Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware popups started today


  • This topic is locked This topic is locked
27 replies to this topic

#1 brokedat

brokedat

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 12 June 2016 - 05:41 PM

hi!
my computer seems to be infected, even though nothing is being picked up by my virus scanner.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by glass (administrator) on WAYNETUNDRA (12-06-2016 23:28:31)
Running from C:\Users\glass\Downloads
Loaded Profiles: glass (Available Profiles: glass)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Side Effects Software Inc.) C:\Windows\System32\sesinetd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
(Side Effects Software Inc.) C:\Windows\System32\hserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(© 2015 Microsoft Corporation) C:\Users\glass\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-10-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-10-21] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2122624 2015-05-28] (3Dconnexion, INC)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Akamai NetSession Interface] => C:\Users\glass\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Spotify Web Helper] => C:\Users\glass\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-05-11] (Spotify Ltd)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [BingSvc] => C:\Users\glass\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Spotify] => C:\Users\glass\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-05-11] (Spotify Ltd)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [GoogleChromeAutoLaunch_5427F72E7D1FA2580647078C3BB90364] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1122968 2016-06-04] (Google Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Policies\Explorer: []
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\MountPoints2: {416a2c07-91f3-11e5-82ae-84a6c8d9fa9d} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\MountPoints2: {84324315-02b8-11e6-82d2-84a6c8d9fa9d} - "E:\Setup.exe" /s
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2016-04-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-141182051-2556109553-1899525483-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\glass\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-141182051-2556109553-1899525483-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-04] ()
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M138456E0-7D48-4990-A33C-834C0376DB61&SearchSource=55&CUI=&UM=5&UP=SP2093388E-9658-439D-A52F-900F3B4A6C5B&SSPV=
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=cr_36.0.1985.125&apn_uid=462180D4-ADA0-4F9C-8C85-A7E3DA48B932&itbv=12.15.1.20&doi=2014-07-19&psv=&pt=tb"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2016-06-12]
CHR Extension: (uBlock Origin) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-12]
CHR Extension: (Mailto: for Gmail™) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2016-06-12]
CHR Extension: (Dropbox for Gmail) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-06-12]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-06-12]
CHR Extension: (Earthy) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-06-12]
CHR Extension: (AdBlock) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-12]
CHR Extension: (ZenMate Web Firewall (Free, Plus Ad Blocker)) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc [2016-06-12]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2016-06-12]
CHR Extension: (Speed Dial 2) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-12]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2016-06-12]
CHR Extension: (Evernote Web) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-06-12]
CHR Extension: (Skype) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-12]
CHR Extension: (Ghostery) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Evernote Web Clipper) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-06-12]
CHR HKU\S-1-5-21-141182051-2556109553-1899525483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

Opera:
=======
OPR Extension: (Free Flash, Unity3D and html5 games) - C:\Users\glass\AppData\Roaming\Opera Software\Opera Stable\Extensions\egjicgmgibgofmekojoaaddjkagfajjh [2016-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-20] (Dropbox, Inc.)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-04-08] (Reprise Software Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 HoudiniLicenseServer; C:\Windows\system32\sesinetd.exe [2968576 2015-06-11] (Side Effects Software Inc.) [File not signed]
R2 HoudiniServer; C:\WINDOWS\system32\hserver.exe [7731712 2015-10-10] (Side Effects Software Inc.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-20] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2015-05-28] (3Dconnexion) [File not signed]
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\Windows\System32\drivers\3dxhid.sys [39184 2015-01-22] (3Dconnexion SAM)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-19] (Emsisoft GmbH)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 KMJHidMini; C:\Windows\System32\drivers\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\drivers\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 23:28 - 2016-06-12 23:28 - 00034861 _____ C:\Users\glass\Downloads\FRST.txt
2016-06-12 22:48 - 2016-06-12 22:48 - 03677248 _____ C:\Users\glass\Downloads\AdwCleaner (1).exe
2016-06-12 22:46 - 2016-06-12 22:49 - 00000000 ____D C:\AdwCleaner
2016-06-12 22:46 - 2016-06-12 22:46 - 03677248 _____ C:\Users\glass\Downloads\AdwCleaner.exe
2016-06-12 22:46 - 2016-06-12 22:46 - 00000000 ___HD C:\OneDriveTemp
2016-06-12 22:45 - 2016-06-12 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-06-12 22:16 - 2016-06-12 22:16 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-12 22:03 - 2016-06-12 22:08 - 00010670 _____ C:\Users\glass\Desktop\Fixlog.txt
2016-06-12 22:02 - 2016-06-12 22:03 - 00102016 _____ C:\Users\glass\Desktop\Addition.txt
2016-06-12 22:01 - 2016-06-12 23:28 - 00000000 ____D C:\FRST
2016-06-12 22:01 - 2016-06-12 22:03 - 00049926 _____ C:\Users\glass\Desktop\FRST.txt
2016-06-12 21:58 - 2016-06-12 22:15 - 22851472 _____ (Malwarebytes ) C:\Users\glass\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 21:58 - 2016-06-12 22:01 - 02385408 _____ (Farbar) C:\Users\glass\Downloads\FRST64.exe
2016-06-11 11:35 - 2016-06-11 11:35 - 00199114 _____ C:\ProgramData\1465572078.bdinstall.bin
2016-06-10 23:39 - 2016-06-10 23:46 - 97482185 _____ C:\Users\glass\Downloads\Ultimate Comics Avengers (2009-2010).zip
2016-06-10 23:36 - 2016-06-10 23:38 - 36353210 _____ C:\Users\glass\Downloads\Joe Golem 05 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:33 - 2016-06-10 23:35 - 33008506 _____ C:\Users\glass\Downloads\Joe Golem 04 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:30 - 2016-06-10 23:32 - 31368699 _____ C:\Users\glass\Downloads\Joe Golem 03 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:22 - 2016-06-10 23:24 - 31143884 _____ C:\Users\glass\Downloads\Joe Golem 02 (of 05) (2015) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:16 - 2016-06-10 23:18 - 31174167 _____ C:\Users\glass\Downloads\Joe Golem 01 (of 05) (2015) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 20:58 - 2016-06-10 20:58 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-10 20:58 - 2016-06-10 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-06-10 20:58 - 2013-04-17 13:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 20:58 - 2013-04-17 13:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 20:58 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2016-06-10 20:55 - 2016-06-10 20:58 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 16:21 - 2016-06-10 20:55 - 00000000 ____D C:\Users\glass\AppData\Roaming\QuickScan
2016-06-10 16:21 - 2013-05-28 11:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 16:21 - 2013-04-22 12:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 16:20 - 2016-06-10 16:21 - 10606640 _____ C:\Users\glass\Downloads\Antivirus_Free_Edition_x64.exe
2016-06-10 16:17 - 2016-06-10 16:17 - 00000000 ____D C:\Users\glass\AppData\Local\AvgSetupLog
2016-06-10 16:17 - 2016-06-10 16:17 - 00000000 ____D C:\Users\glass\AppData\Local\Avg
2016-06-07 14:41 - 2016-06-07 14:44 - 00824144 _____ C:\Users\glass\Documents\IMG_20160607_0001.pdf
2016-06-06 17:54 - 2016-06-06 17:54 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2016-06-06 17:48 - 2016-06-06 17:48 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Sam Barlow
2016-06-06 17:44 - 2016-06-06 17:44 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Inkle Studios
2016-06-05 19:34 - 2016-06-06 17:54 - 00000000 ____D C:\Users\glass\AppData\Local\Adobe_Systems_Incorporate
2016-06-05 19:33 - 2016-06-06 17:54 - 00000000 ____D C:\Users\glass\Documents\My Digital Editions
2016-06-05 19:33 - 2016-06-06 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-06-05 19:33 - 2016-06-05 19:33 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2016-06-03 19:48 - 2016-06-03 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-18 21:56 - 2016-05-18 21:56 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-18 21:47 - 2016-06-12 04:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-18 21:47 - 2016-05-18 21:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-16 19:54 - 2016-05-16 19:54 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 22:52 - 2015-06-15 10:12 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-12 22:48 - 2015-06-15 01:11 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 22:48 - 2015-06-15 01:11 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 22:47 - 2015-06-15 10:16 - 00000000 ___RD C:\Users\glass\Dropbox
2016-06-12 22:46 - 2015-10-09 00:19 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-06-12 22:46 - 2015-06-15 04:09 - 00000000 __RDO C:\Users\glass\OneDrive
2016-06-12 22:45 - 2015-06-15 17:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-12 22:44 - 2015-10-21 15:13 - 00000000 __SHD C:\Users\glass\IntelGraphicsProfiles
2016-06-12 22:44 - 2015-07-17 17:19 - 00000000 ____D C:\Users\glass\AppData\Local\HTC MediaHub
2016-06-12 22:44 - 2015-06-15 18:38 - 00000000 ____D C:\ProgramData\Reprise
2016-06-12 22:44 - 2015-06-15 10:12 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-12 22:43 - 2015-11-15 23:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-12 22:43 - 2015-11-15 22:51 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-12 22:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\System
2016-06-12 22:42 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-12 22:20 - 2015-06-15 01:10 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3058B6D9-01BC-490C-9F63-1BFDB614B65E}
2016-06-12 22:19 - 2015-06-15 11:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 22:16 - 2015-06-15 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 22:16 - 2015-06-15 11:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 22:04 - 2015-10-06 02:41 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Temp
2016-06-12 18:30 - 2015-06-15 10:26 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-06-12 13:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-12 13:21 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-12 04:09 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-12 03:52 - 2015-06-15 16:30 - 00000000 ____D C:\Users\glass\AppData\Local\Adobe
2016-06-12 03:49 - 2015-08-06 21:00 - 00000000 ____D C:\ProgramData\Unified Remote
2016-06-12 01:00 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 01:00 - 2015-08-31 16:37 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-12 00:53 - 2015-12-29 16:38 - 00000000 ____D C:\Users\glass\AppData\Roaming\CDisplayEx
2016-06-11 20:27 - 2015-08-03 17:35 - 00000000 ____D C:\Users\glass\AppData\Roaming\MediaMonkey
2016-06-09 23:34 - 2015-09-20 23:47 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442789264
2016-06-09 23:34 - 2015-09-20 23:47 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-09 23:34 - 2015-09-20 23:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-08 21:49 - 2015-06-15 01:12 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 11:05 - 2015-06-15 12:01 - 00000000 ____D C:\Users\glass\AppData\Local\CrashDumps
2016-06-07 16:55 - 2015-11-15 22:57 - 00000000 ____D C:\Users\glass
2016-06-07 14:44 - 2015-08-09 15:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-06 17:54 - 2015-06-15 16:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-06 14:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-06 14:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-06 14:27 - 2015-11-16 13:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-06 14:27 - 2015-10-19 03:22 - 837794932 _____ C:\WINDOWS\MEMORY.DMP
2016-06-05 02:43 - 2015-11-03 13:17 - 00000000 ____D C:\Users\glass\AppData\Local\ElevatedDiagnostics
2016-06-03 19:48 - 2015-06-15 10:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-28 13:18 - 2015-06-17 14:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-23 19:36 - 2015-08-31 17:20 - 00002404 _____ C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-22 17:00 - 2016-03-26 22:04 - 00000000 ____D C:\Users\glass\Desktop\Brogue-windows-v1.7.4
2016-05-21 22:04 - 2015-11-15 22:45 - 05138392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-18 22:14 - 2015-06-15 22:17 - 00001456 _____ C:\Users\glass\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-18 21:47 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-17 16:55 - 2016-01-07 19:52 - 00000000 ____D C:\Users\glass\Desktop\CURRENT PROJECTS
2016-05-14 10:22 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 20:40 - 2015-06-15 10:12 - 00000000 ____D C:\Users\glass\AppData\Local\Dropbox
2016-05-13 07:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-06-29 19:48 - 2016-02-02 11:50 - 0000132 _____ () C:\Users\glass\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-29 19:54 - 2015-06-30 02:35 - 0000132 _____ () C:\Users\glass\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-08-02 13:20 - 2015-08-17 09:36 - 0000033 _____ () C:\Users\glass\AppData\Roaming\AdobeWLCMCache.dat
2015-11-13 16:30 - 2016-05-06 22:24 - 0002489 _____ () C:\Users\glass\AppData\Roaming\SpeedRunnersLog.txt
2015-06-15 22:17 - 2016-05-18 22:14 - 0001456 _____ () C:\Users\glass\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-26 22:24 - 2016-03-15 03:35 - 0007612 _____ () C:\Users\glass\AppData\Local\Resmon.ResmonCfg
2016-06-11 11:35 - 2016-06-11 11:35 - 0199114 _____ () C:\ProgramData\1465572078.bdinstall.bin
2015-11-15 22:52 - 2015-11-15 22:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-12 23:21

