction.bin
2015-12-25 18:02 - 2015-12-25 18:02 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Yacht Club Games
2015-12-25 17:58 - 2015-12-25 21:06 - 00000000 ____D C:\Users\Conor\Desktop\FRST64
2015-12-25 17:54 - 2015-12-25 17:54 - 00289203 _____ C:\Users\Conor\Downloads\MAME_v143.zip
2015-12-25 17:54 - 2015-12-25 17:54 - 00000762 _____ C:\Users\Conor\Desktop\mGalaxy_Runway.lnk
2015-12-25 17:54 - 2015-12-25 17:54 - 00000733 _____ C:\Users\Conor\Desktop\mGalaxy.lnk
2015-12-25 17:54 - 2015-12-25 17:54 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mGalaxy
2015-12-25 17:53 - 2015-12-25 17:54 - 05010105 _____ C:\Users\Conor\Downloads\mGalaxy_Setup.exe
2015-12-25 15:50 - 2015-12-25 15:50 - 00000000 ____D C:\Users\Conor\Downloads\TL-WDN4800_Driver_V1_140506
2015-12-25 15:50 - 2015-12-25 15:50 - 00000000 ____D C:\ProgramData\TP-LINK
2015-12-25 15:50 - 2015-12-25 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-12-25 15:50 - 2014-04-30 04:32 - 00009932 _____ C:\Windows\system32\athwbx.cat
2015-12-25 15:50 - 2013-11-13 16:05 - 03880448 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-12-25 15:50 - 2013-11-13 16:05 - 03880448 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athwbx.sys
2015-12-25 15:49 - 2015-12-25 15:49 - 21213039 _____ C:\Users\Conor\Downloads\TL-WDN4800_Driver_V1_140506.zip
2015-12-25 15:43 - 2015-12-25 15:43 - 00000000 ____D C:\Users\Conor\AppData\Local\NetworkTiles
2015-12-24 16:22 - 2015-12-25 21:13 - 00000000 ____D C:\FRST
2015-12-24 08:38 - 2015-12-24 08:38 - 00000000 ____D C:\AdwCleaner
2015-12-23 23:05 - 2015-12-23 23:05 - 00000000 ___HD C:\$SysReset
2015-12-23 22:32 - 2015-12-23 23:16 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 21:45 - 2015-12-23 22:25 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-23 21:45 - 2015-12-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 21:41 - 2015-12-24 08:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 21:41 - 2015-12-23 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-23 21:39 - 2015-12-23 21:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 21:39 - 2015-12-23 21:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-23 21:39 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-23 21:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-23 20:32 - 2015-12-23 20:32 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-12-23 20:30 - 2015-12-23 20:30 - 00000097 _____ C:\Users\Conor\AppData\Local\dottmpfile.txt
2015-12-23 20:30 - 2015-12-23 20:30 - 00000000 ____D C:\Users\Conor\AppData\Local\2704469
2015-12-23 10:58 - 2015-12-24 15:44 - 00000000 ____D C:\Users\Conor\AppData\Local\CrashDumps
2015-12-22 21:57 - 2015-12-22 21:57 - 00000785 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2015-12-22 21:57 - 2015-12-22 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-22 21:57 - 2015-12-22 21:57 - 00000000 ____D C:\ProgramData\GOG.com
2015-12-22 21:45 - 2015-12-22 21:45 - 00000000 ____D C:\Users\Conor\AppData\LocalLow\Adobe
2015-12-22 21:44 - 2015-12-22 21:44 - 00003664 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-conorfreelancer@gmail.com
2015-12-22 17:00 - 2015-12-22 17:03 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-22 17:00 - 2015-12-22 17:00 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-12-22 17:00 - 2015-12-22 17:00 - 00000000 ____D C:\Users\Conor\Documents\Adobe
2015-12-22 16:59 - 2015-12-22 17:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-22 16:59 - 2015-12-22 17:01 - 00000000 ____D C:\Program Files\Adobe
2015-12-22 16:54 - 2015-12-25 21:08 - 00000000 ___RD C:\Users\Conor\Creative Cloud Files
2015-12-22 16:54 - 2015-12-25 21:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-22 16:53 - 2015-12-22 16:59 - 00000000 ____D C:\ProgramData\Adobe
2015-12-22 16:53 - 2015-12-22 16:53 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-12-22 16:53 - 2015-12-22 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-22 16:51 - 2015-12-25 21:08 - 00000000 ____D C:\Users\Conor\AppData\Local\Adobe
2015-12-21 17:38 - 2015-12-21 17:38 - 00001288 _____ C:\Users\Conor\Desktop\aseprite.lnk
2015-12-21 17:38 - 2015-12-21 17:38 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Aseprite
2015-12-20 15:35 - 2015-12-20 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-12-20 15:26 - 2015-12-20 15:26 - 00001266 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2015-12-20 15:26 - 2015-12-20 15:26 - 00000000 ____D C:\Users\Conor\AppData\Local\PopcornTimeDesktop
2015-12-20 15:26 - 2015-12-20 15:26 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-12-18 19:03 - 2015-12-18 19:03 - 00000671 _____ C:\Users\Conor\Desktop\osu!.lnk
2015-12-18 19:03 - 2015-12-18 19:03 - 00000671 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-12-18 14:37 - 2015-12-18 14:37 - 00000809 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-18 14:37 - 2015-12-18 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-17 21:53 - 2015-12-17 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-12-17 12:33 - 2015-12-17 12:33 - 00000757 _____ C:\Users\Conor\Desktop\Dolphin.lnk
2015-12-16 17:41 - 2015-12-16 17:41 - 00000000 ____D C:\Users\Conor\AppData\Local\StreetFighterVBeta
2015-12-16 00:49 - 2015-12-16 00:49 - 00000000 ____D C:\Users\Conor\AppData\Local\Blizzard
2015-12-16 00:47 - 2015-12-16 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-12-14 11:09 - 2015-12-14 11:09 - 00000000 ____D C:\Users\Conor\AppData\Local\Ubisoft
2015-12-13 20:12 - 2015-12-13 20:17 - 00000000 ____D C:\Users\Conor\AppData\Local\UNDERTALE
2015-12-13 20:12 - 2015-12-13 20:12 - 00001164 _____ C:\Users\Conor\Desktop\UNDERTALE.lnk
2015-12-13 20:11 - 2015-12-13 20:11 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Steam
2015-12-12 21:30 - 2015-12-12 21:30 - 00348160 _____ C:\Windows\Minidump\121215-4671-01.dmp
2015-12-11 20:54 - 2015-12-11 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 20:11 - 2015-12-11 20:11 - 00360288 _____ C:\Windows\Minidump\121115-5171-01.dmp
2015-12-11 20:11 - 2015-12-11 20:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\Users\Conor\AppData\Local\AudioSwitch
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioSwitch
2015-12-09 16:40 - 2015-12-09 16:40 - 00000000 ____D C:\Program Files (x86)\AudioSwitch
2015-12-08 18:13 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:13 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:13 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 18:13 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 18:13 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 18:13 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-08 18:13 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:13 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-08 18:13 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:13 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:13 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-12-08 18:13 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 18:13 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-08 18:13 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 18:13 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-08 18:13 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-12-08 18:13 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 18:13 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-08 18:13 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-08 18:13 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 18:13 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 18:13 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 18:12 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-08 18:12 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2015-12-08 18:12 