Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE11 "api.avid-ad-server.com" or "ads.everquote.com" page opens upon startup


  • This topic is locked This topic is locked
3 replies to this topic

#1 TLSOG

TLSOG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 August 2017 - 02:31 PM

For the past couple days, every time I turn on or restart my computer, I'm greeted with an ad from one of the two URLs above. Oddly, they open in Internet Explorer, which I've never even used on this PC. I've run scans with both Windows Defender and Malwarebytes, but neither have detected anything. The requested log files are attached below; any help would be very greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Ean (administrator) on DESKTOP-ITHLBJ0 (22-08-2017 15:09:30)
Running from C:\Users\Ean\Desktop
Loaded Profiles: Ean (Available Profiles: Ean)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\Ean\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [Spotify Web Helper] => C:\Users\Ean\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-15] (Spotify Ltd)
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe [2618488 2016-09-20] (i-Funbox.com)
HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{89309035-e3ea-4092-a706-94763720f4ba}: [DhcpNameServer] 192.168.0.1 205.171.2.226

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 6f8vu3ns.default
FF ProfilePath: C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default [2017-08-22]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\artur.dubovoy@gmail.com [2017-08-15]
FF Extension: (MEGA) - C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\firefox@mega.co.nz.xpi [2017-08-20]
FF Extension: (Adblock Plus) - C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default [2017-08-22]
CHR Extension: (Google Slides) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
CHR Extension: (Google Docs) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
CHR Extension: (Google Drive) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (YouTube) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Google Sheets) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKU\S-1-5-21-2224571949-512383846-3584647482-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-01] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-12-01] (GOG.com)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-19] (Hi-Rez Studios) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-07] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-07] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-08-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-08-09] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-20] (Power Admin LLC)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [84472 2015-10-07] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 ggsomc; C:\WINDOWS\system32\DRIVERS\ggsomc.sys [30424 2017-01-26] (Sony Mobile Communications)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-01-08] (hxxp://libusb-win32.sourceforge.net)
S3 Lycosa; C:\WINDOWS\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R1 MpKsle1bdf547; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8C71EC5-8B80-4BD3-B65E-E919C6DEFB1C}\MpKsle1bdf547.sys [44928 2017-08-22] (Microsoft Corporation)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-03-18] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-07] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2016-06-10] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 vmultia; C:\WINDOWS\System32\drivers\vmultia.sys [20720 2013-01-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-22 15:09 - 2017-08-22 15:10 - 000014186 _____ C:\Users\Ean\Desktop\FRST.txt
2017-08-22 15:09 - 2017-08-22 15:09 - 000000000 ____D C:\FRST
2017-08-22 15:08 - 2017-08-22 15:07 - 002395648 _____ (Farbar) C:\Users\Ean\Desktop\FRST64.exe
2017-08-22 15:07 - 2017-08-22 15:07 - 002395648 _____ (Farbar) C:\Users\Ean\Downloads\FRST64.exe
2017-08-22 07:34 - 2017-08-22 07:35 - 048750920 _____ C:\Users\Ean\Downloads\BDPUARLauncher.exe
2017-08-22 07:13 - 2017-08-22 07:15 - 000000000 ____D C:\AdwCleaner
2017-08-22 07:12 - 2017-08-22 07:12 - 008185288 _____ (Malwarebytes) C:\Users\Ean\Downloads\adwcleaner_7.0.1.0.exe
2017-08-17 07:17 - 2017-08-17 07:17 - 000000221 _____ C:\Users\Ean\Desktop\Xotic.url
2017-08-17 01:36 - 2017-08-17 01:36 - 000000222 _____ C:\Users\Ean\Desktop\Carmageddon Max Pack.url
2017-08-17 01:36 - 2017-08-17 01:36 - 000000222 _____ C:\Users\Ean\Desktop\Carmageddon Max Damage.url
2017-08-15 01:43 - 2017-08-15 01:43 - 000005767 _____ C:\WINDOWS\SysWOW64\CDUninst.isu
2017-08-15 01:43 - 1998-07-30 12:51 - 000305152 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-08-15 01:43 - 1998-02-13 14:30 - 000143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2017-08-15 01:43 - 1997-11-06 12:53 - 000027648 _____ (Intel Corporation.) C:\WINDOWS\SysWOW64\ir50_lcs.dll
2017-08-15 01:43 - 1997-08-27 09:53 - 000391168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\i263_32.drv
2017-08-15 01:43 - 1997-06-13 08:56 - 000056832 _____ C:\WINDOWS\SysWOW64\Iyvu9_32.dll
2017-08-15 01:41 - 2017-08-15 01:41 - 000000000 ____D C:\Users\Ean\Documents\Bethesda
2017-08-14 20:37 - 2017-08-14 20:37 - 000000000 ____D C:\Users\Ean\Documents\FeedbackHub