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by glass (2016-06-12 23:29:04)
Running from C:\Users\glass\Downloads
Windows 10 Pro Version 1511 (X64) (2015-11-15 22:28:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-141182051-2556109553-1899525483-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-141182051-2556109553-1899525483-503 - Limited - Disabled)
glass (S-1-5-21-141182051-2556109553-1899525483-1001 - Administrator - Enabled) => C:\Users\glass
Guest (S-1-5-21-141182051-2556109553-1899525483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-141182051-2556109553-1899525483-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.2.6 - 3Dconnexion)
3Dconnexion 3DxWinCore (Version: 17.2.6.11469 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD (Version: 5.0.3 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2015 (Version: 2.1.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST7 (Version: 3.2.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for SolidWorks 2005 - 2015 (Version: 3.2.0 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2015 (Version: 3.0.3 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (Version: 4.1.0 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (Version: 1.3.3 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max 2008 - 2016 (Version: 6.1.2 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2016 (Version: 5.1.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v4.0 - v10.0 (Version: 3.2.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 and CC (Version: 2.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 3.0 (Version: 2.2.2 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.3 - 3Dconnexion) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
80 Days (HKLM\...\Steam App 381780) (Version: - inkle Ltd)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Extension Manager CS6 (HKLM-x32\...\{83463106-DD1C-4FE5-A61C-DF6715472AD4}) (Version: 6.0.8 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.142.62248 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.142.62248 - Alcor Micro Corp.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version: - Ubisoft Montreal)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.7.696.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.7.696.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk 3ds Max 2016 SP3 (HKLM\...\Autodesk 3ds Max 2016 SP3.1) (Version: 18.7.696.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max (Version: 16.0.394.0 - Autodesk) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blood Bowl 2 (HKLM-x32\...\Steam App 236690) (Version: - Cyanide Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Castle Crashers (HKLM\...\Steam App 204360) (Version: - The Behemoth)
CDisplayEx 1.10.29 (HKLM-x32\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version: - FromSoftware, Inc)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version: - QCF Design)
Downwell (HKLM-x32\...\Steam App 360740) (Version: - Moppin)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Eldritch (HKLM\...\Steam App 252630) (Version: - Minor Key Games)
Epic Games Launcher (HKLM-x32\...\{9002F83C-DA49-411E-9CF0-111CB3979F9C}) (Version: 1.1.50.0 - Epic Games, Inc.)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version: - The Foundry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
Her Story (HKLM\...\Steam App 368370) (Version: - Sam Barlow)
Houdini 15.0.244.16 (HKLM\...\Houdini 15.0.244.16) (Version: 15.0.244.16 - Side Effects Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.61.0 - HTC)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Insurgency (HKLM\...\Steam App 222880) (Version: - New World Interactive)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Kentucky Route Zero (HKLM-x32\...\Steam App 231200) (Version: - Cardboard Computer)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MODO 901 Content 1 (HKLM-x32\...\MODO901_Content1) (Version: - )
MODO 901 Content 2 (HKLM-x32\...\MODO901_Content2) (Version: - )
MODO 901 Content 3 (HKLM-x32\...\MODO901_Content3) (Version: - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-b0c63f02-2bf5-4202-8b40-18f5e588b1c7) (Version: - Epic Games, Inc.)
No Time To Explain Remastered (HKLM\...\Steam App 368730) (Version: - tinyBuild)
Node.js (HKLM\...\{4B289DDD-4822-4706-902D-EE51DD657040}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pixar RenderMan Pro Server 20.4 (HKLM\...\{142AC600-7945-11E5-8F2E-2C27D7EF5B5C}) (Version: 20.4.1545505 - Pixar)
Pixar RenderMan Pro Server 20.6 (HKLM\...\{0A28AEF0-A2EF-11E5-B626-2C27D7EF5B5C}) (Version: 20.6.1562369 - Pixar)
RailsInstaller 3.1.0 (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1) (Version: 3.1.0 - RailsInstaller Team)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Read Only Memories (HKLM\...\Steam App 330820) (Version: - MidBoss, LLC.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RenderManNC-Installer (HKLM\...\{DAB7A2E1-D380-11E4-BBF3-001CC4171F87}) (Version: 1.0.0 - Pixar)
RenderManStudio-20.6-maya2016 (HKLM\...\{05C0B88F-A2FD-11E5-8B0B-2C27D7EF5B5C}) (Version: 20.6.0 - Pixar)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version: - Ubisoft)
Spotify (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Foundry MODO 901 build 85499 (HKLM-x32\...\901_64) (Version: - )
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - Telltale Games)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB)
Unity Web Player (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - ASUS (ATP) Mouse (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DBDFEF1D0EDC}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FC48BF-7BB4-44E4-BDB3-AB39456FA070} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {06579FA5-6DA3-4876-A0B1-C80EBC7F874E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {095AC72D-B5A0-4998-B224-7F0ABD4BF267} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {15926045-3BED-4D0D-9F97-8DB6A079F096} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-21] (Realtek Semiconductor)
Task: {166377AA-CDF9-4964-B100-BCE621D34A6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {238D3F20-47FB-423B-9970-097E9963F034} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {24A8FEC9-FADB-44C3-8FFC-E6422DE78322} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {27B8217B-511A-4404-9DCE-2D3D725E987C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {2A570E90-7918-4952-9FBA-0840F6764771} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4736FCDC-0B14-438E-826E-34736DD65F71} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2015-05-28] (3Dconnexion, INC)
Task: {4FC0821F-1755-4F6C-936D-0ECA000DA57C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {56BAEB37-3346-46CC-9B7B-723DC29AE545} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A0A63F2-4884-4FA5-86F3-D48790016C9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F9DC5C9-E652-40A2-8F52-38B915CEC281} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-20] (Dropbox, Inc.)
Task: {7A5B5973-4DA1-42B2-9062-7E16B0219CC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {7CC7BDBE-6021-46B1-83F4-17621FFC6355} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8235D99C-DF22-46CB-97E6-3F18ECE3231A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B17660C-779C-4B50-ACCD-3B8D2E0A7F4D} - System32\Tasks\Opera scheduled Autoupdate 1442789264 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-07] (Opera Software)
Task: {93C4081D-BBD6-4C93-9EFA-1938ABA079F9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9B004AE2-0847-4E8A-835C-49855F684F66} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {A517FE5F-2AE4-42D5-993C-93A4C95D6EE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4712A2D-C561-4DD9-856F-D8C6E125D8D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-20] (Dropbox, Inc.)
Task: {B6C4EFA4-1F20-424C-B36C-501D0F9A86EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-26] (Microsoft Corporation)
Task: {BE140F31-BA86-41FC-89CC-7DF050356E5A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-boeufkak@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {C62764BD-F8AB-41C0-8919-E76CD6776DCF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E34C333D-661C-4096-BAE2-C517F4AFCEFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {F0DC017F-CB05-4397-A57E-4AAFF4B951E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F47C84D4-56D4-4D08-81E5-CC1E6F81142A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FA90B66A-BCF7-448D-BECF-53EADAC571D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAE805E-C587-4564-8DD4-0B8F9D19D28F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat (No File)
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\RubyGems Documentation Server.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\gem.bat (No File)

ShortcutWithArgument: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Command Prompt with Ruby and Rails.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\RailsInstaller\Ruby2.1.0\setup_environment.bat C:\RailsInstaller
ShortcutWithArgument: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-10 20:58 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-06-10 20:58 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-11-15 22:51 - 2016-04-27 13:18 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-21 19:27 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-02-19 03:32 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-19 03:32 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-08-09 15:28 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-04-05 15:57 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-05 15:57 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-05 15:57 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 18:13 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-13 22:46 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-06-17 13:47 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-04-13 22:46 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-14 05:23 - 2015-11-14 05:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-23 19:36 - 2016-05-23 19:36 - 00959168 _____ () C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-18 21:51 - 2016-05-26 10:13 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-09 18:32 - 2015-07-09 18:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-10 19:47 - 2016-04-23 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-19 11:44 - 2015-10-19 11:44 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-12-18 11:17 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 19:46 - 2016-04-23 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 19:47 - 2016-04-23 05:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 19:47 - 2016-04-23 04:58 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-10 19:47 - 2016-04-23 04:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 19:47 - 2016-04-23 05:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-28 21:18 - 2015-05-28 21:18 - 00038912 _____ () C:\WINDOWS\SYSTEM32\SPWINI.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2016-01-28 21:24 - 2016-01-28 21:24 - 00231464 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2015-07-08 18:08 - 2015-07-08 18:08 - 00225792 _____ () C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
2015-11-14 05:22 - 2015-11-14 05:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-04-19 06:33 - 2016-04-19 06:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-08 21:49 - 2016-06-04 02:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 21:49 - 2016-06-04 02:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-06-08 21:49 - 2016-06-04 02:01 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-10-19 11:44 - 2015-10-19 11:44 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:55 - 2015-04-13 15:55 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-04-20 19:18 - 2016-03-23 11:02 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-04-20 19:18 - 2016-03-23 11:02 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2015-06-15 20:24 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-15 17:40 - 2016-04-29 21:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-15 17:40 - 2016-06-09 23:24 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-15 17:40 - 2016-06-09 23:24 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 05:46 - 2016-02-17 23:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-05-23 19:36 - 2016-05-23 19:36 - 00679624 _____ () C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-12 05:00 - 2016-05-05 11:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-03 19:48 - 2016-05-05 11:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 05:00 - 2016-05-05 11:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-12 05:00 - 2016-05-31 19:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 05:00 - 2016-05-05 11:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-03 19:48 - 2016-05-05 11:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-03 19:48 - 2016-05-31 19:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-03 19:48 - 2016-05-05 11:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 19:48 - 2016-05-05 11:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-03 19:48 - 2016-05-31 19:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-03 19:48 - 2016-03-12 01:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-03 19:48 - 2016-05-31 19:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 19:48 - 2016-05-31 19:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 05:00 - 2016-05-05 11:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-13 22:40 - 2016-05-31 19:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2012-10-16 10:39 - 2012-10-16 10:39 - 00060504 _____ () C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-07-09 18:32 - 2015-07-09 18:32 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-06-15 17:40 - 2016-06-01 01:21 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 14:22 - 2015-11-25 14:22 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-04-19 06:33 - 2016-04-19 06:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:33 - 2016-04-19 06:33 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\glass\Local Settings:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\Application Data:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\ptPTX9a6w7LRPky:KPTJpL4AMxTZa2rQxDoJp4xtn8K [2040]
AlternateDataStreams: C:\Users\glass\AppData\Local\Temp:jJEqoZova0uj5aQDqRX24K3NM [1962]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-06-15 16:58 - 00008049 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.de
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.de
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 a125-252-224-90.deploy.akamaitechnologies.com
127.0.0.1 a125-252-224-91.deploy.akamaitechnologies.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.nero.com
127.0.0.1 activate.nero.de
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.de
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-3.adobe.de