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-12-08 18:12 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-12-08 18:12 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:12 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 18:12 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-08 18:12 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-08 18:12 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2015-12-08 18:12 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 18:12 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 18:12 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-12-08 18:12 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-08 18:12 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 18:12 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2015-12-08 18:12 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 18:12 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-12-08 18:12 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-08 18:12 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2015-12-08 18:12 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-12-08 18:12 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-12-08 18:12 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:12 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-08 18:12 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-12-08 18:12 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:12 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:12 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-12-08 18:12 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-08 18:12 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-12-08 18:12 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2015-12-08 18:12 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 18:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 18:12 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-08 18:12 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-08 18:12 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 18:12 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-08 18:12 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 18:12 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 18:12 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-08 18:12 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 18:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 18:12 - 2015-11-24 21:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 18:12 - 2015-11-24 21:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-08 16:50 - 2015-12-08 16:50 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-12-08 11:33 - 2015-12-08 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-12-08 01:29 - 2015-12-08 01:29 - 00000000 ____D C:\Users\Conor\AppData\Local\KiwiGame
2015-12-07 16:34 - 2015-12-07 16:34 - 00006144 _____ C:\Users\Conor\AppData\Local\installer.exe
2015-12-07 16:33 - 2015-12-07 16:33 - 00006656 _____ C:\Users\Conor\AppData\Local\installer4.exe
2015-12-06 23:10 - 2015-12-06 23:12 - 00222456 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2015-12-06 23:10 - 2015-12-06 23:09 - 00236832 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-12-06 23:08 - 2015-12-06 23:08 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Depressurizer
2015-12-06 14:04 - 2015-12-06 14:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Warframe
2015-12-05 20:58 - 2015-12-05 20:58 - 00000000 ____D C:\Users\Conor\Documents\Diablo III
2015-12-05 19:47 - 2015-12-05 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\AppData\Local\Melodics
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\.QtWebEngineProcess
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\.Melodics
2015-12-05 17:54 - 2015-12-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodics
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files\Common Files\VST3
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2015-12-05 17:53 - 2015-12-05 17:53 - 00000000 ____D C:\Program Files (x86)\Novation
2015-12-05 17:52 - 2015-12-05 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novation
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\Program Files\VSTPlugIns
2015-12-05 17:52 - 2015-12-05 17:52 - 00000000 ____D C:\Program Files\Novation
2015-12-05 16:56 - 2015-12-05 17:54 - 00000000 ____D C:\Users\Conor\Documents\Ableton
2015-12-05 16:56 - 2015-12-05 17:00 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Ableton
2015-12-05 16:55 - 2015-12-05 16:55 - 00000671 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2015-12-05 16:27 - 2015-12-05 16:27 - 00000000 ____D C:\Users\Conor\Documents\Wizards of the Coast
2015-12-05 15:38 - 2015-12-05 15:38 - 00000000 ____D C:\Users\Conor\Documents\REAPER Media
2015-12-05 15:32 - 2015-12-05 16:56 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2015-12-05 15:32 - 2015-12-05 15:46 - 00000000 ____D C:\Users\Conor\AppData\Roaming\REAPER
2015-12-05 10:28 - 2015-12-05 10:28 - 00000000 ____D C:\Users\Conor\AppData\Local\Dragon's Vault
2015-12-04 09:47 - 2015-11-24 13:42 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-04 09:46 - 2015-11-24 18:07 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 37882672 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 22345336 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 18389624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 16561320 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 15839392 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 14844304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 13533416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 12040952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 02876536 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 02496816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01016360 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 01013960 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00877872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00823232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00820856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00689784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00601424 _____ C:\Windows\system32\nvmcumd.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00539464 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00503416 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00446768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00445400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-04 09:46 - 2015-11-24 18:07 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-04 09:43 - 2015-12-04 09:43 - 00347096 _____ C:\Windows\Minidump\120415-4250-01.dmp
2015-12-01 19:13 - 2015-12-01 19:13 - 00345976 _____ C:\Windows\Minidump\120115-3937-01.dmp
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Users\Conor\AppData\Local\Ubisoft Game Launcher
2015-11-28 19:47 - 2015-11-28 19:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-11-26 19:47 - 2015-11-26 19:47 - 00000000 ____D C:\Users\Conor\Documents\BioWare
2015-11-26 19:44 - 2015-11-26 19:44 - 00000913 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 21:10 - 2015-09-29 08:10 - 00876942 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-25 21:10 - 2015-07-10 06:02 - 00000000 ____D C:\Windows\INF
2015-12-25 21:08 - 2015-09-30 02:40 - 00000000 ___RD C:\Users\Conor\Dropbox
2015-12-25 21:08 - 2015-09-30 02:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Dropbox
2015-12-25 21:07 - 2015-09-30 02:38 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-25 21:07 - 2015-09-29 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-25 21:07 - 2015-09-29 08:33 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-25 21:07 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor
2015-12-25 21:07 - 2015-07-10 07:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 21:07 - 2015-07-10 04:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-25 21:00 - 2015-09-29 10:28 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Skype
2015-12-25 20:43 - 2015-09-30 02:38 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-25 20:43 - 2015-09-29 08:33 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 17:55 - 2015-10-21 08:55 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-25 15:55 - 2015-10-01 03:39 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{357248BA-1B5B-47D1-963E-55E145A91AF6}
2015-12-25 15:50 - 2015-09-29 08:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-25 09:56 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\AppReadiness
2015-12-25 09:51 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-25 01:14 - 2015-09-29 17:54 - 00000000 ____D C:\Users\Conor\AppData\Local\Battle.net
2015-12-25 01:14 - 2015-09-29 12:54 - 00000000 ____D C:\ProgramData\Origin
2015-12-25 01:14 - 2015-09-29 10:29 - 00000000 ____D C:\Users\Conor\AppData\Local\Spotify
2015-12-24 16:23 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-24 15:13 - 2015-09-29 10:28 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Spotify
2015-12-24 09:32 - 2015-09-29 08:50 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-23 22:03 - 2015-09-29 08:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-23 22:03 - 2015-07-10 06:04 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-23 21:11 - 2015-10-15 16:29 - 00000704 __RSH C:\ProgramData\ntuser.pol
2015-12-23 20:34 - 2015-09-29 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 20:33 - 2015-11-23 14:04 - 00000000 ____D C:\Users\Conor\AppData\Roaming\qBittorrent
2015-12-23 16:47 - 2015-10-01 16:00 - 00000000 ____D C:\Users\Conor\AppData\Local\Deployment
2015-12-23 11:01 - 2015-09-29 08:40 - 00000000 ____D C:\Windows\system32\MRT
2015-12-23 09:45 - 2015-07-10 07:20 - 00352528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-22 17:03 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Adobe
2015-12-22 16:59 - 2015-09-29 08:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-22 15:49 - 2015-10-08 10:07 - 00000000 ____D C:\Users\Conor\AppData\Local\LogMeIn Hamachi
2015-12-20 15:35 - 2015-11-23 14:04 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-12-18 14:37 - 2015-10-30 14:26 - 00000000 ____D C:\Users\Conor\AppData\Local\Black_Tree_Gaming
2015-12-17 22:22 - 2015-10-08 09:54 - 00000000 ____D C:\Users\Conor\AppData\Roaming\.minecraft
2015-12-17 21:51 - 2015-09-29 08:14 - 00000000 ____D C:\Users\Conor\AppData\Local\VirtualStore
2015-12-17 21:38 - 2015-10-15 16:14 - 00000000 ____D C:\Users\Conor\Documents\Dolphin Emulator
2015-12-17 20:19 - 2015-10-01 11:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-12-16 03:18 - 2015-10-30 19:38 - 00000000 ____D C:\Users\Conor\AppData\Local\Messenger
2015-12-16 00:45 - 2015-10-30 19:38 - 00001311 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2015-12-16 00:45 - 2015-09-29 17:54 - 00000000 ____D C:\Users\Conor\AppData\Roaming\Battle.net
2015-12-16 00:45 - 2015-09-29 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-15 18:33 - 2015-10-01 11:34 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-12-15 08:57 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 08:56 - 2015-10-10 09:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-14 19:07 - 2015-10-01 17:52 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-12-14 18:17 - 2015-10-01 11:34 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-12-14 16:51 - 2015-10-17 16:06 - 00348360 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-12-14 16:51 - 2015-10-17 16:04 - 00000000 ____D C:\ProgramData\EA Logs
2015-12-12 21:30 - 2015-11-12 16:39 - 644691654 _____ C:\Windows\MEMORY.DMP
2015-12-12 21:30 - 2015-11-12 16:39 - 00000000 ____D C:\Windows\Minidump
2015-12-11 20:54 - 2015-09-30 02:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 20:11 - 2015-09-29 08:15 - 00000000 __RHD C:\Users\Conor\OneDrive
2015-12-11 14:52 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\rescache
2015-12-09 19:10 - 2015-07-10 05:55 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 13:52 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\oobe
2015-12-09 11:16 - 2015-09-29 08:15 - 00002363 _____ C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-08 22:39 - 2015-09-29 08:42 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 20:51 - 2015-11-22 00:32 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-12-08 20:51 - 2015-09-29 08:44 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-12-04 09:47 - 2015-09-29 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-03 19:38 - 2015-09-29 08:33 - 00003984 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 19:38 - 2015-09-29 08:33 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 19:32 - 2015-07-10 06:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:32 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-28 19:47 - 2015-09-29 09:00 - 00000000 ____D C:\Users\Conor\Documents\My Games
2015-11-27 22:49 - 2015-09-29 10:28 - 00000000 ____D C:\ProgramData\Skype
2015-11-25 19:34 - 2015-09-29 08:43 - 11228488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
 
==================== Files in the root of some directories =======
 
2015-12-23 20:30 - 2015-12-23 20:30 - 0000097 _____ () C:\Users\Conor\AppData\Local\dottmpfile.txt
2015-09-29 08:27 - 2015-09-29 08:27 - 0000000 _____ () C:\Users\Conor\AppData\Local\Driver_LOM_8161Present.flag
2015-12-07 16:34 - 2015-12-07 16:34 - 0006144 _____ () C:\Users\Conor\AppData\Local\installer.exe
2015-12-07 16:33 - 2015-12-07 16:33 - 0006656 _____ () C:\Users\Conor\AppData\Local\installer4.exe
2015-11-16 11:12 - 2015-11-16 11:12 - 0007597 _____ () C:\Users\Conor\AppData\Local\Resmon.ResmonCfg
2015-09-10 08:09 - 2015-09-10 08:09 - 0008192 _____ () C:\Users\Conor\AppData\Local\uid.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-23 10:58
 
==================== End of FRST.txt ============================
 
-----
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Conor (2015-12-25 21:13:34)
Running from C:\Users\Conor\Desktop\FRST64
Windows 10 Pro (X64) (2015-09-29 13:14:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-646440759-2328756091-327310450-500 - Administrator - Disabled)
Conor (S-1-5-21-646440759-2328756091-327310450-1001 - Administrator - Enabled) => C:\Users\Conor
DefaultAccount (S-1-5-21-646440759-2328756091-327310450-503 - Limited - Disabled)
Guest (S-1-5-21-646440759-2328756091-327310450-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.3.189 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.1.3.0 - )
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bionic Commando Rearmed (HKLM-x32\...\Steam App 21680) (Version:  - Capcom)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Citizens of Earth (HKLM-x32\...\Steam App 258910) (Version:  - Eden Industries)
CMake 3.4.0-rc1, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.4.0-rc1) (Version: 3.4.0-rc1 - Kitware)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z MSI 1.74 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.74 - CPUID, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version:  - WayForward)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.11 - Electronic Arts)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM\...\{D9D18DA0-DA2D-497C-8D71-E6489890EA58}) (Version: 1.1.40.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.17 - Echobit, LLC)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geekbench 3 (HKLM-x32\...\Geekbench 3) (Version:  - Primate Labs Inc.)