2017-08-08 21:26 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-08 21:26 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-08 21:26 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-08 21:26 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-08 21:26 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-08 21:26 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-08 21:26 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-08 21:26 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-08 21:26 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-08 21:26 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-08 21:26 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-08 21:26 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-08 21:26 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-08 21:26 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-08 21:26 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-08 21:26 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-08 21:26 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-08 21:26 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-08 21:26 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-08 21:26 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-08 21:26 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-08 21:26 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-08 21:26 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-08 21:26 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-08 21:26 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-08 21:26 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-08 21:26 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-08 21:26 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-08 21:26 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-08 21:26 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-08 21:26 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-08 21:26 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-08 21:26 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-08 21:26 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-08 21:26 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-08 21:26 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-08 21:26 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-08 21:26 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-08 21:26 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-08 21:26 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-08 21:26 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-08 21:26 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-08 21:26 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-08 21:26 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-08 21:26 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-08 21:26 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-08 21:26 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-08 21:26 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-08 21:26 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-08 21:26 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-08 21:26 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-08 21:26 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-08 21:26 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-08 21:26 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-08 21:26 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-08 21:26 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-08 21:26 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-08 21:26 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-08 21:26 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-08 21:26 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-08 21:26 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-08 21:26 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-08 21:26 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-08 21:26 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-08 21:26 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-08 21:26 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-08 21:26 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-08 21:26 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-08 21:26 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-08 21:26 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-08 21:26 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-08 21:26 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-08 21:26 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-08 21:26 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-08 21:26 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-08 21:26 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-08 21:26 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-08 21:26 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-08 21:26 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-08 21:26 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-08 21:26 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-08 21:26 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-08 21:26 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-08 21:26 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-08 21:26 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-08 21:26 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-08 21:26 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-08 21:26 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-08 21:26 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-08 21:26 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-08 21:26 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-08 21:26 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-08 21:26 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-08 21:26 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-08 21:26 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-08 