There are 153 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\glass\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{07634627-6EEF-4D88-AE44-CF7B34B32853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{0BE0981B-611D-4A9C-8ACD-41B499F8DA1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{8EEEBC20-48F0-4181-B644-DB87A86BE299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{A88A1141-32EF-4AA9-8D29-79000AC2885A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{0E7D3D09-C42C-4AFD-9DE0-91EE2E0F3521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{AAE79756-34A8-4B71-B835-4F362CD4260C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [UDP Query User{49889D6A-AE85-4B54-891A-6228E6B361A0}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{0839FCAF-5A84-4129-8D33-7C5147FAB516}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{33F9F37C-8725-4413-BD27-3BE025FB3193}C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [TCP Query User{D6DD1576-9DA0-42B9-9E0A-2F2F42F3D279}C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [UDP Query User{700A5F4E-6584-47FD-82FD-48E999E60E17}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{20FAED5A-ABDB-4881-A7DA-D74168076990}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [{BC4EB5B7-229A-4109-A403-806CC00A7857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{DE46E318-6E3C-4F5C-84E5-C5148E3EC1EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{53533A8E-0737-46A2-B91F-082DFC731827}] => (Block) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [{3B3B9102-6A24-4C71-B201-C27076AD441E}] => (Block) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [UDP Query User{B91F85B2-F6DE-41C9-830F-783812B5A34A}C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [TCP Query User{B186AE83-84AF-4138-A25E-E153E29406CD}C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [UDP Query User{646CA92D-30BA-4343-81B5-36533D929276}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{BB019118-8488-4918-9D31-914C15D70934}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0A31B564-F8FE-4880-A561-2E2CDEB794AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{A36CD29E-37D5-4AC6-B8B1-D4881A03B250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [UDP Query User{E99CA7A2-DF6D-4F7B-A49C-7968FA6F4CDD}C:\program files\luxology\modo\901\modo.exe] => (Allow) C:\program files\luxology\modo\901\modo.exe
FirewallRules: [TCP Query User{93B364B9-F8D8-473A-A22E-98F626B6F571}C:\program files\luxology\modo\901\modo.exe] => (Allow) C:\program files\luxology\modo\901\modo.exe
FirewallRules: [{145B9F3B-5079-4E74-9FCF-87B88E98DCCF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{DB523FE6-4ED2-4C39-9725-856EF19B76D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{A05D183C-B553-4933-8B48-07598AFD21BF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{C7563D85-919E-451E-8084-98B96C91ACB7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{818C0AA2-EFA0-46F6-8AFA-87B7279986C1}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{7F7F10B3-4982-4184-9733-DCAADD0D9E9A}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{E2763C02-4791-4C5D-8D74-0F7CA13AC0BD}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{0A81001D-64A7-4786-9A55-9F7016A43BCC}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{EB93F349-F6F2-452C-8854-D92C06468F03}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{75E51507-9798-42AB-A569-6B7C84BCB98B}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{AEA0F2DF-A1CF-4CE7-A2CB-7D52F8075EB7}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{0F6C57F2-FAA4-4B01-8B02-AEACDDCE4E7E}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{C864FB89-E917-4F10-8870-1A4B0A146697}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A6E2DF2C-24D8-4630-9B1B-CD1F126186AB}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [{81C5E616-E563-4E50-9DC7-65CDABFACBB2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{9B439DF1-BBD8-4982-B34D-E6880F4D632D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{849DEEDB-75F7-4B29-85FB-22BC83B14BB3}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{F4E4847C-E684-44E4-9EA3-48EF2FEFD7AD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{8BCA5D08-9B07-4087-8AAC-D1F2E9A06E21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F562284-E3EE-4BF4-907F-7E162BB96706}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2ACDD3DE-0897-40A1-860F-03F6C8EB209E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EBAA3EB-69BD-454A-B80A-0D0C8C783FC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51C270D7-F227-4158-B72C-36970E761C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{3C1C80C6-8695-4D54-9671-0F57476048A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{FBBE09DB-9D29-47B2-A14F-6B4ACC4399A6}] => (Allow) C:\Program Files\Luxology\modo\901\modo.exe
FirewallRules: [{7F235DF7-2CF0-45D2-93BF-710A2DE42382}] => (Allow) C:\Program Files\Luxology\modo\901\modo.exe
FirewallRules: [{5768A026-A007-48CE-844B-2B3D90F4B008}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33AE8020-A7DB-4DF6-B25F-F6749BE6F081}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5348ADA8-FA14-4A8F-8789-3E40D4DBF563}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6DC2FEC6-C4F5-4598-92B5-1674966A3CD7}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BC290BA8-B47B-427D-B326-9C4DED49964A}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D9CF6EA-8EFE-43E1-84AC-0021ED0E042D}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EC64D8DA-7F62-4994-9BBB-F664CBB34542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{879B5F00-1342-4191-93DA-B3F816D729FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{3AD0A83C-14A3-4048-97AA-70C576BCE4D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{BC95201F-E54A-465C-A765-AC90497FBFC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{1A9B68F3-423F-4B73-B806-2D3C92C92B9C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BAF60C5-AFF9-4A75-A182-8F198EA979ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7632DCCC-51C7-4C34-A48A-360CE92B9856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AD76FD05-A76F-4626-AB98-1B046FB51918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4A616A85-AB2C-4A25-AE7B-33A7378EED78}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E206FA0F-9E38-42C5-A897-5F0FCCC8A19B}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9CE1935-3BBE-4254-B6D6-943E2841E535}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{86773DBF-2E76-457D-879F-41ED6C328516}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C30B5E1-AFD2-4A65-847E-19A48274C632}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6F5F120-6779-416D-BB3B-C9AB33A9C1DA}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E54D2529-45C9-48D2-B9C2-D2CABEED6EDC}C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe
FirewallRules: [UDP Query User{9B171806-9BFF-4174-86E0-9DC02AFA41E5}C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe
FirewallRules: [{1642C9E2-63DB-469F-9FAA-9A8E90699981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F6368620-44C1-4B00-8A55-262D7BBFB8F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{3AA4F72C-DF52-47A0-AE01-5E56BA689D9F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{49645F44-7E51-411A-960F-A91C05B4D070}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3EDD6AB0-D3D3-4986-BAE7-41AC4BF31E9E}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B6E65CF2-5220-48EC-ACFB-941578BBF83C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4EFCCCAB-DE56-43CF-A009-B7FAAE2A48A1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{F355A0DB-5BBB-4BF0-A5F1-8C01C0CBFBD1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{27F31C6A-00CF-491D-A39C-99C45A081CB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{1014BE30-BB08-4CC4-BC0E-3787727E9FF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E5E7564F-3CDB-4D88-977A-1679108F570A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{07A86312-ADC7-4999-917E-1942DCB7AE9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2D4C2573-73C2-46EC-BF41-B4F0B4423C21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{28D0D5BE-5E99-4882-95E4-C4BD0ABE3661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{0A274B2E-FFAD-4355-B023-D13FC33A35E9}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [UDP Query User{A5401656-6CAB-49E3-90B3-1DE66171B39B}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [TCP Query User{F1EC50C4-CD66-4C36-8FC0-2D445E89BE92}C:\railsinstaller\ruby2.1.0\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.1.0\bin\ruby.exe
FirewallRules: [UDP Query User{F30BC4C9-2AC0-466C-98E7-DF9CDB41D46D}C:\railsinstaller\ruby2.1.0\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.1.0\bin\ruby.exe
FirewallRules: [TCP Query User{B1E54A1E-FA62-4606-A945-DCC7F0053B3D}C:\users\glass\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\glass\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{3596E3AC-1282-4F3F-9154-834D426B34B3}C:\users\glass\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\glass\appdata\local\popcorn time\nw.exe
FirewallRules: [{AEBC5E32-3A4B-4EA3-B49A-2737F8289C61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{4C130D05-0940-4C5E-95CD-F4A90EF3F9C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{7E87C98E-AB48-46D6-AC14-9EF0061EBA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{2FD62CCC-48D2-49E3-B9D0-957D0851245D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3BFB25F0-E813-4E42-9A16-2D1AC0357BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{378E586E-DAE1-42D0-8967-8425B23E664D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{ECA8938B-3491-45FA-A7A1-0B5A9698D918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{73081660-8999-44E4-A3B9-C6C31E6A6E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{D60C6DE0-9A85-49CA-AD01-C17CAD1E4AE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FCEB1B72-1D5C-433C-A382-F4A41CCEB709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{699A55E3-37DC-45FB-8012-B4CAEA23DF19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{582477F2-0A9D-4529-9954-C08B92D30533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{4BD54D0E-6267-4342-B5F6-78D8068079AA}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{C4CEA1CD-4DF0-4E18-BD02-57223DDDE100}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{2EC618D0-56A8-49D7-BD81-907774058418}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD2AEA65-0A01-48C3-B296-206B010D9E3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{129F6CD2-E447-4ECC-B9F1-5206CCF92D4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6111B78-14C5-4C3B-BBD8-82DF6519E6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6781D8D1-82ED-40A8-A257-A1F3431F586E}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{23A53170-4526-4553-833F-D4A10D8ABD3C}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{B33D495D-260E-419A-8574-ED1905D4F265}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{146AF4EE-E274-4338-8BBA-80D8465138ED}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{10A672D9-38C4-421E-98F0-91DA63B20794}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{08AA241A-FDC8-4735-BCEF-0E6492047BE9}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{22CAB362-E423-4B2B-B435-D0B658289DCB}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [TCP Query User{59C4154A-4806-4CFB-942E-1EBF4E801470}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{59F6241F-C770-4BDE-800E-C2D2BB131B2D}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{59BF372E-0DFC-4E3A-99DD-7551069A1B54}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{80E94C3A-F9C3-4F58-934E-DE6FB024622E}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{6D41EC7B-2559-4102-B7C8-9D6B6A2649B7}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{DEFB33DF-516C-4FC5-9350-553E3036520E}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [{DE5BC777-B155-4915-BF43-654E4E260E69}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{EA5B681F-830F-4B77-8416-4BD390EF3E93}C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe
FirewallRules: [UDP Query User{72088D48-310E-416D-8593-D7856D7E9488}C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe
FirewallRules: [TCP Query User{1DBBD053-FE2E-408E-9C81-E323F875B89D}C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe
FirewallRules: [UDP Query User{38420032-BEEC-471E-A6AB-D7AEFDED02C5}C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe
FirewallRules: [TCP Query User{A1C0A389-C0C8-4295-90BD-1857DE4FAAE4}C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [UDP Query User{57FF76D3-2757-4540-BD69-24370A28D410}C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [TCP Query User{5CDB7FC5-DA9F-4E2B-9282-2F60A457C2B7}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [UDP Query User{F9F41088-7D67-4418-98A5-01360FC1212A}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [{B10488D8-959D-4F55-933E-F9E195088869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{64B6FA53-9A86-4E5F-8BCA-34B14598575B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{623DE9F4-0591-4AF2-B0AE-515845FA4944}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{FD618311-F62B-4BDB-80EC-23C21C830A47}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{AC13564F-1611-4DC5-8C0D-14955FE531C9}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{C043BCC0-B593-4D61-807E-1761BA8FAF67}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{24D770CC-54E0-4732-9E70-C313E010CDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{3E7D37CC-CD63-48B0-AD0E-0F0344AB1450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{494D0BF1-BDD3-43F2-A0CF-4BDE0DB73AC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{3A9E68AE-6E51-486F-B37D-EAE1797B55BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{635F6CC5-3E7A-4C4C-820B-03E5CDA7F079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{21B16159-9E33-4475-AD8D-938A6C23C529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [TCP Query User{0CC7BBAB-123C-449E-8E01-3A65AB600056}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [UDP Query User{46DED8BA-C385-4536-8E6E-E4E000248C61}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [{9A6B556C-E0F1-4AC2-A68A-A4EE986F227D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{0762A2ED-F28A-4FDE-A200-3508948D79E6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{7B8DA2BF-0B95-48B9-89EB-4C565CD64DF6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{3F98B900-0FB6-4449-826D-F8254D0C4E90}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{A1030A5B-F480-400F-8E28-DAA9F93BE79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [{AC2C9D3C-6577-42DB-8ABC-5994C0773F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [TCP Query User{396773FB-654E-47B3-B63D-A2118A2901C0}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{ADA8E1D3-19A5-4FF4-824B-BBBFAB7CA17A}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{207B9F24-8106-4B41-B5D7-582AA2F5C43B}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{8E2C803F-668D-4CE8-B451-12055906D509}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{0D7A9B12-61D6-42EB-9288-ABE06B1D3598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{68F61DCC-67F5-432D-90C3-CFE41BF2AC06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{F3B4184A-2E92-447E-8297-A7332611DB08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{86397AE0-F1F3-4627-BB86-A3211B4222DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{DF3E7C63-BF16-49FF-ACA7-E9826CFB496D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{7FEA67F5-BB9C-43F7-A63B-2C4D72DC8223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{AC9266AB-EDF3-4C92-BD16-4583AB707FBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{8F2BDCBD-2CD1-4389-B264-2A2B2E473B50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{DE5EFDFC-52DD-4876-8802-95744F6DF200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{A422417E-7A41-493A-8DBF-BBD5C296ADBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{45ED8ADE-F162-451C-9A48-F0380D6C5C45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{DDF682E8-37C8-421C-8BC5-D5C537ED5BBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{4D3A6A36-34FA-440F-829A-437BB004AB1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{8ADC7768-B0FA-4090-A915-B47857036F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{94D67E2C-0F7E-4B7C-BF88-EBF5C28D52A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{33898CE7-786C-4267-9361-2A80770B717C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{4528EA85-A85D-4B28-9CA3-350663844050}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FC3281A4-8632-4470-B2B6-16D416E684EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1FE3A051-5413-400C-A20B-B433BEF669D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{124A612F-A060-4341-8492-94B14271A18E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{23CE8BB9-2E9E-49CD-9A2A-94E2071EA52A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{8337C047-BEA7-44CA-9112-F1F5B9C4FE65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{CCC9D65E-4E8A-4D1C-B9E5-F4D7985BFBAA}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [UDP Query User{B9BD39BA-D0AC-460E-AA36-E2202DB0910F}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [{FD2D1451-2DC1-42BC-9E73-0BC990040966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B49C9929-F404-4BDD-B4C3-BE6280D6C90C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{C57CA21C-F121-4215-B4DB-821B7EF4D4E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{4F3BA0E9-BAB8-48F6-9CCE-C38DED1063C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{54B6CEE0-65F5-4CB1-BA80-7B30497004C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{2612D965-F06E-46DE-AFFF-03019EC31D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{6B0F0DDA-5866-4F50-AA79-3FA2E12F6A92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{98AC9D0A-47B9-4DCA-9E10-23FFA945266A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{C243A58E-CC0D-4BF0-8E09-41EB04495F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1F0896A4-AAC5-4306-92F1-6900528F2D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{606163FA-2DBE-4AA7-AE79-9F6F160CB36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{4C32475A-977C-4C65-B441-90E826E12F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{3CCD266E-D915-4BEE-AFF1-95320EE5A6FA}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{2196F90C-9DA6-4EB5-AA1A-B0F69694D85D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{9B09D090-4F5C-45CC-93FB-0A12EBF6CAAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{1369D4D5-5E4E-41D3-8EE4-B6196E075C72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{0F04D9D0-ACFB-47AF-A6E9-0C08BF2172FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1C16A849-B9CD-4F0B-AC7B-D2E514F487D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0A63D6F1-A7C0-4261-B4A5-D4A1564C2273}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{09E7514E-AA06-42CB-8FFD-0869F8037AAC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5E0B6CAF-0AC4-4FC4-A900-327044D029FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe
FirewallRules: [{9F42C4EC-096E-4A32-BA20-C4C4BD86D6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe
FirewallRules: [{577B9C29-4BFF-4AAB-B2C2-A97620DFF554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\80 Days\80 Days.exe
FirewallRules: [{21BB6889-3587-4170-A8A9-E4BAD515FCA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\80 Days\80 Days.exe
FirewallRules: [{4EC0EF1E-9BAA-4410-BB76-CBBDB21349B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{722E5425-BDF8-41D8-BD0C-6486024D93FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{E27589B5-4C7F-4F63-A264-2248064CC071}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{84D1B42C-7FE0-4DD6-AE27-84811648C155}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{D3BE8AA4-DB04-4E93-BEE6-7610C80A8E3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{44786570-BADB-41D1-8DE3-C352761075B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{C3A1B6C5-D0DE-4139-9D46-9C0542F45846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{7D183C4C-2A1B-448E-AB6C-B614E38A9449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{A69357FF-9220-4B45-A781-2B5F00345838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{8C5908B0-4933-414A-923F-54FBCF312AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{98262C57-4D66-4B1C-AF9B-B53331D62BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{029B05C6-C2C8-4A2B-B03D-AC12CC6FBE0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{56C91BE0-EDF0-4673-9F2A-B3E7FD435B75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe

==================== Restore Points =========================

22-05-2016 14:18:42 Scheduled Checkpoint
31-05-2016 05:44:29 Scheduled Checkpoint
09-06-2016 00:25:57 Scheduled Checkpoint
12-06-2016 22:03:58 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2016 11:13:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2016 10:51:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2016 10:16:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2016 10:04:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/12/2016 10:03:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2f3d462f-2f84-416e-a396-c67426759392}

Error: (06/12/2016 09:51:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 51.0.2704.84 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b54

Start Time: 01d1c4ec28303380

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 79093c95-30df-11e6-82db-84a6c8d9fa9d

Faulting package full name:

Faulting package-relative application ID:

Error: (06/12/2016 09:16:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2016 07:23:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2016 05:23:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/12/2016 05:15:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/12/2016 10:42:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2857fa service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:42:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2857fa service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:42:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2857fa service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:42:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2857fa service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:42:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/12/2016 10:08:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7338e2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:08:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7338e2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:08:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7338e2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:08:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7338e2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/12/2016 10:08:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-06-12 04:08:08.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-10 03:11:35.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-08 14:49:33.841
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-06 17:56:12.254
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-06 17:56:12.239
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-06 17:55:32.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-06 17:55:32.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-06 15:01:16.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-05 18:19:45.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-05 02:52:02.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 8077.47 MB
Available physical RAM: 4073.41 MB
Total Virtual: 10637.47 MB
Available Virtual: 6287.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:832.54 GB) (Free:409.48 GB) NTFS
Drive d: (SCRATCH) (Fixed) (Total:97.66 GB) (Free:80.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 15 June 2016 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 12 June 2016 - 06:03 PM

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-06-13 00:02:59
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000LM014-1EJ164 rev.SM14 931.51GB
Running: 3bq4gm7q.exe; Driver: C:\Users\glass\AppData\Local\Temp\uglyyuob.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [712:5332]                                                                                                                                                                                                fffff961e4914060
Thread    [116:1124]                                                                                                                                                                                                                             00007ffde76d47b0
Thread    [116:1384]                                                                                                                                                                                                                             00000000009ed670
Thread    [116:1388]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1392]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1396]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1400]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1404]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1408]                                                                                                                                                                                                                             00000000009ed680
Thread    [116:1412]                                                                                                                                                                                                                             00000000009ed6c0
Thread    [116:1416]                                                                                                                                                                                                                             00007ffde34c4b00
Thread    [116:1420]                                                                                                                                                                                                                             00007ffde34c43a0
Thread    [116:1424]                                                                                                                                                                                                                             00007ffde34c45c0
Thread    [116:1428]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1432]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1436]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1440]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1444]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1448]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1452]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1456]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1460]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1464]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1468]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1472]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1476]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1480]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1484]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1488]                                                                                                                                                                                                                             00007ffde34c46c0
Thread    [116:1492]                                                                                                                                                                                                                             00007ffde34c4830
Thread    [116:1496]                                                                                                                                                                                                                             0000000006909aa0
Thread    [116:1500]                                                                                                                                                                                                                             00000000069066c0
Thread    [116:1504]                                                                                                                                                                                                                             00000000069045d0
Thread    [116:1508]                                                                                                                                                                                                                             00000000069045d0
Thread    [116:1512]                                                                                                                                                                                                                             0000000006905d90
Thread    [116:1516]                                                                                                                                                                                                                             00007ffde26e5c90
Thread    [116:1520]                                                                                                                                                                                                                             00007ffde34e88c0
Thread    [116:1524]                                                                                                                                                                                                                             00007ffde34e8fa0
Thread    [116:1532]                                                                                                                                                                                                                             00007ffde2489420
Thread    [116:1540]                                                                                                                                                                                                                             00007ffdea0ab350
Thread    [116:4968]                                                                                                                                                                                                                             00007ffde36897c0
Thread    [116:4040]                                                                                                                                                                                                                             00007ffdea0ab350
Thread    [116:10500]                                                                                                                                                                                                                            00007ffdea0ab350
Thread    [116:2336]                                                                                                                                                                                                                             00007ffdea0ab350
Thread    [116:3944]                                                                                                                                                                                                                             00007ffdea0ab350
Thread    [116:4184]                                                                                                                                                                                                                             00007ffdea0ab350
---- Processes - GMER 2.2 ----
 