Ghost in the Shell Stand Alone Complex First Assault Online (HKLM-x32\...\Steam App 369200) (Version:  - Neople)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IdleMaster (HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launchkey Reason Installer 1.0 (HKLM\...\{Launchkey}}_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version:  - Almost Human Games)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Melodics version 1.0.1709.0 (HKLM\...\Melodics_is1) (Version: 1.0.1709.0 - )
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
mGalaxy 5.5 (HKLM-x32\...\mGalaxy) (Version: 5.5 - mGalaxy)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-5e196edf-d73a-447c-af89-4de56a6cb373) (Version:  - Epic Games, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{5af0cac3-d852-4187-a921-da8b83dce6e9}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28129 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Rivals of Aether v0.0.2 (HKLM-x32\...\Rivals of Aether v0.0.2v0.0.2) (Version: v0.0.2 - Rivals of Aether v0.0.2)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - Big Robot Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sonic Adventure™ 2  (HKLM-x32\...\Steam App 213610) (Version:  - SEGA)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamTool 1.1 (HKLM-x32\...\{B442D7D6-5153-4DBC-954D-BFFAACACDFDC}_is1) (Version: 1.1 - Stefan Jones)
Street Fighter V Beta (HKLM-x32\...\Steam App 386800) (Version:  - )
Strider (HKLM-x32\...\Steam App 235210) (Version:  - Double Helix Games)
System Requirements Lab Detection (HKLM-x32\...\{0687AB5E-8A5A-42FD-8EA4-49689A593514}) (Version: 6.1.6.0 - Husdawg, LLC)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Uplay (HKLM-x32\...\Uplay) (Version: 13.0 - Ubisoft)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
V-Station 2.2 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.2 - Novation)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Conor\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646440759-2328756091-327310450-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
12-12-2015 21:42:44 Windows Update
14-12-2015 11:09:21 Installed DirectX
17-12-2015 21:53:43 Installed LogMeIn Hamachi
22-12-2015 16:59:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
22-12-2015 16:59:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
23-12-2015 22:39:16 JRT Pre-Junkware Removal
23-12-2015 23:03:46 JRT Pre-Junkware Removal
25-12-2015 15:50:09 Installed TP-LINK Wireless Configuration Utility and Driver
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {005CEE4B-2C3A-4861-B5B1-66D18A025460} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {04FCE915-B0F5-448C-8B10-A0D2E284EC87} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {18D1CAD0-B4AD-470C-AAC7-F78C9EC4DE2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {1EFF10B7-C838-45DF-8ED2-E1D5755D132F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-conorfreelancer@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {633DEDBA-F1E8-430C-83DB-7020D2885BDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {888DCF77-5B34-4A23-A0C8-509F1B865BBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {95E7C926-D5FF-433A-9200-EC411E2227C7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
Task: {AB76D8B4-448C-4386-9016-C0DC4AB971D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation)
Task: {BA568E30-9662-464D-BE85-7843FAA009B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {CE7BA1EB-A658-42F3-B3C4-70E7287D1745} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {DECA92CF-63FB-492A-97E5-758E5CB84C4E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-30] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FCOzamotn3614,a3d31b70-7d47-4089-902e-a80ffc9af4dc,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-29 08:39 - 2015-07-14 21:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-09-29 08:36 - 2015-11-24 14:32 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-10 09:46 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-29 08:39 - 2015-08-11 04:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-12-22 15:49 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-01 17:52 - 2015-12-14 19:07 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-06-23 14:11 - 2015-06-23 14:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-10-01 13:55 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-01 13:55 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 13:55 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-08 18:12 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-12-08 18:12 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 13:55 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 18:13 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 18:12 - 2015-11-24 23:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-01 13:55 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-04-17 13:02 - 2014-04-17 13:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-12-09 16:40 - 2015-12-04 12:44 - 00136192 _____ () C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe
2015-07-08 01:58 - 2015-07-08 01:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-09-29 08:44 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-16 00:24 - 2015-12-15 00:54 - 00782336 _____ () E:\Program Files\Steam\SDL2.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 04962816 _____ () E:\Program Files\Steam\v8.dll
2015-12-19 11:50 - 2015-12-18 21:37 - 02546768 _____ () E:\Program Files\Steam\video.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 01556992 _____ () E:\Program Files\Steam\icui18n.dll
2015-09-29 10:48 - 2015-07-03 11:12 - 01187840 _____ () E:\Program Files\Steam\icuuc.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 02549248 _____ () E:\Program Files\Steam\libavcodec-56.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00491008 _____ () E:\Program Files\Steam\libavformat-56.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00332800 _____ () E:\Program Files\Steam\libavresample-2.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00442880 _____ () E:\Program Files\Steam\libavutil-54.dll
2015-09-29 10:48 - 2015-09-23 19:33 - 00485888 _____ () E:\Program Files\Steam\libswscale-3.dll
2015-12-19 11:50 - 2015-12-18 21:37 - 00802896 _____ () E:\Program Files\Steam\bin\chromehtml.DLL
2015-12-16 00:24 - 2015-12-15 00:54 - 00206848 _____ () E:\Program Files\Steam\bin\openvr_api.dll
2015-12-11 20:54 - 2015-10-30 19:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 20:54 - 2015-10-30 19:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 20:54 - 2015-12-08 16:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-11 20:54 - 2015-10-30 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2015-09-30 02:39 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-11 20:54 - 2015-12-08 16:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-11 20:54 - 2015-10-30 19:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-11 20:54 - 2015-12-08 16:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 20:54 - 2015-10-30 20:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-11 20:54 - 2015-12-08 16:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-09-30 02:39 - 2015-10-30 20:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-30 02:39 - 2015-10-30 20:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-12-16 02:26 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 02:26 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-11-16 05:48 - 2015-11-16 05:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 40622592 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-12-16 00:24 - 2015-12-15 00:54 - 47846688 _____ () E:\Program Files\Steam\bin\libcef.