21:26 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-08 21:26 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-08 21:26 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-08 21:26 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-08 21:26 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-08 21:26 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-08 21:25 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-08 21:25 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-08 21:25 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-08 21:25 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-08 21:25 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-08 21:25 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-08 21:25 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-08 21:25 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-08 21:25 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-08 21:25 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-08 21:25 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-08 21:25 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-08 21:25 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-08 21:25 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-08 21:25 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-08 21:25 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-08 21:25 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-08 21:25 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-08 21:25 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-08 21:25 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-08 21:25 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-08 21:25 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-08 21:25 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-08 21:25 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-08 21:25 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-08 21:25 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 21:25 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-08 21:25 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-08 21:25 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-08 21:25 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-08 21:25 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-08 21:25 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-08 21:25 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-08 21:25 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-08 21:25 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-08 21:25 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-08 21:25 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-08 21:25 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-08 21:25 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-08 21:25 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-08 21:25 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-08 21:25 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-08 21:25 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-08 21:25 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-08 21:25 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-08 21:25 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-08 21:25 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-08 21:25 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-08 21:25 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-08 21:25 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-08 21:25 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-08 21:25 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-08 21:25 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-08 21:25 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-08 21:25 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-08 21:25 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-08 21:25 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-08 21:25 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-08 21:25 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-08 21:25 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-08 21:25 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-08 21:25 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-08 21:25 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-08 21:25 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-08 21:25 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-08 21:25 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-08 21:25 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-08 21:25 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-08 21:25 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-08 21:25 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-08 21:25 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-08 21:25 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-08 21:25 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-08 21:25 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-08 21:25 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-08 21:25 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-08 21:25 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-08 21:25 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-08 21:25 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-08 21:25 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-08 21:25 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-08 21:25 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-08 21:25 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-08 21:25 