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]    000000005a990000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]  000000005a370000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]    0000000059e70000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso99Lwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]   0000000059830000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]                 00000000589d0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10148]            00000000567e0000
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                                                                                                       -390756258
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c8d9fa9d                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c8d9fa9d@b869c27265eb                                                                                                                                                0x5C 0x8C 0x8B 0x6F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Bluetooth_UniqueID                                                                                                                                       {00001116-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID                                                                                                                                       {00001105-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003@Bluetooth_UniqueID                                                                                                                                       {00001112-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0003@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID                                                                                                                                       {0000110c-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@Bluetooth_UniqueID                                                                                                                                       {0000112d-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@Bluetooth_UniqueID                                                                                                                                       {0000111f-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@Bluetooth_UniqueID                                                                                                                                       {0000110a-0000-1000-8000-00805f9b34fb}#D40B1A11DDB8_C00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@BackupContext                                                                                                                                            0x02 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@Bluetooth_UniqueID                                                                                                                                       {00000000-0000-0000-0000-000000000000}#D40B1A11DDB8_00000000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@ConnectionCount                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\4c-09-d4-a2-06-4c@ClientLocalPort                                                                                                                                  61283
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\4c-09-d4-a2-06-4c@AddressCreationTimestamp                                                                                                                         0x81 0x6A 0x6E 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\4c-09-d4-a2-06-4c@TeredoAddress                                                                                                                                    2001:0:9d38:6ab8:bb:109c:a06b:856c
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                         18262
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                        2544
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}@LeaseObtainedTime                                                                                                             1465767838
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}@T1                                                                                                                            1465854238
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}@T2                                                                                                                            1465919038
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}@LeaseTerminatesTime                                                                                                           1465940638
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                                                                                                                     0x59 0x65 0x96 0x8B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                                                                                                          0x59 0xCD 0x5A 0xED ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                                                                                                           0x59 0xFD 0xD1 0x29 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount                                                                                                                                                     0x09 0xEE 0x21 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw                                                                                                                                                                                      0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask                                                                                                                                                                                  0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw                                                                                                                                                                                      0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask                                                                                                                                                                                  0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw                                                                                                                                                                                      0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask                                                                                                                                                                                  0x64 0x62 0x03 0x00 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList                                                                                                                                              cabde
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count                                                                                                                          10
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter                                                                                                                                      99
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                                                                                                                0xF5 0x79 0x23 0xEE ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                                                                                                           0xF5 0x79 0x23 0xEE ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                                                                                                                  0xF5 0x79 0x23 0xEE ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter                                                                                                                                       98
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                                                                                                                 0xF5 0x79 0x23 0xEE ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                                                                                                                  0x2C 0xA9 0xE9 0xA0 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\149288                                                                                                                  
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\149288@ImageFileUri                                                                                                     file://C:\Users\glass\AppData\Local\Microsoft\Windows\ActionCenterCache\{9DD76E52-72C3-4AFE-94A4-EB546821AFB7}.png
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\149300                                                                                                                  
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\149300@ImageFileUri                                                                                                     file://C:\Users\glass\AppData\Local\Microsoft\Windows\ActionCenterCache\{7013C6BF-EE26-43E1-9E53-FDB198F3C54F}.png
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds                                                                                                                                                             Chrome?{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Steam\Steam.exe?
 
---- EOF - GMER 2.2 ----


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:34 AM

Posted 15 June 2016 - 02:38 PM

Greetings brokedat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all Adobe Products for which you do not have valid Product Keys and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