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 00911360 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-09-30 02:01 - 2014-11-25 20:12 - 00134144 _____ () C:\Users\Conor\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-12-03 04:37 - 2015-12-03 04:37 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-07 01:04 - 2015-12-07 01:04 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-12-03 04:37 - 2015-12-03 04:37 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-12-03 03:19 - 2015-12-03 03:19 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2015-12-03 03:19 - 2015-12-03 03:19 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-12-07 00:56 - 2015-12-07 00:56 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-12-03 03:18 - 2015-12-03 03:18 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-12-03 03:18 - 2015-12-03 03:18 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-646440759-2328756091-327310450-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Conor\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{18998bee-669b-4d2e-9978-03dcb755d6e4}.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "cutoauto"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "cutoauto"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-646440759-2328756091-327310450-1001\...\StartupApproved\Run: => "dutoauto"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99E254CC-805E-4C91-9CFA-52D200F1AB68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{572C0ACB-13AB-4F49-93B6-EA76E268A7D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7BB0690-2B1C-43D3-AAAA-90967F21E2C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BD17D65C-7521-4825-81B2-E92D19CC0A10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{715C7222-53EB-4015-9BB6-543BA4548F31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1DBFD5A3-81F5-4555-BD11-35D526F385BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4D332601-11BD-4B56-A51B-1C2E29F9A5B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7E2C502F-F6B6-44F3-BF87-8526F14010E2}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{476A6147-B014-49A1-BF04-B8E2171B8921}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{8C4DA482-62B0-4A6D-9EC2-FC8BCDC902F5}] => (Allow) E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{FB567B75-8240-42AD-86F6-A14DE528D304}] => (Allow) E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{3866CAC5-15FC-494D-96A2-10CE66B44ED6}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFA6EA5D-7D0E-4771-9660-14DD8D2AA066}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9675D84E-2D18-46C8-B204-F9CB23A19264}] => (Allow) D:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{10C3BD01-C71C-4B30-BA7A-7392209A064E}] => (Allow) D:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{33385FE2-A402-4CA5-BDFB-6DF2323CD610}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{14CFBAFC-3CC9-4608-9882-03C9946AB7E1}] => (Allow) D:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{E3B3E643-7731-430A-AD4F-CE2C59F1F4CF}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{7D8449F8-ABA8-49BD-815A-0549158CB4CE}] => (Allow) D:\SteamLibrary\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{6DF56554-9330-4CF1-95BD-2B1C5374F037}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0A38877A-9D47-461B-9723-A73D88AC838F}C:\users\conor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\conor\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B23B056-3050-4DF1-B519-89C039AEDFA4}C:\users\conor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\conor\appdata\roaming\spotify\spotify.exe
FirewallRules: [{72659D7D-FF79-4083-87D7-CDBE04799CCB}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{BDCB81A8-4574-4897-B3C1-E4CD6F1F5A4B}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5525DB3C-DF26-4FCC-9B81-38C5AA36E888}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{2C2A2CC4-7D3D-448A-98EE-77D81D4F560A}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{D0013DF9-94CD-495E-90D0-09D458F5EEE2}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{1A34C039-44A9-40AC-8EEA-792D3E4B6BBD}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{5718D08F-BEC3-46D8-8687-72F67738A5C6}] => (Allow) E:\Program Files\Steam\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{236C00F0-E964-4A5D-BB82-7891E4194F43}] => (Allow) E:\Program Files\Steam\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{8FE48596-7F73-4893-9937-F15E8DB210B7}] => (Allow) E:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{5F700121-2706-4114-A576-19F88410A1B1}] => (Allow) E:\Program Files\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{1D2038BB-8A75-4F44-8E36-00A1B0A6369B}E:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{AD221209-F141-4B5F-96C1-91D4AC881F3F}E:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{A71D5B00-3ABE-435E-8101-F9C43979299C}] => (Allow) E:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{000A0CC1-62BC-41D9-A367-667CA61F6B73}] => (Allow) E:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{70C54F29-343C-4516-B6E1-2AADE55B9AA6}] => (Allow) E:\Program Files\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{9241F7F2-DCFC-4A86-80A2-0E8426C2D6E3}] => (Allow) E:\Program Files\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{EAAC2788-4F4C-4099-B508-74108822143B}] => (Allow) E:\Program Files\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{02E53EC6-8363-4310-8605-1E048CD184F1}] => (Allow) E:\Program Files\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [TCP Query User{221BAD2C-E609-4020-AAD7-8FCE2992ABED}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{311E4EA3-51A8-48F9-8043-56E566921E3B}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{C128CE5E-D874-4475-8F6E-8AF19CA6210B}] => (Allow) E:\Program Files\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{2D66035B-EC66-48EA-82B9-A0F3FE883D86}] => (Allow) E:\Program Files\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{11402DBD-5909-4CCF-A456-249FF593C283}E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{D71FD3F2-0123-4C44-B238-FE9574711A2F}E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{C33BE168-93F8-4825-8BAF-9AD22A5A7666}] => (Allow) E:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7B584BC9-F81D-4EB2-BB09-D5D51A267C3A}] => (Allow) E:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{53042488-796D-4AC8-BAA6-28C2A0C44068}E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe] => (Allow) E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe
FirewallRules: [UDP Query User{300CCB6B-975D-466E-961F-6C1C405FCBBA}E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe] => (Allow) E:\program files\steam\steamapps\common\abyss_odyssey\binaries\win32\ao.exe
FirewallRules: [{C1D22C08-108C-49F6-9092-F4DFDCADC905}] => (Allow) E:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{3E08A41A-ACD5-4ADD-B532-D403E168F73A}] => (Allow) E:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{870D24C7-CC0A-40DB-A87A-1DF3B4E80529}] => (Allow) E:\Program Files\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FB5FDCBF-C3FD-498D-8E4A-75A303B9B007}] => (Allow) E:\Program Files\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{840E743F-B1B2-4BE3-AB11-EB33E5B72B3A}] => (Allow) E:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1E51E27C-A671-442D-B3E8-780C7F8A4216}] => (Allow) E:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{AF6E1884-DD8E-41A2-9B9D-193FD975AAD9}] => (Allow) E:\Program Files\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [{532894AE-32C5-46A6-AB31-16D539540B14}] => (Allow) E:\Program Files\Steam\steamapps\common\Child of Light\ChildofLight.exe