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-08 21:25 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-08 21:25 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-08 21:25 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-08 21:25 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-08 21:25 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-08 21:25 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-08 21:25 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-08 21:25 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-08 21:25 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-08 21:25 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-08 21:25 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-08 21:25 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-08 21:25 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-08 21:25 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-08 21:25 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-08 21:25 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-08 21:25 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-08 21:25 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-08 21:25 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-08 21:25 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-08 21:25 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-08 21:25 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-08 21:25 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-08 21:25 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-08 21:25 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-08 21:25 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-08 21:25 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-08 21:25 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-08 21:25 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-08 21:25 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-08 21:25 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-08 21:25 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-08 21:25 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-08 21:25 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-08 21:25 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-08 21:25 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-08 21:25 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-08 21:25 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-08 21:25 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-08 21:25 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-08 21:25 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-08 21:25 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-08 21:25 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-08 21:25 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-08 21:25 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-08 21:25 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-08 21:25 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-08 21:25 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-08 21:25 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-08 21:25 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-08 21:25 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-08 21:25 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-08 21:25 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-08 21:25 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-08 21:25 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-08 21:25 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-08 21:25 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-08 21:25 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-08 21:25 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-08 21:25 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-08 21:25 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-08 21:25 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-08 21:25 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-08 21:25 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-08 21:24 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-08 21:24 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-08 21:24 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-08 21:24 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-08 21:24 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-08 21:24 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-08 21:24 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-08 21:24 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-08 21:24 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-08 21:24 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-08 21:24 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-08 21:24 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-08 21:24 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-08 21:24 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-08 21:24 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-08 21:24 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-08 21:24 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-08 21:24 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-08 21:24 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-08 21:24 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-08 11:35 - 2017-08-08 11:35 - 000000000 ____D C:\Users\Ean\Documents\Lucius
2017-08-08 09:03 - 2017-08-08 09:03 - 000000222 _____ C:\Users\Ean\Desktop\Lucius.url
2017-08-08 08:55 - 2017-08-08 08:55 - 000000222 _____ C:\Users\Ean\Desktop\A Story About My Uncle.url