In addition, please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (2)
  • CKScanner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 07:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by glass (administrator) on WAYNETUNDRA (17-06-2016 01:39:46)
Running from C:\Users\glass\Downloads
Loaded Profiles: glass (Available Profiles: glass)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Side Effects Software Inc.) C:\Windows\System32\sesinetd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Side Effects Software Inc.) C:\Windows\System32\hserver.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Users\glass\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(© 2015 Microsoft Corporation) C:\Users\glass\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\A360Service.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.41141.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-10-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-10-21] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2122624 2015-05-28] (3Dconnexion, INC)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Akamai NetSession Interface] => C:\Users\glass\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Spotify Web Helper] => C:\Users\glass\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-05-11] (Spotify Ltd)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [BingSvc] => C:\Users\glass\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Spotify] => C:\Users\glass\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-05-11] (Spotify Ltd)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [GoogleChromeAutoLaunch_5427F72E7D1FA2580647078C3BB90364] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1122968 2016-06-04] (Google Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\MountPoints2: {416a2c07-91f3-11e5-82ae-84a6c8d9fa9d} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\MountPoints2: {84324315-02b8-11e6-82d2-84a6c8d9fa9d} - "E:\Setup.exe" /s
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2016-04-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d61086b3-c089-494e-b30f-5b939ba76a24}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-141182051-2556109553-1899525483-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\glass\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-141182051-2556109553-1899525483-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-04] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M138456E0-7D48-4990-A33C-834C0376DB61&SearchSource=55&CUI=&UM=5&UP=SP2093388E-9658-439D-A52F-900F3B4A6C5B&SSPV=
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=cr_36.0.1985.125&apn_uid=462180D4-ADA0-4F9C-8C85-A7E3DA48B932&itbv=12.15.1.20&doi=2014-07-19&psv=&pt=tb"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2016-06-12]
CHR Extension: (uBlock Origin) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-12]
CHR Extension: (Mailto: for Gmail™) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2016-06-12]
CHR Extension: (Dropbox for Gmail) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-06-12]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-06-17]
CHR Extension: (Earthy) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-06-13]
CHR Extension: (AdBlock) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-12]
CHR Extension: (ZenMate Web Firewall (Free, Plus Ad Blocker)) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc [2016-06-12]
CHR Extension: (crxMouse Chrome Gestures) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2016-06-12]
CHR Extension: (Speed Dial 2) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-12]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2016-06-12]
CHR Extension: (Evernote Web) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-06-12]
CHR Extension: (Skype) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-12]
CHR Extension: (Ghostery) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Evernote Web Clipper) - C:\Users\glass\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-06-12]
CHR HKU\S-1-5-21-141182051-2556109553-1899525483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
Opera: 
=======
OPR Extension: (Free Flash, Unity3D and html5 games) - C:\Users\glass\AppData\Roaming\Opera Software\Opera Stable\Extensions\egjicgmgibgofmekojoaaddjkagfajjh [2016-03-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-20] (Dropbox, Inc.)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-04-08] (Reprise Software Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
R2 HoudiniLicenseServer; C:\Windows\system32\sesinetd.exe [2968576 2015-06-11] (Side Effects Software Inc.) [File not signed]
R2 HoudiniServer; C:\WINDOWS\system32\hserver.exe [7731712 2015-10-10] (Side Effects Software Inc.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-20] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2015-05-28] (3Dconnexion) [File not signed]
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 3dxhid; C:\Windows\System32\drivers\3dxhid.sys [39184 2015-01-22] (3Dconnexion SAM)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-19] (Emsisoft GmbH)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 KMJHidMini; C:\Windows\System32\drivers\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\drivers\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 01:39 - 2016-06-17 01:39 - 00000000 ____D C:\Users\glass\Downloads\FRST-OlderVersion
2016-06-17 01:38 - 2016-06-17 01:38 - 00000000 ___HD C:\OneDriveTemp
2016-06-16 22:11 - 2016-06-16 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-06-15 14:49 - 2016-05-28 05:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 14:49 - 2016-05-28 05:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 14:49 - 2016-05-28 05:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 14:49 - 2016-05-28 05:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 14:49 - 2016-05-28 05:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 14:49 - 2016-05-28 05:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 14:49 - 2016-05-28 05:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 14:49 - 2016-05-28 05:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 14:49 - 2016-05-28 05:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 14:49 - 2016-05-28 05:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 14:49 - 2016-05-28 05:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 14:49 - 2016-05-28 05:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 14:49 - 2016-05-28 05:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 14:49 - 2016-05-28 05:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 14:49 - 2016-05-28 05:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 14:49 - 2016-05-28 05:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 14:49 - 2016-05-28 05:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 14:49 - 2016-05-28 05:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 14:49 - 2016-05-28 05:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 14:49 - 2016-05-28 05:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 14:49 - 2016-05-28 05:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 14:49 - 2016-05-28 05:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 14:48 - 2016-05-28 07:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 14:48 - 2016-05-28 06:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 14:48 - 2016-05-28 06:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 14:48 - 2016-05-28 06:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 14:48 - 2016-05-28 06:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 14:48 - 2016-05-28 06:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 14:48 - 2016-05-28 06:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 14:48 - 2016-05-28 06:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 14:48 - 2016-05-28 06:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 14:48 - 2016-05-28 06:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 14:48 - 2016-05-28 06:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 14:48 - 2016-05-28 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 14:48 - 2016-05-28 06:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 14:48 - 2016-05-28 06:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 14:48 - 2016-05-28 06:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 14:48 - 2016-05-28 06:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 14:48 - 2016-05-28 06:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 14:48 - 2016-05-28 06:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 14:48 - 2016-05-28 06:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 14:48 - 2016-05-28 06:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 14:48 - 2016-05-28 06:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 14:48 - 2016-05-28 06:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 14:48 - 2016-05-28 06:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 14:48 - 2016-05-28 06:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 14:48 - 2016-05-28 06:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 14:48 - 2016-05-28 06:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 14:48 - 2016-05-28 06:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 14:48 - 2016-05-28 06:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 14:48 - 2016-05-28 06:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 14:48 - 2016-05-28 06:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 14:48 - 2016-05-28 06:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 14:48 - 2016-05-28 06:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 14:48 - 2016-05-28 06:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 14:48 - 2016-05-28 06:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 14:48 - 2016-05-28 06:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 14:48 - 2016-05-28 06:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 14:48 - 2016-05-28 06:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 14:48 - 2016-05-28 06:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 14:48 - 2016-05-28 05:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 14:48 - 2016-05-28 05:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 14:48 - 2016-05-28 05:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 14:48 - 2016-05-28 05:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 14:48 - 2016-05-28 05:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 14:48 - 2016-05-28 05:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 14:48 - 2016-05-28 05:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 14:48 - 2016-05-28 05:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 14:48 - 2016-05-28 05:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 14:48 - 2016-05-28 05:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 14:48 - 2016-05-28 05:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 14:48 - 2016-05-28 05:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 14:48 - 2016-05-28 05:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 14:48 - 2016-05-28 05:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 14:48 - 2016-05-28 05:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 14:48 - 2016-05-28 05:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 14:48 - 2016-05-28 05:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 14:48 - 2016-05-28 05:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 14:48 - 2016-05-28 05:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 14:48 - 2016-05-28 05:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 14:48 - 2016-05-28 05:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 14:48 - 2016-05-28 05:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 14:48 - 2016-05-28 05:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 14:48 - 2016-05-28 05:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 14:48 - 2016-05-28 05:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 14:48 - 2016-05-28 05:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 14:48 - 2016-05-28 05:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 14:48 - 2016-05-28 05:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 14:48 - 2016-05-28 05:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 14:48 - 2016-05-28 05:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 14:48 - 2016-05-28 05:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 14:48 - 2016-05-28 05:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 14:48 - 2016-05-28 05:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 14:48 - 2016-05-28 05:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 14:48 - 2016-05-28 05:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 14:48 - 2016-05-28 05:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 14:48 - 2016-05-28 05:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 14:48 - 2016-05-28 05:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 14:48 - 2016-05-28 05:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 14:48 - 2016-05-28 05:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 14:48 - 2016-05-28 05:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 14:48 - 2016-05-28 05:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 14:48 - 2016-05-28 05:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 14:48 - 2016-05-28 05:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 14:48 - 2016-05-28 05:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 14:48 - 2016-05-28 05:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 14:48 - 2016-05-28 05:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 14:48 - 2016-05-28 05:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 14:48 - 2016-05-28 05:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 14:48 - 2016-05-28 05:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 14:48 - 2016-05-28 05:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 14:48 - 2016-05-28 05:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 14:48 - 2016-05-28 05:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 14:48 - 2016-05-28 05:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 14:48 - 2016-05-28 05:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 14:48 - 2016-05-28 05:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 14:48 - 2016-05-28 05:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 14:48 - 2016-05-28 05:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 14:48 - 2016-05-28 05:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 14:48 - 2016-05-28 05:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 14:48 - 2016-05-28 05:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 14:48 - 2016-05-28 05:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 14:48 - 2016-05-28 05:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 14:48 - 2016-05-28 05:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 14:48 - 2016-05-28 05:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 14:48 - 2016-05-28 05:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 14:48 - 2016-05-28 05:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 14:48 - 2016-05-28 05:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 14:48 - 2016-05-28 05:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 14:48 - 2016-05-28 05:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 14:48 - 2016-05-28 05:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 14:48 - 2016-05-28 05:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 14:48 - 2016-05-28 05:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 14:48 - 2016-05-28 05:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 14:48 - 2016-05-28 05:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 14:48 - 2016-05-28 05:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 14:48 - 2016-05-28 05:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 14:48 - 2016-05-28 05:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 14:48 - 2016-05-28 05:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 14:48 - 2016-05-28 05:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 14:48 - 2016-05-28 05:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 14:48 - 2016-05-28 05:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 14:48 - 2016-05-28 05:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 14:48 - 2016-05-28 05:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 14:48 - 2016-05-28 05:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 14:48 - 2016-05-28 05:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 14:48 - 2016-05-28 05:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 14:48 - 2016-05-28 05:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 14:48 - 2016-05-28 05:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 14:48 - 2016-05-28 05:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 14:48 - 2016-05-28 05:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 14:48 - 2016-05-28 05:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 14:48 - 2016-05-28 05:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 14:48 - 2016-05-28 05:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 14:48 - 2016-05-28 05:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 14:48 - 2016-05-28 05:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 14:48 - 2016-05-28 05:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 14:48 - 2016-05-28 05:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 14:48 - 2016-05-28 05:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 14:48 - 2016-05-28 05:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 14:48 - 2016-05-28 05:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 14:48 - 2016-05-28 05:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 14:48 - 2016-05-28 05:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 14:48 - 2016-05-28 05:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 14:48 - 2016-05-28 05:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 14:48 - 2016-05-28 04:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 14:48 - 2016-05-28 04:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 14:48 - 2016-05-28 04:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 14:48 - 2016-05-28 04:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 14:48 - 2016-05-28 04:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 14:48 - 2016-05-28 04:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 14:48 - 2016-05-28 04:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 14:48 - 2016-05-28 04:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-14 00:48 - 2016-06-14 00:48 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Trash
2016-06-13 17:26 - 2016-06-13 17:26 - 00000000 ____D C:\Users\glass\AppData\LocalLow\MidBoss
2016-06-12 23:29 - 2016-06-12 23:41 - 00380928 _____ C:\Users\glass\Downloads\3bq4gm7q.exe
2016-06-12 23:29 - 2016-06-12 23:30 - 00102551 _____ C:\Users\glass\Downloads\Addition.txt
2016-06-12 23:28 - 2016-06-17 01:39 - 00032885 _____ C:\Users\glass\Downloads\FRST.txt
2016-06-12 22:48 - 2016-06-12 22:48 - 03677248 _____ C:\Users\glass\Downloads\AdwCleaner (1).exe
2016-06-12 22:46 - 2016-06-12 22:49 - 00000000 ____D C:\AdwCleaner
2016-06-12 22:46 - 2016-06-12 22:46 - 03677248 _____ C:\Users\glass\Downloads\AdwCleaner.exe
2016-06-12 22:16 - 2016-06-12 22:16 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-12 22:03 - 2016-06-12 22:08 - 00010670 _____ C:\Users\glass\Desktop\Fixlog.txt
2016-06-12 22:02 - 2016-06-12 22:03 - 00102016 _____ C:\Users\glass\Desktop\Addition.txt
2016-06-12 22:01 - 2016-06-17 01:39 - 00000000 ____D C:\FRST
2016-06-12 22:01 - 2016-06-12 22:03 - 00049926 _____ C:\Users\glass\Desktop\FRST.txt
2016-06-12 21:58 - 2016-06-17 01:39 - 02386944 _____ (Farbar) C:\Users\glass\Downloads\FRST64.exe
2016-06-12 21:58 - 2016-06-12 22:15 - 22851472 _____ (Malwarebytes ) C:\Users\glass\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-11 11:35 - 2016-06-11 11:35 - 00199114 _____ C:\ProgramData\1465572078.bdinstall.bin
2016-06-10 23:39 - 2016-06-10 23:46 - 97482185 _____ C:\Users\glass\Downloads\Ultimate Comics Avengers (2009-2010).zip
2016-06-10 23:36 - 2016-06-10 23:38 - 36353210 _____ C:\Users\glass\Downloads\Joe Golem 05 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:33 - 2016-06-10 23:35 - 33008506 _____ C:\Users\glass\Downloads\Joe Golem 04 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:30 - 2016-06-10 23:32 - 31368699 _____ C:\Users\glass\Downloads\Joe Golem 03 (of 05) (2016) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:22 - 2016-06-10 23:24 - 31143884 _____ C:\Users\glass\Downloads\Joe Golem 02 (of 05) (2015) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 23:16 - 2016-06-10 23:18 - 31174167 _____ C:\Users\glass\Downloads\Joe Golem 01 (of 05) (2015) (digital) (Minutemen-InnerDemons).cbr
2016-06-10 20:58 - 2016-06-10 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-06-10 20:58 - 2013-04-17 13:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 20:58 - 2013-04-17 13:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 20:58 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2016-06-10 20:55 - 2016-06-10 20:58 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 16:21 - 2016-06-10 20:55 - 00000000 ____D C:\Users\glass\AppData\Roaming\QuickScan
2016-06-10 16:21 - 2013-05-28 11:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 16:21 - 2013-04-22 12:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 16:20 - 2016-06-10 16:21 - 10606640 _____ C:\Users\glass\Downloads\Antivirus_Free_Edition_x64.exe
2016-06-10 16:17 - 2016-06-10 16:17 - 00000000 ____D C:\Users\glass\AppData\Local\AvgSetupLog
2016-06-10 16:17 - 2016-06-10 16:17 - 00000000 ____D C:\Users\glass\AppData\Local\Avg
2016-06-07 14:41 - 2016-06-07 14:44 - 00824144 _____ C:\Users\glass\Documents\IMG_20160607_0001.pdf
2016-06-06 17:54 - 2016-06-06 17:54 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2016-06-06 17:48 - 2016-06-06 17:48 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Sam Barlow
2016-06-06 17:44 - 2016-06-06 17:44 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Inkle Studios
2016-06-05 19:34 - 2016-06-06 17:54 - 00000000 ____D C:\Users\glass\AppData\Local\Adobe_Systems_Incorporate
2016-06-05 19:33 - 2016-06-06 17:54 - 00000000 ____D C:\Users\glass\Documents\My Digital Editions
2016-06-05 19:33 - 2016-06-06 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-06-05 19:33 - 2016-06-05 19:33 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2016-06-03 19:48 - 2016-06-03 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-18 21:56 - 2016-05-18 21:56 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-18 21:56 - 2016-05-18 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-18 21:47 - 2016-06-12 04:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-18 21:47 - 2016-05-18 21:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 01:40 - 2015-10-09 00:19 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-06-17 01:39 - 2015-06-15 17:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-17 01:39 - 2015-06-15 10:16 - 00000000 ___RD C:\Users\glass\Dropbox
2016-06-17 01:38 - 2015-08-06 21:00 - 00000000 ____D C:\ProgramData\Unified Remote
2016-06-17 01:38 - 2015-06-15 04:09 - 00000000 __RDO C:\Users\glass\OneDrive
2016-06-17 01:37 - 2015-11-15 22:57 - 00000000 ____D C:\Users\glass
2016-06-17 01:37 - 2015-10-21 15:13 - 00000000 __SHD C:\Users\glass\IntelGraphicsProfiles
2016-06-17 01:37 - 2015-07-17 17:19 - 00000000 ____D C:\Users\glass\AppData\Local\HTC MediaHub
2016-06-17 01:37 - 2015-06-15 10:12 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-17 01:37 - 2015-06-15 01:11 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 00:52 - 2015-06-15 10:12 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-17 00:48 - 2015-06-15 01:11 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 00:00 - 2015-06-15 18:38 - 00000000 ____D C:\ProgramData\Reprise
2016-06-16 22:19 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-16 22:19 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 22:15 - 2015-08-31 16:37 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-16 22:14 - 2015-09-20 23:47 - 00003962 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442789264
2016-06-16 22:14 - 2015-09-20 23:47 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-16 22:14 - 2015-09-20 23:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-06-16 22:08 - 2015-11-15 23:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-16 22:08 - 2015-11-15 22:51 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-16 22:08 - 2015-11-15 22:45 - 05137640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 22:05 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-16 22:03 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 22:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-16 22:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-16 22:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-16 22:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-16 22:00 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-16 20:47 - 2015-06-15 16:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-16 20:47 - 2015-06-15 16:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-16 20:47 - 2015-06-15 16:35 - 00000000 ____D C:\Program Files\Adobe
2016-06-16 20:44 - 2015-06-15 16:31 - 00000000 ____D C:\ProgramData\Adobe
2016-06-16 17:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-16 16:03 - 2015-06-15 01:10 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3058B6D9-01BC-490C-9F63-1BFDB614B65E}
2016-06-16 06:03 - 2015-06-15 12:01 - 00000000 ____D C:\Users\glass\AppData\Local\CrashDumps
2016-06-16 02:00 - 2015-06-15 16:30 - 00000000 ____D C:\Users\glass\AppData\Local\Adobe
2016-06-15 18:40 - 2015-06-15 01:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 18:34 - 2015-06-15 01:51 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 08:30 - 2015-08-03 17:35 - 00000000 ____D C:\Users\glass\AppData\Roaming\MediaMonkey
2016-06-14 19:33 - 2015-10-30 08:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:33 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-12 22:43 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\System
2016-06-12 22:19 - 2015-06-15 11:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 22:16 - 2015-06-15 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 22:16 - 2015-06-15 11:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 22:04 - 2015-10-06 02:41 - 00000000 ____D C:\Users\glass\AppData\LocalLow\Temp
2016-06-12 18:30 - 2015-06-15 10:26 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-06-12 04:09 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-12 00:53 - 2015-12-29 16:38 - 00000000 ____D C:\Users\glass\AppData\Roaming\CDisplayEx
2016-06-08 21:49 - 2015-06-15 01:12 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 14:44 - 2015-08-09 15:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-06 14:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-06 14:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-06 14:27 - 2015-11-16 13:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-06 14:27 - 2015-10-19 03:22 - 837794932 _____ C:\WINDOWS\MEMORY.DMP
2016-06-05 02:43 - 2015-11-03 13:17 - 00000000 ____D C:\Users\glass\AppData\Local\ElevatedDiagnostics
2016-06-03 19:48 - 2015-06-15 10:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-28 13:18 - 2015-06-17 14:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-28 06:55 - 2015-11-15 22:48 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-23 19:36 - 2015-08-31 17:20 - 00002404 _____ C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-22 17:00 - 2016-03-26 22:04 - 00000000 ____D C:\Users\glass\Desktop\Brogue-windows-v1.7.4
2016-05-18 22:14 - 2015-06-15 22:17 - 00001456 _____ C:\Users\glass\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-18 21:47 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2015-06-29 19:48 - 2016-02-02 11:50 - 0000132 _____ () C:\Users\glass\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-29 19:54 - 2015-06-30 02:35 - 0000132 _____ () C:\Users\glass\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-08-02 13:20 - 2015-08-17 09:36 - 0000033 _____ () C:\Users\glass\AppData\Roaming\AdobeWLCMCache.dat
2015-11-13 16:30 - 2016-05-06 22:24 - 0002489 _____ () C:\Users\glass\AppData\Roaming\SpeedRunnersLog.txt
2015-06-15 22:17 - 2016-05-18 22:14 - 0001456 _____ () C:\Users\glass\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-26 22:24 - 2016-03-15 03:35 - 0007612 _____ () C:\Users\glass\AppData\Local\Resmon.ResmonCfg
2016-06-11 11:35 - 2016-06-11 11:35 - 0199114 _____ () C:\ProgramData\1465572078.bdinstall.bin
2015-11-15 22:52 - 2015-11-15 22:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-12 23:21
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by glass (2016-06-17 01:42:08)
Running from C:\Users\glass\Downloads
Windows 10 Pro Version 1511 (X64) (2015-11-15 22:28:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-141182051-2556109553-1899525483-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-141182051-2556109553-1899525483-503 - Limited - Disabled)
glass (S-1-5-21-141182051-2556109553-1899525483-1001 - Administrator - Enabled) => C:\Users\glass
Guest (S-1-5-21-141182051-2556109553-1899525483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-141182051-2556109553-1899525483-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.2.6 - 3Dconnexion)
3Dconnexion 3DxWinCore (Version: 17.2.6.11469 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD (Version: 5.0.3 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2015 (Version: 2.1.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST7 (Version: 3.2.1 - 3Dconnexion) Hidden
3Dconnexion Add-In for SolidWorks 2005 - 2015 (Version: 3.2.0 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2015 (Version: 3.0.3 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (Version: 4.1.0 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (Version: 1.3.3 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max 2008 - 2016 (Version: 6.1.2 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2016 (Version: 5.1.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v4.0 - v10.0 (Version: 3.2.1 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 and CC (Version: 2.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 3.0 (Version: 2.2.2 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.3 - 3Dconnexion) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
80 Days (HKLM\...\Steam App 381780) (Version:  - inkle Ltd)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.142.62248 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.142.62248 - Alcor Micro Corp.) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.7.696.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.7.696.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk 3ds Max 2016 SP3 (HKLM\...\Autodesk 3ds Max 2016 SP3.1) (Version: 18.7.696.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max  (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max  (Version: 16.0.394.0 - Autodesk) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blood Bowl 2 (HKLM-x32\...\Steam App 236690) (Version:  - Cyanide Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
CDisplayEx 1.10.29 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version:  - QCF Design)
Downwell (HKLM-x32\...\Steam App 360740) (Version:  - Moppin)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Eldritch (HKLM\...\Steam App 252630) (Version:  - Minor Key Games)
Epic Games Launcher (HKLM-x32\...\{9002F83C-DA49-411E-9CF0-111CB3979F9C}) (Version: 1.1.50.0 - Epic Games, Inc.)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version:  - Double Fine Productions)
Her Story (HKLM\...\Steam App 368370) (Version:  - Sam Barlow)
Houdini 15.0.244.16 (HKLM\...\Houdini 15.0.244.16) (Version: 15.0.244.16 - Side Effects Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.61.0 - HTC)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Kentucky Route Zero (HKLM-x32\...\Steam App 231200) (Version:  - Cardboard Computer)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MODO 901 Content 1 (HKLM-x32\...\MODO901_Content1) (Version:  - )
MODO 901 Content 2 (HKLM-x32\...\MODO901_Content2) (Version:  - )
MODO 901 Content 3 (HKLM-x32\...\MODO901_Content3) (Version:  - )
Mountain (HKLM\...\Steam App 313340) (Version:  - David OReilly)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-b0c63f02-2bf5-4202-8b40-18f5e588b1c7) (Version:  - Epic Games, Inc.)
No Time To Explain Remastered (HKLM\...\Steam App 368730) (Version:  - tinyBuild)
Node.js (HKLM\...\{4B289DDD-4822-4706-902D-EE51DD657040}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 38.0.2220.31 (HKLM-x32\...\Opera 38.0.2220.31) (Version: 38.0.2220.31 - Opera Software)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pixar RenderMan Pro Server 20.4 (HKLM\...\{142AC600-7945-11E5-8F2E-2C27D7EF5B5C}) (Version: 20.4.1545505 - Pixar)
Pixar RenderMan Pro Server 20.6 (HKLM\...\{0A28AEF0-A2EF-11E5-B626-2C27D7EF5B5C}) (Version: 20.6.1562369 - Pixar)
Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions)
RailsInstaller 3.1.0 (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1) (Version: 3.1.0 - RailsInstaller Team)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Read Only Memories (HKLM\...\Steam App 330820) (Version:  - MidBoss, LLC.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RenderManNC-Installer (HKLM\...\{DAB7A2E1-D380-11E4-BBF3-001CC4171F87}) (Version: 1.0.0 - Pixar)
RenderManStudio-20.6-maya2016 (HKLM\...\{05C0B88F-A2FD-11E5-8B0B-2C27D7EF5B5C}) (Version: 20.6.0 - Pixar)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version:  - Ubisoft)
Spotify (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Foundry MODO 901 build 85499 (HKLM-x32\...\901_64) (Version:  - )
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version:  - Croteam)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - Telltale Games)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB)
Unity Web Player (HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - ASUS (ATP) Mouse  (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DBDFEF1D0EDC}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02FC48BF-7BB4-44E4-BDB3-AB39456FA070} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {06579FA5-6DA3-4876-A0B1-C80EBC7F874E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {095AC72D-B5A0-4998-B224-7F0ABD4BF267} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {15926045-3BED-4D0D-9F97-8DB6A079F096} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-21] (Realtek Semiconductor)
Task: {166377AA-CDF9-4964-B100-BCE621D34A6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {238D3F20-47FB-423B-9970-097E9963F034} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {24A8FEC9-FADB-44C3-8FFC-E6422DE78322} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {27B8217B-511A-4404-9DCE-2D3D725E987C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {2A570E90-7918-4952-9FBA-0840F6764771} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4736FCDC-0B14-438E-826E-34736DD65F71} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2015-05-28] (3Dconnexion, INC)
Task: {4FC0821F-1755-4F6C-936D-0ECA000DA57C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {56BAEB37-3346-46CC-9B7B-723DC29AE545} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A0A63F2-4884-4FA5-86F3-D48790016C9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F9DC5C9-E652-40A2-8F52-38B915CEC281} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-20] (Dropbox, Inc.)
Task: {7A5B5973-4DA1-42B2-9062-7E16B0219CC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {7CC7BDBE-6021-46B1-83F4-17621FFC6355} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8235D99C-DF22-46CB-97E6-3F18ECE3231A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {93C4081D-BBD6-4C93-9EFA-1938ABA079F9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9B004AE2-0847-4E8A-835C-49855F684F66} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {A517FE5F-2AE4-42D5-993C-93A4C95D6EE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4712A2D-C561-4DD9-856F-D8C6E125D8D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-20] (Dropbox, Inc.)
Task: {B6C4EFA4-1F20-424C-B36C-501D0F9A86EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-26] (Microsoft Corporation)
Task: {C62764BD-F8AB-41C0-8919-E76CD6776DCF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB9AD0FB-AF37-4428-8CB8-35583898DDD3} - System32\Tasks\Opera scheduled Autoupdate 1442789264 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-13] (Opera Software)
Task: {E34C333D-661C-4096-BAE2-C517F4AFCEFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {F0DC017F-CB05-4397-A57E-4AAFF4B951E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F47C84D4-56D4-4D08-81E5-CC1E6F81142A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FA90B66A-BCF7-448D-BECF-53EADAC571D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAE805E-C587-4564-8DD4-0B8F9D19D28F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat (No File)
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\RubyGems Documentation Server.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\gem.bat (No File)
 