FirewallRules: [TCP Query User{F190FC36-848D-425E-8638-0E2FC3A26C62}E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3ACC9A9C-7E7B-44A9-BD81-A68BD443E438}E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{86CDC47D-55B8-4509-AD25-7EACD3BB1ED5}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{9EB4EF72-736F-48AD-A02E-B7C0FD33AF87}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{F7AF53BF-3BB6-4BD2-AA1A-F634AECB6C12}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{B5E20C7C-C64C-4F07-857D-B38459CCF266}] => (Allow) E:\Program Files\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{1102863E-F1B9-4075-B0E8-703EB2F71708}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{82ADCEE3-4E46-488E-BF12-B4BDB4A4F5CB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B9F77E40-902C-4DDD-BEE6-43C76DC84CEB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FA9293C9-6E49-4C6A-8B0F-9B786192B22F}] => (Allow) E:\Program Files\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{9A871263-846D-4D75-8F93-6CEC19E20288}] => (Allow) E:\Program Files\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{0D0C941F-C9F3-4F16-84D9-628022AFA8C3}] => (Allow) E:\Program Files\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{6E253ABE-4CB5-4903-8938-36BA681CBB2D}] => (Allow) E:\Program Files\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{0203CE1A-015F-4745-AD82-E57C7D0A679A}] => (Allow) E:\Program Files\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{7BF90791-63A8-41C8-8E9D-7564A6E20648}] => (Allow) E:\Program Files\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [TCP Query User{D22F9E10-097B-41A8-A00E-53854213C88B}E:\program files\halo\eldorado.exe] => (Allow) E:\program files\halo\eldorado.exe
FirewallRules: [UDP Query User{6DC9E39A-41F8-4F33-A15D-2DD7B16E2183}E:\program files\halo\eldorado.exe] => (Allow) E:\program files\halo\eldorado.exe
FirewallRules: [{42FDE941-7738-4270-B046-89F6EDE7EF77}] => (Allow) E:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{2C596465-E9EE-4FB5-974D-CA1D7183AA7D}] => (Allow) E:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{83536318-AC0C-40C2-8488-D316AE7047AC}] => (Allow) E:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{673356EF-A73F-4B8D-A696-ED2C1B00A913}] => (Allow) E:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{E099657F-093F-4B8F-9191-1C686F875CCB}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{C9A21DD7-7178-46CD-96F8-9BEEC8029855}] => (Allow) E:\Program Files\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{5BDD939D-3EF5-4112-BCE5-DCC8372E994A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{FAAB4B5E-D696-44CA-A536-88D565FF2972}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{57279828-1EF0-4EB5-A3B0-75E4A1876667}E:\program files\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [UDP Query User{E45D39E2-B446-46E9-ABAC-9233A12BEF47}E:\program files\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [{F70A59E8-15B7-46DE-BA5E-51695E68DDB9}] => (Allow) E:\Program Files\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{0ACDA4C3-F347-428F-AFE8-5612C2AD8359}] => (Allow) E:\Program Files\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{47224762-488F-4FA3-9E96-4B10661CFF60}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{ABACE77B-0054-479D-B859-B4217BC628FD}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{965CF456-D4F7-4074-BC70-566F36322B49}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{BAB3C23C-C351-4499-97F8-76DE83133994}] => (Allow) E:\Program Files\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D785A00D-1599-41BB-86A3-D27885AD20F7}] => (Allow) E:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1E22BB12-2F2E-4A75-BDBB-5BA333F0C1DE}] => (Allow) E:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{A0F0B841-273B-4B62-B366-E88AFE6E4401}] => (Allow) E:\Program Files\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{DE5D4AC6-F832-4650-BDB2-610683A8FB08}] => (Allow) E:\Program Files\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [TCP Query User{846F320C-126A-492F-8A38-8964C56FFA74}E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{51B11A4F-CA81-4EFB-96CC-5BEB0A7844CC}E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{A3F9B851-55E7-4E98-95C3-9722350D2B11}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{43673E18-131D-4302-BD6D-F92691AF1DF3}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C30AAFEE-DE13-4D2D-A8D3-0DDC86751378}] => (Allow) E:\Program Files\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2D4C7296-ADE5-4D34-966A-A7EE265AB87D}] => (Allow) E:\Program Files\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5F4137E6-BD55-401D-BEDC-120158A5CD69}] => (Allow) E:\Program Files\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{194B8CC8-9298-41C5-95B4-5318B646B031}] => (Allow) E:\Program Files\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{E46BFE42-71B4-422B-BFA8-9A779FBF2D4C}] => (Allow) E:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{9F07AD12-1D36-4CA7-9C70-C3820AD77D30}] => (Allow) E:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{C5D8095B-7F78-4786-94F2-645EA910CDBA}] => (Allow) E:\Program Files\Steam\steamapps\common\Citizens of Earth\CitizensOfEarth.exe
FirewallRules: [{9AC05C66-B01A-412A-8C4A-EEC28EBBFABB}] => (Allow) E:\Program Files\Steam\steamapps\common\Citizens of Earth\CitizensOfEarth.exe
FirewallRules: [{A1F0BDD5-E6BF-4D49-83C6-9110EB36D5C1}] => (Allow) E:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F290E1C7-7E8A-43AF-8C5E-ADF2D178329E}] => (Allow) E:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{06B242E8-E773-43DE-87B5-FD08A2DF5F5A}] => (Allow) E:\Program Files\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{D6CF9E9F-9C63-4D68-912F-BBF2D6257E04}] => (Allow) E:\Program Files\Steam\steamapps\common\Double Dragon Neon\bin\DoubleDragon.exe
FirewallRules: [{23572C56-1D47-4911-9914-E6B0526F156E}] => (Allow) E:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{E06D0410-16B8-440C-8609-4F2BDA0FF042}] => (Allow) E:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F7D4971E-B855-4DB2-8C4C-C36DA8AFF2FC}] => (Allow) E:\Program Files\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{9F81BD22-36C0-433B-9929-DBC029867349}] => (Allow) E:\Program Files\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{963D66C8-FD49-4A36-9174-F005328612BD}] => (Allow) E:\Program Files\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{4AB70F61-54CE-4B55-B385-70EA276FB464}] => (Allow) E:\Program Files\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [TCP Query User{9A2CF29B-CEB3-4AD0-9D46-56B28C5D1DE7}E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C236348D-F982-4FAF-A559-630A46CF4B16}E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) E:\program files\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{55BF272A-18E1-4502-81E6-82F0B16DFC67}E:\program files\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\program files\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{7E3FE2FA-3112-4B2C-9CA5-63EBD870FF86}E:\program files\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\program files\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{68E5D475-3549-4A99-A2C1-8399CC39D0F1}] => (Allow) E:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{93C3C0D6-26C4-42D7-A09A-DCDF7C7B9304}] => (Allow) E:\Program Files\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{781B3471-3B29-4FA2-AE8A-299E57013EFC}] => (Allow) E:\Program Files\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{12D295AB-ED6E-4E20-9382-6685014540A4}] => (Allow) E:\Program Files\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [TCP Query User{D1E9D4A4-B7E0-4EBA-82EE-5A908DE3535C}C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe
FirewallRules: [UDP Query User{B6D9BD02-F8DD-48CE-B348-F3DB4A743EF6}C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\downloads\java\jre1.7.0_75\bin\java.exe
FirewallRules: [TCP Query User{3AF5C2D4-7056-4B26-8967-6689CAFE9ACF}C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe
FirewallRules: [UDP Query User{1FB5497B-76EC-4C19-9E71-48CEAA160900}C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe] => (Allow) C:\users\conor\desktop\xmage\java\jre1.7.0_75\bin\java.exe