2017-08-08 08:53 - 2017-08-08 08:53 - 000000220 _____ C:\Users\Ean\Desktop\Two Worlds II.url
2017-08-08 08:06 - 2017-08-08 08:06 - 000000222 _____ C:\Users\Ean\Desktop\The Deadly Tower of Monsters.url
2017-08-08 08:06 - 2017-08-08 08:06 - 000000222 _____ C:\Users\Ean\Desktop\DARK.url
2017-08-01 04:08 - 2017-08-17 05:11 - 000000223 _____ C:\Users\Ean\Desktop\Hotline Miami.url
2017-08-01 04:07 - 2017-08-01 04:07 - 000000221 _____ C:\Users\Ean\Desktop\Clive Barker's Jericho.url
2017-08-01 04:06 - 2017-08-01 04:06 - 000000222 _____ C:\Users\Ean\Desktop\Curse The Eye of Isis.url
2017-08-01 04:05 - 2017-08-01 04:05 - 000000222 _____ C:\Users\Ean\Desktop\Another World.url
2017-08-01 01:57 - 2017-08-01 01:57 - 000000222 _____ C:\Users\Ean\Desktop\Shadow Complex Remastered.url
2017-07-25 20:01 - 2017-07-25 20:01 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224571949-512383846-3584647482-1001
2017-07-25 06:28 - 2017-07-25 06:28 - 000000221 _____ C:\Users\Ean\Desktop\Batman Arkham Asylum GOTY Edition.url
2017-07-25 06:21 - 2017-07-25 06:21 - 000000222 _____ C:\Users\Ean\Desktop\Jet Set Radio.url
2017-07-25 05:46 - 2017-07-25 06:17 - 2122231562 _____ C:\Users\Ean\Downloads\Baldur_s_Gate-v1.3.1-WidowIC-iOS5.1-_Clutch-1.4.7_.ipa
2017-07-25 05:45 - 2017-07-25 05:46 - 024330379 _____ C:\Users\Ean\Downloads\305553708.ipa
2017-07-25 05:45 - 2017-07-25 05:45 - 012649398 _____ C:\Users\Ean\Downloads\ZENONIA_2__v1.9_LP_os30_-iNFiN1Ty.ipa
2017-07-25 05:44 - 2017-07-25 05:44 - 013267770 _____ C:\Users\Ean\Downloads\ZENONIA___v1.7_os30_-iNFiN1Ty.ipa
2017-07-25 05:34 - 2017-07-25 05:43 - 623449059 _____ C:\Users\Ean\Downloads\Lunar_Silver_Star_Story_Touch_2.0.2.1_teiron.ipa
2017-07-25 05:28 - 2017-07-25 05:29 - 031934734 _____ C:\Users\Ean\Downloads\Jet_Car_Stunts__v1.5.0_LP_os31_-CrackLords.ipa
2017-07-25 05:17 - 2017-07-25 05:21 - 260772902 _____ C:\Users\Ean\Downloads\CSI_Miami___v1.3.3_os221_-CrackLords.ipa
2017-07-25 05:03 - 2017-07-25 05:06 - 213685043 _____ C:\Users\Ean\Downloads\Need_for_Speed_Shift_for_iPad__v1.0.80_iPad_LP_os32_-Locophone-ICPDA.rc318.ipa
2017-07-25 04:52 - 2017-07-25 04:53 - 066554732 _____ C:\Users\Ean\Downloads\Bugdom_2__v4.3_os50_-Widow-ICPDA.CRK.2222.rc30d6.ipa
2017-07-25 03:40 - 2017-07-25 03:48 - 549502201 _____ C:\Users\Ean\Downloads\Jet_Set_Radio_[SEGA]__v1.2_v2.0_LP_os43_-drAdeLante-ICPDA.rc310.ipa
2017-07-25 02:22 - 2017-07-25 02:32 - 751585522 _____ C:\Users\Ean\Downloads\9mm__v1.0.0_3GS_Univ_LP_os313_-Locophone-ICPDA.rc318.ipa
2017-07-24 23:43 - 2017-07-24 23:48 - 353717157 _____ C:\Users\Ean\Downloads\Gangstar_Miami_Vindication_HD__v1.0.6_iPad_LP_os70_-Locophone-ICPDA.rc318(1).ipa
2017-07-24 23:27 - 2017-07-24 05:05 - 178964610 _____ C:\Users\Ean\Downloads\Gangstar_West_Coast_Hustle_HD__v1.0.0_iPad_LP_os32_-Locophone-ICPDA.rc318.ipa
2017-07-24 23:27 - 2017-07-24 05:04 - 353717157 _____ C:\Users\Ean\Downloads\Gangstar_Miami_Vindication_HD__v1.0.6_iPad_LP_os70_-Locophone-ICPDA.rc318.ipa
2017-07-24 06:02 - 2017-07-24 06:12 - 034131256 _____ C:\Users\Ean\Downloads\Call of Duty Zombies HD [Activision Publishing Inc.] (v1.5.0 iPad os32)-Orbicos.rc30e7.ipa
2017-07-24 06:00 - 2017-07-24 06:00 - 051395651 _____ C:\Users\Ean\Downloads\Call_of_Duty_Zombies__v1.5.0_os30_-Locophone-ICPDA.rc323.ipa
2017-07-24 05:48 - 2017-07-24 05:56 - 541625387 _____ C:\Users\Ean\Downloads\Splinter_Cell_Conviction_HD__v1.0.0_iPad_LP_os32_-Locophone-ICPDA.rc313.ipa
2017-07-24 05:29 - 2017-07-24 05:35 - 410104313 _____ C:\Users\Ean\Downloads\Shadow_Guardian_HD__Gameloft___v1.0.1_iPad_LP_os32_-kOtyara.rc302.ipa
2017-07-24 05:27 - 2017-07-24 05:29 - 157681079 _____ C:\Users\Ean\Downloads\N.O.V.A._Near_Orbit_Vanguard_Alliance_HD__v1.0.7_iPad_LP_os32_-Locophone-ICPDA.rc318.ipa
2017-07-24 05:06 - 2017-07-24 05:13 - 485614376 _____ C:\Users\Ean\Downloads\Dungeon_Hunter_2_HD__v1.0.0_iPad_LP_os32_-Locophone-ICPDA.rc302.ipa

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-22 15:01 - 2016-11-28 20:44 - 000000000 ____D C:\Users\Ean\AppData\LocalLow\Mozilla
2017-08-22 14:59 - 2016-09-24 11:05 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-22 14:57 - 2016-09-22 18:59 - 000000000 ____D C:\Users\Ean\AppData\Local\CrashDumps
2017-08-22 14:57 - 2016-05-29 20:56 - 000000000 ___RD C:\Users\Ean\Google Drive
2017-08-22 14:54 - 2017-05-17 03:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-22 14:54 - 2016-09-27 09:29 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-08-22 14:53 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-22 14:53 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-08-22 14:49 - 2017-05-17 02:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-22 07:50 - 2016-05-23 16:51 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-22 07:45 - 2016-05-13 02:54 - 000000000 ____D C:\Program Files (x86)\Origin
2017-08-22 02:16 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-22 02:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-20 19:16 - 2016-05-04 21:29 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-20 19:14 - 2016-05-04 16:17 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-20 19:14 - 2016-05-04 16:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-17 15:13 - 2016-05-04 23:45 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-16 06:01 - 2017-05-17 02:49 - 000000000 ____D C:\Users\Ean