ShortcutWithArgument: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Command Prompt with Ruby and Rails.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\RailsInstaller\Ruby2.1.0\setup_environment.bat C:\RailsInstaller
ShortcutWithArgument: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-10 20:58 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-06-10 20:58 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-11-15 22:51 - 2016-04-27 13:18 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-19 03:32 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-21 19:27 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-19 03:32 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-08-09 15:28 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-04-05 15:57 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-05 15:57 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-05 15:57 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 18:13 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-05 15:57 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-13 22:46 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-06-17 13:47 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-04-13 22:46 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-14 05:23 - 2015-11-14 05:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-23 19:36 - 2016-05-23 19:36 - 00959168 _____ () C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-18 21:51 - 2016-05-26 10:13 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-09 18:32 - 2015-07-09 18:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 01645056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 14:48 - 2016-05-28 04:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 11:17 - 2015-12-07 05:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-12-18 11:17 - 2015-12-07 05:57 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 01813504 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00618496 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2016-06-15 14:48 - 2016-05-28 04:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-19 11:44 - 2015-10-19 11:44 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-12-18 11:17 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 19:46 - 2016-04-23 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 14:48 - 2016-05-28 04:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-15 14:48 - 2016-05-28 04:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-10 09:25 - 2016-06-10 09:25 - 28741632 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_15.18.4004.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 00150016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 00098304 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-06-15 14:48 - 2016-05-28 04:53 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-05-28 21:18 - 2015-05-28 21:18 - 00038912 _____ () C:\WINDOWS\SYSTEM32\SPWINI.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2016-01-28 21:24 - 2016-01-28 21:24 - 00231464 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
2016-06-08 21:49 - 2016-06-04 02:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 21:49 - 2016-06-04 02:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2012-10-16 10:39 - 2012-10-16 10:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2016-04-05 16:47 - 2016-04-05 16:47 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-04-05 16:47 - 2016-04-05 16:47 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-19 06:33 - 2016-04-19 06:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-14 05:22 - 2015-11-14 05:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-04-20 19:18 - 2016-03-23 11:02 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-04-20 19:18 - 2016-03-23 11:02 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-10-19 11:44 - 2015-10-19 11:44 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:55 - 2015-04-13 15:55 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-06-15 20:24 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-15 17:40 - 2016-04-29 21:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-15 17:40 - 2016-06-15 01:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-15 17:40 - 2016-02-09 00:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-15 17:40 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-15 17:40 - 2016-06-15 01:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 05:46 - 2016-02-17 23:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-05-23 19:36 - 2016-05-23 19:36 - 00679624 _____ () C:\Users\glass\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-12 05:00 - 2016-05-05 11:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-03 19:48 - 2016-05-05 11:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 05:00 - 2016-05-05 11:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-12 05:00 - 2016-05-31 19:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 05:00 - 2016-05-05 11:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-03 19:48 - 2016-05-05 11:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 19:48 - 2016-05-05 11:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-03 19:48 - 2016-05-31 19:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-12 05:00 - 2016-05-05 11:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-03 19:48 - 2016-05-05 11:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 02:23 - 2016-05-31 19:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 19:48 - 2016-05-05 11:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-03 19:48 - 2016-05-31 19:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-03 19:48 - 2016-03-12 01:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-03 19:48 - 2016-05-31 19:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 19:48 - 2016-05-31 19:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 05:00 - 2016-05-05 11:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-12 05:00 - 2016-05-05 11:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-13 22:40 - 2016-05-31 19:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-12 05:00 - 2016-05-31 19:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 19:48 - 2016-05-31 19:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-11-16 18:43 - 2015-11-16 18:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-04-19 06:33 - 2016-04-19 06:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:33 - 2016-04-19 06:33 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 18:43 - 2015-11-16 18:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 20:35 - 2015-11-25 20:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 14:22 - 2015-11-25 14:22 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-11-25 20:35 - 2015-11-25 20:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-06-15 17:40 - 2016-06-14 20:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\glass\Local Settings:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\Application Data:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\ptPTX9a6w7LRPky:KPTJpL4AMxTZa2rQxDoJp4xtn8K [2040]
AlternateDataStreams: C:\Users\glass\AppData\Local\Temp:jJEqoZova0uj5aQDqRX24K3NM [1962]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2015-06-15 16:58 - 00008049 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.de
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.de
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 a125-252-224-90.deploy.akamaitechnologies.com
127.0.0.1 a125-252-224-91.deploy.akamaitechnologies.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.nero.com
127.0.0.1 activate.nero.de
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.de
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-3.adobe.de
 