FirewallRules: [{93E45EB9-D752-428A-8E73-8717171A9EBC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E4941D0A-6C1A-4895-9778-DB2BFB892D49}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BA11BFCB-1070-41C8-B796-D7A7F8351F62}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{5DC52216-9747-4885-84A8-6A4292187C3C}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A39652E5-959D-48D3-816B-82E9C9ECEF67}] => (Allow) E:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C115C17F-1684-4B09-A518-B58385AA4BA6}] => (Allow) E:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{8797EA87-D888-47EC-8F35-ECB1354E538B}] => (Allow) E:\Program Files\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{F402ABAE-2F16-4CC4-951A-1F871D271DF7}] => (Allow) E:\Program Files\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{194E10A7-0881-42E6-AD09-ABC1A225E61D}] => (Allow) E:\Program Files\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{43ABA683-7323-4626-9630-88D027A3A525}] => (Allow) E:\Program Files\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{21554AA2-F135-4B85-96B0-DE7E7596E8B2}] => (Allow) E:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{8374A94A-75D0-4CD7-89D9-95EEB79D14B7}] => (Allow) E:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E9851236-4227-4BCB-883F-D12963B4A0D1}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{BA3F53A3-44D3-4F63-A979-478E0CFDCA0C}] => (Allow) E:\Program Files\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{079959B9-4B07-4140-ACE3-FB99FB8C8E1F}] => (Allow) E:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E75245A1-886F-49E5-8BD5-EED350687707}] => (Allow) E:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [TCP Query User{1B6B0439-F589-4CC7-959E-DFA1630B6CB0}E:\program files\diablo iii\diablo iii.exe] => (Allow) E:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D291B5DB-8229-4BD7-9AE5-E4322FC3C68D}E:\program files\diablo iii\diablo iii.exe] => (Allow) E:\program files\diablo iii\diablo iii.exe
FirewallRules: [{2F3118A7-F634-4959-867B-DDB1B7EB0B46}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A11B9933-23D2-4F89-B6F2-6CFCA61E30FA}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D9644D75-43BB-4FC6-80D2-ACD4774FF797}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{594A9A5F-3E5B-4870-A892-09E6501DBE91}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C2921FBC-9323-43C8-8417-5E2F5FEEBFEE}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C617F68C-1F4F-4847-AB0D-58AECA578E67}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{73DDB204-34D8-4FEB-8028-AE601E41CF4D}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6F9F2A29-A5CA-4FA4-8BA6-AF1A03D117F5}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{85812CEE-9A58-4136-B956-5BFE1BEC68B6}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6208A463-D8B2-4129-9644-19F11599279B}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D4CF083E-134C-447E-BA43-E4591FFDF11A}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B2A3B5E2-E391-4F34-ABD1-B96B8596E7BE}] => (Allow) E:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{194E3CF4-BD3E-431C-A57C-E74B49767002}] => (Allow) E:\Program Files\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{6167435B-6D5C-42EE-8FC6-87CE92583527}] => (Allow) E:\Program Files\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{7E28B548-E48A-4173-AD17-4708ACB2EC38}] => (Allow) E:\Program Files\Steam\steamapps\common\StreetFighterVBeta\StreetFighterVBeta.exe
FirewallRules: [{77201D2C-EF5A-41FB-9792-5A60DC763868}] => (Allow) E:\Program Files\Steam\steamapps\common\StreetFighterVBeta\StreetFighterVBeta.exe
FirewallRules: [{B2D7705C-78D0-4F08-A687-E77A2BA670BE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{430E1C72-3C06-42DA-9E3A-98D7292A6E24}E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{210498A1-B2E0-48EE-81E1-CFDE18C3EF0E}E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) E:\program files\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{9D0CC211-BC84-4F5E-AF65-63EE7C6E3ABC}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{4DA58C7D-807D-43DA-BE8D-03BCE8E9BC10}] => (Allow) E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{35D34717-D1B1-48B1-A74A-6459C015393C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C8F1887-32B4-47B0-8725-80366DB25267}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{19DE7C44-2BBB-447D-92A2-9C6CC2CFBB73}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6C5AA06B-A7F8-4BCF-9706-3BB036EF31A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{443E1E36-69EB-426C-8B2F-9E1358F91010}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{18A7F9B5-BDFD-440B-AB19-23EF7B24F4F7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{F97D8897-5C53-4129-B769-E8451795B357}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{6ECFDCC8-A717-49E0-B011-F8F08E07B809}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0A7144C9-63EB-4FA4-8CB4-6AE84F37A91F}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{177CB283-B9F3-4492-967C-44CCD3357AAC}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{C4FD61E9-BD9C-41E1-8135-246E6EFDA4E0}E:\program files\hearthstone\hearthstone.exe] => (Allow) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7F799282-0181-45F5-BC23-8A98EC43E8BC}E:\program files\hearthstone\hearthstone.exe] => (Allow) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{9FA84C89-2F27-403D-B7CE-A6A90BB24CBA}] => (Block) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{FBC74CA1-7827-4FAF-A1A3-ACFC345C514D}] => (Block) E:\program files\hearthstone\hearthstone.exe
FirewallRules: [{FA078823-2DF0-48EB-8A02-C123A4198249}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2C999985-418E-4682-AAFB-5A7D6538082F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2FD2505D-DAF8-4EDB-9392-DC40D75C578B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9BB31C00-5497-48CE-99F4-7D1E68CC9108}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{99A6BCE2-C7CE-4F3B-88BF-460C98DFF704}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A634BB80-849F-44A6-A4FC-7724531F66FE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BF5550B6-9474-4DF2-85B2-EBC0D22DA242}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2810CFBF-B89C-41AC-9893-FD6385278DFD}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{74B048BA-8D65-457A-9045-D4F28DB26345}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BE317E27-751B-4A06-A94C-A3DC9AE1F3F4}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{5A63B075-960A-4D7D-8083-B22A2F13AC03}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A84E78EB-46F1-4DE1-8FF4-9809BF7ACCAA}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{58728FD3-0A6E-45CA-9867-118C55F242F5}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{52E3C14A-5CA3-4179-B7E6-4B7F411F2D23}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{EB5C6D97-6F95-46D3-A0F7-98FB78F5F247}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4ADDF9BC-65FD-4D73-B240-B638A3BCDA6A}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{FD8C8B44-1A8E-4BB3-BDCA-2D48C412AD1B}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{608612DB-9CEC-4EE7-A385-16FA54B4CC4B}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{759285BB-D4AF-4893-A68A-A2109EF3BAE2}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{431AE0D4-2508-4D6D-AEB6-6C1F38722FD3}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{D9D9BF14-8F67-4E5B-B990-B42570816293}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{739658A6-0FF0-4AF3-9975-FAAADA8F7225}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{5E7248A6-1867-417A-A874-762DA2240714}] => (Allow) E:\Program Files\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{FCE73982-A1E1-45F8-BEE7-9163448EF90F}] => (Allow) C:\Program Files (x86)\willing\tall.exe
FirewallRules: [{9E1812F2-FADD-4EAD-833C-4868D7C98F9A}] => (Allow) C:\Program Files (x86)\willing\tall.exe
FirewallRules: [{F32B4E9A-2CFA-4B49-A192-AD6ADA4E70F9}] => (Allow) C:\Program Files (x86)\willing\getcap.exe
FirewallRules: [{08D4B9B0-90C8-4A48-87C7-42C4EB11CEA0}] => (Allow) C:\Program Files (x86)\willing\getcap.exe
FirewallRules: [{CC68CD1E-C664-4BA7-B6CF-9F48147E10E9}] => (Allow) C:\a\winonit.exe
FirewallRules: [{C360CF54-0ED4-44B3-8300-9B4A3B984D72}] => (Allow) C:\a\winonit.exe