2017-08-15 01:43 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-14 23:41 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-09 00:14 - 2017-05-17 03:05 - 001031406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-09 00:09 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 00:06 - 2017-05-17 02:46 - 000226136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 00:06 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 00:03 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-08 21:30 - 2016-05-04 21:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-08 21:28 - 2016-05-04 21:26 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 20:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 20:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 08:11 - 2016-08-30 04:47 - 000000000 ____D C:\Users\Ean\AppData\Roaming\KeePass
2017-08-07 20:18 - 2016-05-04 14:29 - 000000000 ____D C:\Users\Ean\AppData\Local\Packages
2017-07-31 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 11:15 - 2017-03-18 17:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-28 05:44 - 2016-05-13 02:55 - 000000000 ____D C:\ProgramData\Origin
2017-07-28 05:43 - 2016-05-13 02:58 - 000000000 ____D C:\Users\Ean\AppData\Roaming\Origin
2017-07-28 05:38 - 2016-06-03 03:01 - 000000000 ____D C:\Users\Ean\AppData\Local\Ubisoft Game Launcher
2017-07-28 00:52 - 2015-10-30 04:13 - 000395232 __RSH C:\bootmgr
2017-07-27 14:53 - 2016-07-08 02:31 - 000000000 ____D C:\Users\Ean\AppData\Roaming\vlc
2017-07-25 20:01 - 2016-05-04 14:31 - 000002357 _____ C:\Users\Ean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-25 20:01 - 2016-05-04 14:31 - 000000000 ___RD C:\Users\Ean\OneDrive

==================== Files in the root of some directories =======

2016-09-06 19:05 - 2016-09-06 19:05 - 000002697 _____ () C:\Users\Ean\AppData\Local\recently-used.xbel
2017-02-27 22:01 - 2017-02-27 22:02 - 000007601 _____ () C:\Users\Ean\AppData\Local\resmon.resmoncfg
2017-01-10 14:01 - 2017-01-10 14:01 - 000001001 _____ () C:\Users\Ean\AppData\Local\RT2870_{89309035-E3EA-4092-A706-94763720F4BA}_wsc

Files to move or delete:
====================
C:\Users\Ean\youtube-dl.exe


Some files in TEMP:
====================
2017-02-08 00:01 - 2017-05-01 16:14 - 000869200 _____ (NVIDIA Corporation) C:\Users\Ean\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-18 04:14 - 2017-05-01 16:14 - 000367552 _____ (NVIDIA Corporation) C:\Users\Ean\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-20 22:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ean (22-08-2017 15:10:49)
Running from C:\Users\Ean\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-17 07:12:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2224571949-512383846-3584647482-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2224571949-512383846-3584647482-503 - Limited - Disabled)
Ean (S-1-5-21-2224571949-512383846-3584647482-1001 - Administrator - Enabled) => C:\Users\Ean
Guest (S-1-5-21-2224571949-512383846-3584647482-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1953 - KGB Unleashed (HKLM\...\Steam App 248490) (Version:  - )
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
A Story About My Uncle (HKLM\...\Steam App 278360) (Version:  - Gone North Games)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alone in the Dark (HKLM-x32\...\1207660923_is1) (Version: 2.1.0.9 - GOG.com)
Amnesia: The Dark Descent (HKLM\...\Steam App 57300) (Version:  - Frictional Games)
Another World (HKLM\...\Steam App 233550) (Version:  - Eric Chahi)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Any Video Converter 5.9.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bad Mojo Redux (HKLM\...\Steam App 255960) (Version:  - Pulse Entertainment)
BallisticNG (HKLM\...\Steam App 473770) (Version:  - Vonsnake)
Balls of Steel (HKLM\...\Steam App 358430) (Version:  - Wildfire Studios)
Batman: Arkham Asylum GOTY Edition (HKLM\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battleborn (HKLM\...\Steam App 394230) (Version:  - Gearbox Software)
Betrayer (HKLM\...\Steam App 243120) (Version:  - Blackpowder Games)
Bionic Commando Rearmed (HKLM\...\Steam App 21680) (Version:  - Capcom)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
Blades of Time (HKLM\...\Steam App 208670) (Version:  - Gaijin Entertainment Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bound By Flame (HKLM\...\Steam App 243930) (Version:  - Spiders)
Call of Cthulhu: Dark Corners of the Earth (HKLM\...\Steam App 22340) (Version:  - Headfirst Productions)
Carmageddon 2: Carpocalypse Now (HKLM\...\Steam App 282030) (Version:  - Stainless Games Ltd)
Carmageddon Max Pack (HKLM\...\Steam App 282010) (Version:  - Stainless Games Ltd)
Carmageddon TDR 2000 (HKLM\...\Steam App 331650) (Version:  - Torus Games)
Carmageddon: Max Damage (HKLM\...\Steam App 505170) (Version:  - Stainless Games Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Clive Barker's Jericho (HKLM\...\Steam App 11420) (Version:  - Mercury Steam)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World)
Curse: The Eye of Isis (HKLM\...\Steam App 302210) (Version:  - Asylum entertainment)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Daikatana (HKLM\...\Steam App 242980) (Version:  - )
Dangerous Golf (HKLM\...\Steam App 405500) (Version:  - Three Fields Entertainment)
DARK (HKLM\...\Steam App 225360) (Version:  - Realmforge Studios)
DC Universe Online (HKLM\...\Steam App 24200) (Version:  - Daybreak Game Company)
Dead Effect (HKLM\...\Steam App 286040) (Version:  - BadFly Interactive, a.s.)
Dead Island (HKLM\...\Steam App 91310) (Version:  - Techland)
Deus Ex: Game of the Year Edition (HKLM\...\Steam App 6910) (Version:  - Ion Storm)
Duke Nukem 3D: Megaton Edition (HKLM\...\Steam App 225140) (Version:  - 3D Realms)
Eldritch (HKLM\...\Steam App 252630) (Version:  - Minor Key Games)
Enclave (HKLM\...\Steam App 253980) (Version:  - Starbreeze)
Fallout (HKLM\...\Steam App 38400) (Version:  - Interplay Inc.)