There are 153 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\glass\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{07634627-6EEF-4D88-AE44-CF7B34B32853}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{0BE0981B-611D-4A9C-8ACD-41B499F8DA1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{8EEEBC20-48F0-4181-B644-DB87A86BE299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{A88A1141-32EF-4AA9-8D29-79000AC2885A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{0E7D3D09-C42C-4AFD-9DE0-91EE2E0F3521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{AAE79756-34A8-4B71-B835-4F362CD4260C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [UDP Query User{49889D6A-AE85-4B54-891A-6228E6B361A0}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{0839FCAF-5A84-4129-8D33-7C5147FAB516}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{33F9F37C-8725-4413-BD27-3BE025FB3193}C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [TCP Query User{D6DD1576-9DA0-42B9-9E0A-2F2F42F3D279}C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\glass\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [UDP Query User{700A5F4E-6584-47FD-82FD-48E999E60E17}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{20FAED5A-ABDB-4881-A7DA-D74168076990}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [{BC4EB5B7-229A-4109-A403-806CC00A7857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{DE46E318-6E3C-4F5C-84E5-C5148E3EC1EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe
FirewallRules: [{53533A8E-0737-46A2-B91F-082DFC731827}] => (Block) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [{3B3B9102-6A24-4C71-B201-C27076AD441E}] => (Block) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [UDP Query User{B91F85B2-F6DE-41C9-830F-783812B5A34A}C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [TCP Query User{B186AE83-84AF-4138-A25E-E153E29406CD}C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdinifx.exe
FirewallRules: [UDP Query User{646CA92D-30BA-4343-81B5-36533D929276}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{BB019118-8488-4918-9D31-914C15D70934}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0A31B564-F8FE-4880-A561-2E2CDEB794AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{A36CD29E-37D5-4AC6-B8B1-D4881A03B250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [UDP Query User{E99CA7A2-DF6D-4F7B-A49C-7968FA6F4CDD}C:\program files\luxology\modo\901\modo.exe] => (Allow) C:\program files\luxology\modo\901\modo.exe
FirewallRules: [TCP Query User{93B364B9-F8D8-473A-A22E-98F626B6F571}C:\program files\luxology\modo\901\modo.exe] => (Allow) C:\program files\luxology\modo\901\modo.exe
FirewallRules: [{145B9F3B-5079-4E74-9FCF-87B88E98DCCF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{DB523FE6-4ED2-4C39-9725-856EF19B76D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{A05D183C-B553-4933-8B48-07598AFD21BF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{C7563D85-919E-451E-8084-98B96C91ACB7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{818C0AA2-EFA0-46F6-8AFA-87B7279986C1}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{7F7F10B3-4982-4184-9733-DCAADD0D9E9A}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{E2763C02-4791-4C5D-8D74-0F7CA13AC0BD}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{0A81001D-64A7-4786-9A55-9F7016A43BCC}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{EB93F349-F6F2-452C-8854-D92C06468F03}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{75E51507-9798-42AB-A569-6B7C84BCB98B}] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{AEA0F2DF-A1CF-4CE7-A2CB-7D52F8075EB7}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{0F6C57F2-FAA4-4B01-8B02-AEACDDCE4E7E}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{C864FB89-E917-4F10-8870-1A4B0A146697}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A6E2DF2C-24D8-4630-9B1B-CD1F126186AB}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [{81C5E616-E563-4E50-9DC7-65CDABFACBB2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{9B439DF1-BBD8-4982-B34D-E6880F4D632D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{849DEEDB-75F7-4B29-85FB-22BC83B14BB3}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{F4E4847C-E684-44E4-9EA3-48EF2FEFD7AD}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{8BCA5D08-9B07-4087-8AAC-D1F2E9A06E21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F562284-E3EE-4BF4-907F-7E162BB96706}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2ACDD3DE-0897-40A1-860F-03F6C8EB209E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EBAA3EB-69BD-454A-B80A-0D0C8C783FC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51C270D7-F227-4158-B72C-36970E761C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{3C1C80C6-8695-4D54-9671-0F57476048A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{FBBE09DB-9D29-47B2-A14F-6B4ACC4399A6}] => (Allow) C:\Program Files\Luxology\modo\901\modo.exe
FirewallRules: [{7F235DF7-2CF0-45D2-93BF-710A2DE42382}] => (Allow) C:\Program Files\Luxology\modo\901\modo.exe
FirewallRules: [{5768A026-A007-48CE-844B-2B3D90F4B008}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33AE8020-A7DB-4DF6-B25F-F6749BE6F081}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5348ADA8-FA14-4A8F-8789-3E40D4DBF563}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6DC2FEC6-C4F5-4598-92B5-1674966A3CD7}C:\users\glass\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glass\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BC290BA8-B47B-427D-B326-9C4DED49964A}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D9CF6EA-8EFE-43E1-84AC-0021ED0E042D}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EC64D8DA-7F62-4994-9BBB-F664CBB34542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{879B5F00-1342-4191-93DA-B3F816D729FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{3AD0A83C-14A3-4048-97AA-70C576BCE4D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{BC95201F-E54A-465C-A765-AC90497FBFC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{1A9B68F3-423F-4B73-B806-2D3C92C92B9C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BAF60C5-AFF9-4A75-A182-8F198EA979ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7632DCCC-51C7-4C34-A48A-360CE92B9856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AD76FD05-A76F-4626-AB98-1B046FB51918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4A616A85-AB2C-4A25-AE7B-33A7378EED78}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E206FA0F-9E38-42C5-A897-5F0FCCC8A19B}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9CE1935-3BBE-4254-B6D6-943E2841E535}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{86773DBF-2E76-457D-879F-41ED6C328516}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C30B5E1-AFD2-4A65-847E-19A48274C632}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6F5F120-6779-416D-BB3B-C9AB33A9C1DA}] => (Allow) C:\Users\glass\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E54D2529-45C9-48D2-B9C2-D2CABEED6EDC}C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe
FirewallRules: [UDP Query User{9B171806-9BFF-4174-86E0-9DC02AFA41E5}C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdinifx.exe
FirewallRules: [{1642C9E2-63DB-469F-9FAA-9A8E90699981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F6368620-44C1-4B00-8A55-262D7BBFB8F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{3AA4F72C-DF52-47A0-AE01-5E56BA689D9F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{49645F44-7E51-411A-960F-A91C05B4D070}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3EDD6AB0-D3D3-4986-BAE7-41AC4BF31E9E}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B6E65CF2-5220-48EC-ACFB-941578BBF83C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4EFCCCAB-DE56-43CF-A009-B7FAAE2A48A1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{F355A0DB-5BBB-4BF0-A5F1-8C01C0CBFBD1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{27F31C6A-00CF-491D-A39C-99C45A081CB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{1014BE30-BB08-4CC4-BC0E-3787727E9FF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E5E7564F-3CDB-4D88-977A-1679108F570A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{07A86312-ADC7-4999-917E-1942DCB7AE9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2D4C2573-73C2-46EC-BF41-B4F0B4423C21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{28D0D5BE-5E99-4882-95E4-C4BD0ABE3661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{0A274B2E-FFAD-4355-B023-D13FC33A35E9}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [UDP Query User{A5401656-6CAB-49E3-90B3-1DE66171B39B}C:\ruby22-x64\bin\ruby.exe] => (Allow) C:\ruby22-x64\bin\ruby.exe
FirewallRules: [TCP Query User{F1EC50C4-CD66-4C36-8FC0-2D445E89BE92}C:\railsinstaller\ruby2.1.0\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.1.0\bin\ruby.exe
FirewallRules: [UDP Query User{F30BC4C9-2AC0-466C-98E7-DF9CDB41D46D}C:\railsinstaller\ruby2.1.0\bin\ruby.exe] => (Allow) C:\railsinstaller\ruby2.1.0\bin\ruby.exe
FirewallRules: [TCP Query User{B1E54A1E-FA62-4606-A945-DCC7F0053B3D}C:\users\glass\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\glass\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{3596E3AC-1282-4F3F-9154-834D426B34B3}C:\users\glass\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\glass\appdata\local\popcorn time\nw.exe
FirewallRules: [{AEBC5E32-3A4B-4EA3-B49A-2737F8289C61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{4C130D05-0940-4C5E-95CD-F4A90EF3F9C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{7E87C98E-AB48-46D6-AC14-9EF0061EBA4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{2FD62CCC-48D2-49E3-B9D0-957D0851245D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3BFB25F0-E813-4E42-9A16-2D1AC0357BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{378E586E-DAE1-42D0-8967-8425B23E664D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{ECA8938B-3491-45FA-A7A1-0B5A9698D918}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{73081660-8999-44E4-A3B9-C6C31E6A6E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{D60C6DE0-9A85-49CA-AD01-C17CAD1E4AE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FCEB1B72-1D5C-433C-A382-F4A41CCEB709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{699A55E3-37DC-45FB-8012-B4CAEA23DF19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{582477F2-0A9D-4529-9954-C08B92D30533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{4BD54D0E-6267-4342-B5F6-78D8068079AA}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{C4CEA1CD-4DF0-4E18-BD02-57223DDDE100}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{2EC618D0-56A8-49D7-BD81-907774058418}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD2AEA65-0A01-48C3-B296-206B010D9E3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{129F6CD2-E447-4ECC-B9F1-5206CCF92D4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6111B78-14C5-4C3B-BBD8-82DF6519E6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6781D8D1-82ED-40A8-A257-A1F3431F586E}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{23A53170-4526-4553-833F-D4A10D8ABD3C}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{B33D495D-260E-419A-8574-ED1905D4F265}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{146AF4EE-E274-4338-8BBA-80D8465138ED}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{10A672D9-38C4-421E-98F0-91DA63B20794}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{08AA241A-FDC8-4735-BCEF-0E6492047BE9}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{22CAB362-E423-4B2B-B435-D0B658289DCB}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [TCP Query User{59C4154A-4806-4CFB-942E-1EBF4E801470}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{59F6241F-C770-4BDE-800E-C2D2BB131B2D}C:\users\glass\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glass\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{59BF372E-0DFC-4E3A-99DD-7551069A1B54}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{80E94C3A-F9C3-4F58-934E-DE6FB024622E}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{6D41EC7B-2559-4102-B7C8-9D6B6A2649B7}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{DEFB33DF-516C-4FC5-9350-553E3036520E}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [{DE5BC777-B155-4915-BF43-654E4E260E69}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{EA5B681F-830F-4B77-8416-4BD390EF3E93}C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe
FirewallRules: [UDP Query User{72088D48-310E-416D-8593-D7856D7E9488}C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 14.0.361\bin\houdini.exe
FirewallRules: [TCP Query User{1DBBD053-FE2E-408E-9C81-E323F875B89D}C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe
FirewallRules: [UDP Query User{38420032-BEEC-471E-A6AB-D7AEFDED02C5}C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe] => (Allow) C:\program files\side effects software\houdini 15.0.244.16\bin\houdini.exe
FirewallRules: [TCP Query User{A1C0A389-C0C8-4295-90BD-1857DE4FAAE4}C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [UDP Query User{57FF76D3-2757-4540-BD69-24370A28D410}C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [TCP Query User{5CDB7FC5-DA9F-4E2B-9282-2F60A457C2B7}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [UDP Query User{F9F41088-7D67-4418-98A5-01360FC1212A}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe
FirewallRules: [{B10488D8-959D-4F55-933E-F9E195088869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{64B6FA53-9A86-4E5F-8BCA-34B14598575B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{623DE9F4-0591-4AF2-B0AE-515845FA4944}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{FD618311-F62B-4BDB-80EC-23C21C830A47}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{AC13564F-1611-4DC5-8C0D-14955FE531C9}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{C043BCC0-B593-4D61-807E-1761BA8FAF67}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{24D770CC-54E0-4732-9E70-C313E010CDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{3E7D37CC-CD63-48B0-AD0E-0F0344AB1450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe
FirewallRules: [{494D0BF1-BDD3-43F2-A0CF-4BDE0DB73AC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{3A9E68AE-6E51-486F-B37D-EAE1797B55BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{635F6CC5-3E7A-4C4C-820B-03E5CDA7F079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{21B16159-9E33-4475-AD8D-938A6C23C529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [TCP Query User{0CC7BBAB-123C-449E-8E01-3A65AB600056}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [UDP Query User{46DED8BA-C385-4536-8E6E-E4E000248C61}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [{9A6B556C-E0F1-4AC2-A68A-A4EE986F227D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{0762A2ED-F28A-4FDE-A200-3508948D79E6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{7B8DA2BF-0B95-48B9-89EB-4C565CD64DF6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{3F98B900-0FB6-4449-826D-F8254D0C4E90}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{A1030A5B-F480-400F-8E28-DAA9F93BE79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [{AC2C9D3C-6577-42DB-8ABC-5994C0773F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 2\BloodBowl2.exe
FirewallRules: [TCP Query User{396773FB-654E-47B3-B63D-A2118A2901C0}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{ADA8E1D3-19A5-4FF4-824B-BBBFAB7CA17A}C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{207B9F24-8106-4B41-B5D7-582AA2F5C43B}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{8E2C803F-668D-4CE8-B451-12055906D509}C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [{0D7A9B12-61D6-42EB-9288-ABE06B1D3598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{68F61DCC-67F5-432D-90C3-CFE41BF2AC06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{F3B4184A-2E92-447E-8297-A7332611DB08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{86397AE0-F1F3-4627-BB86-A3211B4222DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{DF3E7C63-BF16-49FF-ACA7-E9826CFB496D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{7FEA67F5-BB9C-43F7-A63B-2C4D72DC8223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{AC9266AB-EDF3-4C92-BD16-4583AB707FBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{8F2BDCBD-2CD1-4389-B264-2A2B2E473B50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{DE5EFDFC-52DD-4876-8802-95744F6DF200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{A422417E-7A41-493A-8DBF-BBD5C296ADBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{45ED8ADE-F162-451C-9A48-F0380D6C5C45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{DDF682E8-37C8-421C-8BC5-D5C537ED5BBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{4D3A6A36-34FA-440F-829A-437BB004AB1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{8ADC7768-B0FA-4090-A915-B47857036F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{94D67E2C-0F7E-4B7C-BF88-EBF5C28D52A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{33898CE7-786C-4267-9361-2A80770B717C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{4528EA85-A85D-4B28-9CA3-350663844050}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FC3281A4-8632-4470-B2B6-16D416E684EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1FE3A051-5413-400C-A20B-B433BEF669D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{124A612F-A060-4341-8492-94B14271A18E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{23CE8BB9-2E9E-49CD-9A2A-94E2071EA52A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{8337C047-BEA7-44CA-9112-F1F5B9C4FE65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{CCC9D65E-4E8A-4D1C-B9E5-F4D7985BFBAA}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [UDP Query User{B9BD39BA-D0AC-460E-AA36-E2202DB0910F}C:\users\glass\dropbox\sub_txt\plugin_host.exe] => (Allow) C:\users\glass\dropbox\sub_txt\plugin_host.exe
FirewallRules: [{FD2D1451-2DC1-42BC-9E73-0BC990040966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B49C9929-F404-4BDD-B4C3-BE6280D6C90C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{C57CA21C-F121-4215-B4DB-821B7EF4D4E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{4F3BA0E9-BAB8-48F6-9CCE-C38DED1063C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{54B6CEE0-65F5-4CB1-BA80-7B30497004C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{2612D965-F06E-46DE-AFFF-03019EC31D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{6B0F0DDA-5866-4F50-AA79-3FA2E12F6A92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{98AC9D0A-47B9-4DCA-9E10-23FFA945266A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{C243A58E-CC0D-4BF0-8E09-41EB04495F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1F0896A4-AAC5-4306-92F1-6900528F2D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{606163FA-2DBE-4AA7-AE79-9F6F160CB36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{4C32475A-977C-4C65-B441-90E826E12F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{3CCD266E-D915-4BEE-AFF1-95320EE5A6FA}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{2196F90C-9DA6-4EB5-AA1A-B0F69694D85D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{9B09D090-4F5C-45CC-93FB-0A12EBF6CAAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{1369D4D5-5E4E-41D3-8EE4-B6196E075C72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{0F04D9D0-ACFB-47AF-A6E9-0C08BF2172FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1C16A849-B9CD-4F0B-AC7B-D2E514F487D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0A63D6F1-A7C0-4261-B4A5-D4A1564C2273}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{09E7514E-AA06-42CB-8FFD-0869F8037AAC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5E0B6CAF-0AC4-4FC4-A900-327044D029FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe
FirewallRules: [{9F42C4EC-096E-4A32-BA20-C4C4BD86D6C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe
FirewallRules: [{577B9C29-4BFF-4AAB-B2C2-A97620DFF554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\80 Days\80 Days.exe
FirewallRules: [{21BB6889-3587-4170-A8A9-E4BAD515FCA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\80 Days\80 Days.exe
FirewallRules: [{4EC0EF1E-9BAA-4410-BB76-CBBDB21349B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{722E5425-BDF8-41D8-BD0C-6486024D93FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{E27589B5-4C7F-4F63-A264-2248064CC071}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{84D1B42C-7FE0-4DD6-AE27-84811648C155}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{D3BE8AA4-DB04-4E93-BEE6-7610C80A8E3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{44786570-BADB-41D1-8DE3-C352761075B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{C3A1B6C5-D0DE-4139-9D46-9C0542F45846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{7D183C4C-2A1B-448E-AB6C-B614E38A9449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{A69357FF-9220-4B45-A781-2B5F00345838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{8C5908B0-4933-414A-923F-54FBCF312AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{98262C57-4D66-4B1C-AF9B-B53331D62BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{029B05C6-C2C8-4A2B-B03D-AC12CC6FBE0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{56C91BE0-EDF0-4673-9F2A-B3E7FD435B75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Time To Explain Remastered\NoTimeToExplain.exe
FirewallRules: [{047CCDC1-066D-4F6D-9560-38B62DEBBD72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe
FirewallRules: [{1989F3EC-1E54-42BD-98C0-C429E56233C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe
FirewallRules: [{02CB984B-935A-4448-8CF8-863C6F94AA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{4F1B6914-ABA0-431F-9EA6-B9AA76F3325F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
 
==================== Restore Points =========================
 
09-06-2016 00:25:57 Scheduled Checkpoint
12-06-2016 22:03:58 Restore Point Created by FRST
14-06-2016 01:01:02 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2016 01:38:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 09:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 07:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 05:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 03:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 01:11:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 11:11:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 09:11:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 07:11:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WAYNETUNDRA)
Description: Activation of application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 06:03:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Desktop Service.exe, version: 3.4.1.181, time stamp: 0x56561d50
Faulting module name: Adobe Desktop Service.exe, version: 3.4.1.181, time stamp: 0x56561d50
Exception code: 0xc0000409
Fault offset: 0x0016092f
Faulting process ID: 0x27ec
Faulting application start time: 0xAdobe Desktop Service.exe0
Faulting application path: Adobe Desktop Service.exe1
Faulting module path: Adobe Desktop Service.exe2
Report ID: Adobe Desktop Service.exe3
Faulting package full name: Adobe Desktop Service.exe4
Faulting package-relative application ID: Adobe Desktop Service.exe5
 