FirewallRules: [{A4303613-C6CE-432F-B951-CB5C10E24A8C}] => (Allow) C:\Program Files (x86)\willing\spade.exe
FirewallRules: [{C23F0E8C-4EA6-4AC2-9F69-4AFBA83A3D7A}] => (Allow) C:\Program Files (x86)\willing\spade.exe
FirewallRules: [{4C09F77A-C8B6-4AD3-9EA8-4E512C8185F9}] => (Allow) C:\a\vchk.exe
FirewallRules: [{A0B5095E-0A9D-4629-8408-092D0E86F2E2}] => (Allow) C:\a\vchk.exe
FirewallRules: [{272288E9-6873-46D1-8E18-8A1B3C9417DF}] => (Allow) C:\a\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614.exe
FirewallRules: [{1C1FFC03-2750-4F88-A34F-F7159C3E05A8}] => (Allow) C:\a\4a3BnVni0Dw0VelQh0Kw-ni-2015-12-23-ni-3614.exe
FirewallRules: [{60D73C59-83DF-408D-B591-BAE7A6E951B5}] => (Allow) C:\Program Files (x86)\obscene\concentrate.exe
FirewallRules: [{A2D05FEE-07D4-4D7F-9490-CB6CD4816146}] => (Allow) C:\Program Files (x86)\obscene\concentrate.exe
FirewallRules: [{8A6E8284-9433-49F5-9B34-BF20B08D3785}] => (Allow) C:\Program Files (x86)\fix\tearful.exe
FirewallRules: [{D9B7C4EA-F2B0-4E4B-826C-D2DAC750FB3F}] => (Allow) C:\Program Files (x86)\fix\tearful.exe
FirewallRules: [{DA8D01D7-2620-44E1-BB16-6C413726E10E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{AA8CDCB8-7161-4D56-86D5-579ADA5647F8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{69193BDF-34E4-4102-89CE-25FED07D5941}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
FirewallRules: [{751A9628-2637-417A-BD1D-77E7CC0FA49F}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{D6E24316-BFFD-4CCD-9AD3-5C896ADEF87D}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{4B7FCC22-5DD5-4265-B3A2-C16CF21BF54C}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{6EAF1D57-C706-408A-A795-2529DAF5C9CA}] => (Allow) E:\Program Files\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{FA757DFD-AA61-41FE-806E-1BE5238DB968}] => (Allow) E:\Program Files\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{C7404136-BB0A-47D7-AF63-B6BB7F9D7A27}] => (Allow) E:\Program Files\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2015 06:14:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2015 03:50:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/25/2015 10:33:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2015 10:33:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2015 01:14:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2015 01:14:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 05:57:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Valkyria.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 4a30
 
Start Time: 01d13e9a3d49727b
 
Termination Time: 4294967295
 
Application Path: E:\Program Files\Steam\steamapps\common\Valkyria Chronicles\Valkyria.exe
 
Report Id: b1c7e24e-aa91-11e5-9c33-6245b4e58ff1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/24/2015 03:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GAME.exe, version: 0.0.0.0, time stamp: 0x56702c29
Faulting module name: GAME.exe, version: 0.0.0.0, time stamp: 0x56702c29
Exception code: 0xc00000fd
Fault offset: 0x007329ac
Faulting process id: 0x300c
Faulting application start time: 0xGAME.exe0
Faulting application path: GAME.exe1
Faulting module path: GAME.exe2
Report Id: GAME.exe3
Faulting package full name: GAME.exe4
Faulting package-relative application ID: GAME.exe5
 
Error: (12/24/2015 03:13:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 01:41:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OBRIEN-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (12/25/2015 09:13:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (12/25/2015 09:07:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/25/2015 09:07:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/25/2015 09:07:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/25/2015 09:07:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/25/2015 09:05:40 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (12/25/2015 09:05:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/25/2015 09:05:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/25/2015 09:05:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/25/2015 09:05:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-23 20:32:58.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 20:32:58.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-08 16:43:39.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-08 16:43:39.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 23:08:38.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 23:08:38.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 01:52:58.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 01:52:58.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-05 19:43:06.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-05 19:43:06.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WTFastDrv.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 17%
Total physical RAM: 16332.77 MB
Available physical RAM: 13530.18 MB
Total Virtual: 19020.77 MB
Available Virtual: 15738.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.4 GB) (Free:159.63 GB) NTFS
Drive e: (Mass Media Storage) (Fixed) (Total:1863.01 GB) (Free:938.66 GB) NTFS
Drive f: (Mass Media Storage) (Fixed) (Total:1863.01 GB) (Free:1862.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3683339B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E1DCAF39)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 6F94F77A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 26 December 2015 - 10:32 AM

You are welcome.

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 cobrien

cobrien
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 26 December 2015 - 01:40 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/26/2015
Scan Time: 10:36 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.26.03
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Conor
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359484
Time Elapsed: 7 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
-----
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# end=init
# utc_time=2015-12-26 04:33:04
# local_time=2015-12-26 11:33:04 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27366
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# end=updated
# utc_time=2015-12-26 04:38:02
# local_time=2015-12-26 11:38:02 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# engine=27366
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-26 04:46:34
# local_time=2015-12-26 11:46:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 13700806 0 0
# scanned=70902
# found=0
# cleaned=0
# scan_time=512
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# end=init
# utc_time=2015-12-26 04:46:49
# local_time=2015-12-26 11:46:49 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 27366
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# end=updated
# utc_time=2015-12-26 04:47:09
# local_time=2015-12-26 11:47:09 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=66e77d199efc62468691c019812a53f0
# engine=27366
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-26 06:21:27
# local_time=2015-12-26 01:21:27 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 13706499 0 0
# scanned=514868
# found=2
# cleaned=0
# scan_time=5657
sh=3C9A0082E46DA96BACF417362B67B9DCE860A523 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.IX potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-646440759-2328756091-327310450-1001\$RMG7PM5.zip"
sh=3C9A0082E46DA96BACF417362B67B9DCE860A523 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.IX potentially unwanted application" ac=I fn="C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ba8"
 


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 27 December 2015 - 06:27 AM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 29 December 2015 - 06:44 PM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 02 January 2016 - 04:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users