Far Cry (HKLM\...\Steam App 13520) (Version:  - Crytek Studios)
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freedom Force (HKLM\...\Steam App 8880) (Version:  - Irrational Games)
FreezeME (HKLM\...\Steam App 390210) (Version:  - Rainy Night Creations)
GameSave Manager v3 (HKLM-x32\...\GameSaveManager_v3) (Version: 3.1.442.0 - InsaneMatt)
Garshasp: The Monster Slayer (HKLM\...\Steam App 99400) (Version:  - Dead Mage)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GooCubelets (HKLM\...\Steam App 397620) (Version:  - Zonitron Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grow Home (HKLM\...\Steam App 323320) (Version:  - Reflections, a Ubisoft Studio)
GT Legends (HKLM\...\Steam App 44690) (Version:  - SimBin Studios AB)
Gun Metal (HKLM\...\Steam App 267920) (Version:  - Rage Software)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Harvester (HKLM\...\Steam App 287020) (Version:  - DigiFX Interactive)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hektor (HKLM\...\Steam App 334070) (Version:  - Rubycone)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version:  - IO Interactive)
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - Dennaton Games)
How to Survive (HKLM\...\Steam App 250400) (Version:  - EKO Software)
iFunbox (v3.0.3939.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3939.1352 - iFunbox DevTeam)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Injustice: Gods Among Us Ultimate Edition (HKLM\...\Steam App 242700) (Version:  - NetherRealm Studios)
Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version:  - )
Ittle Dew (HKLM\...\Steam App 241320) (Version:  - Ludosity)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jet Set Radio (HKLM\...\Steam App 205950) (Version:  - Blit Software)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Killer is Dead (HKLM\...\Steam App 261110) (Version:  - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
Knee Deep (HKLM\...\Steam App 371300) (Version:  - Prologue Games)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
LEGO Batman 2 (HKLM\...\Steam App 213330) (Version:  - TT Games)
LEGO Batman: The Videogame (HKLM\...\Steam App 21000) (Version:  - Traveller's Tales)
Lego Harry Potter (HKLM\...\Steam App 21130) (Version:  - TT Games)
LEGO® MARVEL Super Heroes (HKLM\...\Steam App 249130) (Version:  - Traveller's Tales)
LEGO® The Lord of the Rings™ (HKLM\...\Steam App 214510) (Version:  - Traveller's Tales)
Lethal League (HKLM\...\Steam App 261180) (Version:  - Team Reptile)
Lovely Planet (HKLM\...\Steam App 298600) (Version:  - QUICKTEQUILA)
Lucius (HKLM\...\Steam App 218640) (Version:  - Shiver Games)
Malebolgia (HKLM\...\Steam App 318860) (Version:  - Jochen Mistiaen)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mighty No. 9 (HKLM\...\Steam App 314710) (Version:  - Comcept)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nexus Root Toolkit (HKLM-x32\...\Nexus Root Toolkit) (Version: 2.1.9 - WugFresh)
NOX (HKLM-x32\...\{BF152F35-9708-452C-862C-F7E3B62DF732}) (Version: 2.0.0.20 - Electronic Arts, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Oddworld: Abe's Oddysee (HKLM\...\Steam App 15700) (Version:  - Oddworld Inhabitants)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.1.43152 - Electronic Arts, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Party Hard (HKLM\...\Steam App 356570) (Version:  - Pinokl Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1054.0 - Passmark Software)
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - Zen Studios)
Pongo (HKLM\...\Steam App 369000) (Version:  - Drixy Games)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version:  - Ubisoft)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PS/GC/BOX To PC CONVERTOR (HKLM-x32\...\FT8D91) (Version:  - )
Quake (HKLM\...\Steam App 2310) (Version:  - id Software)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version:  - Ubisoft)
Really Slick Screensavers 0.2 (HKLM-x32\...\ReallySlickScreensavers) (Version:  - )
Realms of the Haunting (HKLM\...\Steam App 292390) (Version:  - Gremlin Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Resident Evil 6 Benchmark Tool (HKLM\...\Steam App 229950) (Version:  - Capcom)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScummVM 1.8.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SEGA Mega Drive & Genesis Classics (HKLM\...\Steam App 34270) (Version:  - Sega)
Serious Sam HD: The First Encounter (HKLM\...\Steam App 41000) (Version:  - Croteam)
Shadow Complex Remastered (HKLM\...\Steam App 385560) (Version:  - ChAIR Entertainment)
Shadow Warrior Demo (HKLM\...\Steam App 281150) (Version:  - Flying Wild Hog)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SixaxisPairTool 0.3.1 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.1 - Dancing Pixel Studios)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.)