 
System errors:
=============
Error: (06/16/2016 10:00:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5de077 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/16/2016 10:00:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5de077 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/16/2016 10:00:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5de077 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/16/2016 10:00:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5de077 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/16/2016 10:00:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/16/2016 07:37:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/15/2016 07:36:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/15/2016 07:36:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/15/2016 03:31:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/14/2016 02:38:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-06-16 22:10:40.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-16 03:09:13.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-12 04:08:08.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-10 03:11:35.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-08 14:49:33.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-06 17:56:12.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-06 17:56:12.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-06 17:55:32.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-06 17:55:32.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-06 15:01:16.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8077.47 MB
Available physical RAM: 4510.47 MB
Total Virtual: 9357.47 MB
Available Virtual: 5409.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:832.54 GB) (Free:385.3 GB) NTFS
Drive d: (SCRATCH) (Fixed) (Total:97.66 GB) (Free:80.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 07:58 PM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\autodesk\wi\autodesk 3ds max 2016\x64\max\autodesk\3ds max 2016\maps\substance\textures\cracked_plaster.sbsar
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\brushes\fun\cracks.mel
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\brushes\fun\cracks.mel.icon
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\plug-ins\xgen\presets\expressions\samples\color\procedural\patterns\cracks_brokenglass.se
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\presets\nparticles\examples\crackegg.ma
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\presets\stamp\.mayaswatches\rgb_crackedfun1.tif.swatch
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\presets\stamp\.mayaswatches\rgb_mudcracks.tif.swatch
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\scripts\others\crackshatter.mel
c:\autodesk\wi\autodesk maya 2016\x64\maya\autodesk\maya2016\scripts\others\crackshatter.res.mel
c:\program files\autodesk\3ds max 2016\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\maya2016\brushes\fun\cracks.mel
c:\program files\autodesk\maya2016\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2016\plug-ins\xgen\presets\expressions\samples\color\procedural\patterns\cracks_brokenglass.se
c:\program files\autodesk\maya2016\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2016\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2016\presets\stamp\.mayaswatches\rgb_crackedfun1.tif.swatch
c:\program files\autodesk\maya2016\presets\stamp\.mayaswatches\rgb_mudcracks.tif.swatch
c:\program files\autodesk\maya2016\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2016\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2016\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2016\scripts\others\crackshatter.res.mel
c:\program files\luxology\modo\901\help\content\help\pages\shading_lighting\emodo_textures\crackle.html
c:\program files\side effects software\houdini 15.0.244.16\houdini\config\dialogs\vop\cellcracks
c:\program files\side effects software\houdini 15.0.244.16\houdini\config\dialogs\vop\crackle
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\nodes\vop\cellcracks.html
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\nodes\vop\cellcracks.txt
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\nodes\vop\crackle.html
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\nodes\vop\crackle.txt
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\vex\functions\cracktransform.html
c:\program files\side effects software\houdini 15.0.244.16\houdini\help\vex\functions\cracktransform.txt
c:\program files\side effects software\houdini 15.0.244.16\python26\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\side effects software\houdini 15.0.244.16\python26\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\program files\side effects software\houdini 15.0.244.16\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\side effects software\houdini 15.0.244.16\python27\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\program files\side effects software\houdini 15.0.244.16\toolkit\include\ut\ut_crackmatrix.h
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\program files (x86)\epic games\4.10\engine\shaders\particlesortkeygen.usf
c:\program files (x86)\steam\steamapps\common\castlecrashers\data\sounds\sound_frost_crackle.xma
c:\users\glass\documents\luxology\content\assets\materials\enhanced modo\floors\crackle layers 01.lxp
c:\users\glass\documents\luxology\content\assets\materials\organic\dirt\dirt cracks 01.lxp
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_001_crack_01.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_002_crack_02.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_003_crack_03.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_004_crack_04.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_005_crack_05.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_006_crack_06.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_007_crack_07.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_008_crack_08.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_009_crack_09.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\w6_010_crack_10.flv
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_001.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_002.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_003.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_004.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_005.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_006.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_007.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_008.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_009.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_010.hip
c:\users\glass\videos\tuts\introduction to fx using houdini\week 06\week 06 project files\crack_final_001.hip
hosts 127.0.0.1 209-34-83-73.ood.opsource.net
hosts 127.0.0.1 3dns-1.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-4.adobe.com
hosts 127.0.0.1 3dns-5.adobe.com
hosts 127.0.0.1 3dns.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com
hosts 127.0.0.1 activate.wip2.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 activate.wip4.adobe.com
hosts 127.0.0.1 adobe-dns-1.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com 
hosts 127.0.0.1 adobe-dns-5.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 ereg.wip.adobe.com
hosts 127.0.0.1 ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 ereg.wip4.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1 ood.opsource.net
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 t3dns.adobe.com
hosts 127.0.0.1 wip.adobe.com
hosts 127.0.0.1 wip1.adobe.com
hosts 127.0.0.1 wip2.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 wip4.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip100.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip101.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip102.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip103.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip104.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip105.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip106.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip107.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip108.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip109.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip110.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip111.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip112.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip113.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip114.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip115.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip116.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip117.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip118.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip119.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip120.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip121.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip122.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip123.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip124.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip125.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip30.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip31.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip32.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip33.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip34.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip35.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip36.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip37.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip38.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip39.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip40.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip41.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip42.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip43.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip44.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip45.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip46.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip47.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip48.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip49.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip50.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip51.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip52.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip53.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip54.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip55.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip56.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip57.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip58.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip59.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip61.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip62.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip63.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip64.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip65.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip66.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip67.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip68.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip69.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip70.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip71.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip72.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip73.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip74.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip75.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip76.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip77.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip78.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip79.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip80.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip80.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip81.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip81.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip82.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip82.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip83.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip83.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip84.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip84.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip85.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip85.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip86.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip86.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip87.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip87.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip88.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip88.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip89.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip89.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip90.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip90.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip91.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip91.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip92.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip92.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip93.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip93.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip94.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip94.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip95.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip95.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip96.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip96.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip97.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip97.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip98.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip98.adobe.com 
hosts 127.0.0.1 wwis-dubc1-vip99.adobe.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 www.wip.adobe.com
hosts 127.0.0.1 www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com
hosts 127.0.0.1 www.wip3.adobe.com
hosts 127.0.0.1 www.wip4.adobe.com
scanner sequence 3.ZZ.11.QJAPXZ
 ----- EOF ----- 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:34 AM

Posted 16 June 2016 - 08:44 PM

Thank you, please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Policies\Explorer: []
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M138456E0-7D48-4990-A33C-834C0376DB61&SearchSource=55&CUI=&UM=5&UP=SP2093388E-9658-439D-A52F-900F3B4A6C5B&SSPV=
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=cr_36.0.1985.125&apn_uid=462180D4-ADA0-4F9C-8C85-A7E3DA48B932&itbv=12.15.1.20&doi=2014-07-19&psv=&pt=tb"
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DBDFEF1D0EDC}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {02FC48BF-7BB4-44E4-BDB3-AB39456FA070} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {06579FA5-6DA3-4876-A0B1-C80EBC7F874E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2A570E90-7918-4952-9FBA-0840F6764771} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4FC0821F-1755-4F6C-936D-0ECA000DA57C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {56BAEB37-3346-46CC-9B7B-723DC29AE545} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A0A63F2-4884-4FA5-86F3-D48790016C9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7CC7BDBE-6021-46B1-83F4-17621FFC6355} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8235D99C-DF22-46CB-97E6-3F18ECE3231A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {93C4081D-BBD6-4C93-9EFA-1938ABA079F9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A517FE5F-2AE4-42D5-993C-93A4C95D6EE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F0DC017F-CB05-4397-A57E-4AAFF4B951E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FA90B66A-BCF7-448D-BECF-53EADAC571D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat (No File)
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\RubyGems Documentation Server.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\gem.bat (No File)
AlternateDataStreams: C:\Users\glass\Local Settings:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\Application Data:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\ptPTX9a6w7LRPky:KPTJpL4AMxTZa2rQxDoJp4xtn8K [2040]
AlternateDataStreams: C:\Users\glass\AppData\Local\Temp:jJEqoZova0uj5aQDqRX24K3NM [1962]
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 09:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by glass (2016-06-12 22:03:58) Run:1
Running from C:\Users\glass\Downloads
Loaded Profiles: glass (Available Profiles: glass)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={02FCE547-1D34-40AC-8C3B-4F51A98711FC}&mid=a54f2c0e60ec47cc9d0fc18a3d695368-9a9700404058355b28cda16bce228f186e7a8b8d&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-10 07:43:47&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1391370955-1921924271-2011258139-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={02FCE547-1D34-40AC-8C3B-4F51A98711FC}&mid=a54f2c0e60ec47cc9d0fc18a3d695368-9a9700404058355b28cda16bce228f186e7a8b8d&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-10 07:43:47&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1391370955-1921924271-2011258139-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={02FCE547-1D34-40AC-8C3B-4F51A98711FC}&mid=a54f2c0e60ec47cc9d0fc18a3d695368-9a9700404058355b28cda16bce228f186e7a8b8d&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-06-10 07:43:47&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-06-10] (AVG)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-06-10] (AVG)
Toolbar: HKU\S-1-5-21-1391370955-1921924271-2011258139-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-06-10] (AVG Secure Search)
C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0612D7AD-2D0D-4496-A258-A467BC6182EE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {44F2BBA3-A32F-4161-A371-E7F9BDF01451} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {596E153A-4130-4234-A56B-1F83FCB2D28E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {605501C6-003B-41CF-BC66-AA962D08FC45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6B0B686A-D55F-46F7-8747-98EC2DD3CFD6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BC46854E-F3B3-47D4-B1EC-37F295C7734A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C82DD39F-7F98-403B-A6A3-E103F5A776BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C93C7166-983C-43B8-92AC-67E714CFBB3A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DB191256-896E-4161-BA5C-2EEC19B55880} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FB550146-7C5B-4EEE-9D09-A7D768C49DF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FD605CBF-DDA6-4693-BA3C-10CF6220F069} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\rebecca\Downloads\bitdefender_tsecurity_g7S5DpsZ0XehPg3vqBrQTSZUsjo.exe:BDU [0]
AlternateDataStreams: C:\Users\rebecca\Downloads\GoogleEarthSetup (1).exe:BDU [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe => No running process found
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value not found.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => not found.
C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found
C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
HKU\S-1-5-21-1391370955-1921924271-2011258139-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => key not found. 
vToolbarUpdater40.3.1 => service not found.
"C:\Users\rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0612D7AD-2D0D-4496-A258-A467BC6182EE} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44F2BBA3-A32F-4161-A371-E7F9BDF01451} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{596E153A-4130-4234-A56B-1F83FCB2D28E} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{605501C6-003B-41CF-BC66-AA962D08FC45} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B0B686A-D55F-46F7-8747-98EC2DD3CFD6} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC46854E-F3B3-47D4-B1EC-37F295C7734A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C82DD39F-7F98-403B-A6A3-E103F5A776BE} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93C7166-983C-43B8-92AC-67E714CFBB3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB191256-896E-4161-BA5C-2EEC19B55880} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB550146-7C5B-4EEE-9D09-A7D768C49DF9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD605CBF-DDA6-4693-BA3C-10CF6220F069} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\Users\rebecca\Downloads\bitdefender_tsecurity_g7S5DpsZ0XehPg3vqBrQTSZUsjo.exe" => ":BDU" ADS not found.
"C:\Users\rebecca\Downloads\GoogleEarthSetup (1).exe" => ":BDU" ADS not found.
EmptyTemp: => 4.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:08:38 ====
 


#8 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 09:16 PM

SUMMARY

Attached Files



#9 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 09:19 PM

disable spyware and antivirus keys still present in registry. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:34 AM

Posted 16 June 2016 - 09:52 PM

Is there some reason why you did not run the Fixlist I posted but ran something different?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 10:26 PM

huh? i followed the steps precisely- copied the text into notepad, saved the file in the same location as frst and ran the program



#12 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 10:34 PM

ah, the timestamp on the fixlog is wrong, it must be an old file



#13 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 June 2016 - 10:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by glass (2016-06-17 04:37:59) Run:4
Running from C:\Users\glass\Downloads
Loaded Profiles: glass (Available Profiles: glass)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\...\Policies\Explorer: []
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M138456E0-7D48-4990-A33C-834C0376DB61&SearchSource=55&CUI=&UM=5&UP=SP2093388E-9658-439D-A52F-900F3B4A6C5B&SSPV=
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=cr_36.0.1985.125&apn_uid=462180D4-ADA0-4F9C-8C85-A7E3DA48B932&itbv=12.15.1.20&doi=2014-07-19&psv=&pt=tb"
CustomCLSID: HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DBDFEF1D0EDC}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {02FC48BF-7BB4-44E4-BDB3-AB39456FA070} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {06579FA5-6DA3-4876-A0B1-C80EBC7F874E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2A570E90-7918-4952-9FBA-0840F6764771} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4FC0821F-1755-4F6C-936D-0ECA000DA57C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-10-21] (Realtek Semiconductor)
Task: {56BAEB37-3346-46CC-9B7B-723DC29AE545} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A0A63F2-4884-4FA5-86F3-D48790016C9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7CC7BDBE-6021-46B1-83F4-17621FFC6355} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8235D99C-DF22-46CB-97E6-3F18ECE3231A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {93C4081D-BBD6-4C93-9EFA-1938ABA079F9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A517FE5F-2AE4-42D5-993C-93A4C95D6EE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F0DC017F-CB05-4397-A57E-4AAFF4B951E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FA90B66A-BCF7-448D-BECF-53EADAC571D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat (No File)
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\RubyGems Documentation Server.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\gem.bat (No File)
AlternateDataStreams: C:\Users\glass\Local Settings:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\Application Data:08ETaybTABbiac0YuWA1awv [2324]
AlternateDataStreams: C:\Users\glass\AppData\Local\ptPTX9a6w7LRPky:KPTJpL4AMxTZa2rQxDoJp4xtn8K [2040]
AlternateDataStreams: C:\Users\glass\AppData\Local\Temp:jJEqoZova0uj5aQDqRX24K3NM [1962]
hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-141182051-2556109553-1899525483-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
HKU\S-1-5-21-141182051-2556109553-1899525483-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DBDFEF1D0EDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FC48BF-7BB4-44E4-BDB3-AB39456FA070} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06579FA5-6DA3-4876-A0B1-C80EBC7F874E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A570E90-7918-4952-9FBA-0840F6764771} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FC0821F-1755-4F6C-936D-0ECA000DA57C} => key not found. 
C:\WINDOWS\System32\Tasks\RtHDVBg => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtHDVBg => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56BAEB37-3346-46CC-9B7B-723DC29AE545} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0A63F2-4884-4FA5-86F3-D48790016C9F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC7BDBE-6021-46B1-83F4-17621FFC6355} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8235D99C-DF22-46CB-97E6-3F18ECE3231A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93C4081D-BBD6-4C93-9EFA-1938ABA079F9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A517FE5F-2AE4-42D5-993C-93A4C95D6EE2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0DC017F-CB05-4397-A57E-4AAFF4B951E8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA90B66A-BCF7-448D-BECF-53EADAC571D5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\RubyGems Documentation Server.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\gem.bat (No File) => Error: No automatic fix found for this entry.
"C:\Users\glass\Local Settings" => ":08ETaybTABbiac0YuWA1awv" ADS not found.
"C:\Users\glass\AppData\Local" => ":08ETaybTABbiac0YuWA1awv" ADS not found.
"C:\Users\glass\AppData\Local\Application Data" => ":08ETaybTABbiac0YuWA1awv" ADS not found.
"C:\Users\glass\AppData\Local\ptPTX9a6w7LRPky" => ":KPTJpL4AMxTZa2rQxDoJp4xtn8K" ADS not found.
"C:\Users\glass\AppData\Local\Temp" => ":jJEqoZova0uj5aQDqRX24K3NM" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 04:38:02 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:34 AM

Posted 17 June 2016 - 08:44 AM

OK, looks like this is the second run.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 brokedat

brokedat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 17 June 2016 - 02:25 PM

Farbar Service Scanner Version: 27-01-2016
Ran by glass (administrator) on 17-06-2016 at 20:24:06
Running from "C:\Users\glass\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is unreachable
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users