Sonic Adventure DX (HKLM\...\Steam App 71250) (Version:  - SEGA)
Sonic CD (HKLM\...\Steam App 200940) (Version:  - Blit Software)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.1.201701181219 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-2224571949-512383846-3584647482-1001\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Star Trek™ - 25th Anniversary (HKLM-x32\...\1427108887_is1) (Version: 2.0.0.5 - GOG.com)
STAR WARS™: Knights of the Old Republic™ (HKLM\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Racing Syndicate (HKLM\...\Steam App 292410) (Version:  - Eutechnyx)
Strider (HKLM\...\Steam App 235210) (Version:  - Double Helix Games)
Strife: Veteran Edition (HKLM\...\Steam App 317040) (Version:  - Rogue Entertainment)
System Shock: Enhanced Edition (HKLM\...\Steam App 410710) (Version:  - Looking Glass Studios)
The 11th Hour (HKLM\...\Steam App 255940) (Version:  - Trilobyte Games)
The 7th Guest (HKLM\...\Steam App 255920) (Version:  - Trilobyte Games)
The Deadly Tower of Monsters (HKLM\...\Steam App 353700) (Version:  - ACE Team)
The Mean Greens - Plastic Warfare (HKLM\...\Steam App 360940) (Version:  - Virtual Basement LLC)
The Music Machine (HKLM\...\Steam App 359040) (Version:  - David Szymanski)
The Troma Project (HKLM\...\Steam App 279640) (Version:  - Nekrosoft)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version:  - id Software)
Thief Gold (HKLM\...\Steam App 211600) (Version:  - Looking Glass Studios)
Tom Clancy's Rainbow Six (HKLM-x32\...\Uplay Install 2298) (Version:  - Ubisoft)
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tony Hawk's Pro Skater HD (HKLM\...\Steam App 207210) (Version:  - Robomodo)
TOXIKK (HKLM\...\Steam App 324810) (Version:  - Reakktor Studios)
Toy Soldiers: Complete (HKLM\...\Steam App 262120) (Version:  - Signal Studios)
Two Worlds Control Panel 1.0.7 (HKLM-x32\...\{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}) (Version: 1.0.7 - Inside Operations)
Two Worlds II (HKLM\...\Steam App 7520) (Version:  - Reality Pump Studios)
Two Worlds: Epic Edition (HKLM\...\Steam App 1930) (Version:  - Reality Pump Studios)
Uncanny Valley (HKLM\...\Steam App 359580) (Version:  - Cowardly Creations)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-5f4f06de-c06a-4135-991c-c7172d6992b8) (Version:  - Epic Games, Inc.)
Unreal Gold (HKLM\...\Steam App 13250) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
Velvet Assassin (HKLM\...\Steam App 16720) (Version:  - Replay Studios)
Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: alpha v0.25
 (HKLM\...\UDK-21d1f661-edb8-496f-b691-bc8a27929d12) (Version:  - RuneStorm
)
Visual Pinball (HKLM-x32\...\Visual Pinball) (Version: 10.1.0.0 - www.vpforums.org)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Xotic (HKLM\...\Steam App 92600) (Version:  - WXP Games, LLC)
Xperia Companion (HKLM-x32\...\{3FC90BF7-B316-40DF-819C-A06D70E5ED2E}) (Version: 1.4.7.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion Service (HKLM\...\{D045DF86-7FF9-4CF2-919A-7BD172A43AAC}) (Version: 1.4.7.0 - Sony) Hidden
Zeno Clash (HKLM\...\Steam App 22200) (Version:  - ACE Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-07] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011FAACD-297B-428E-B68C-3790EA329F01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {161426EB-600E-437D-A2DF-151D0B48F2DE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {377E1823-D938-44CB-BCB0-2780F1E8894D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {4BE15337-5399-4CEA-A728-5E8EB9E22CF6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {6AA5FB80-93C6-4754-A75D-261763EA1564} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {6CEA1511-71C5-4EE4-ACF9-91D1261BAC1E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {7C170D46-2EC4-4D62-BF58-7955F4870474} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {8544158F-50BA-4015-B479-079BE0F64C02} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {B3A3245E-A875-4C0B-8DB7-51CE022C7050} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {DC3E76B1-355D-479A-A173-15581A3CC65E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {EFD54161-A7FD-4F28-8D4C-306AF7C37711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {FED2C50E-5E43-40F5-A9EE-64F27F61D94F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-20 17:39 - 2017-05-03 16:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-16 21:03 - 2017-07-16 21:04 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-16 21:03 - 2017-07-16 21:04 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-16 21:03 - 2017-07-16 21:04 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-16 21:03 - 2017-07-16 21:04 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-20 17:35 - 2009-08-21 15:44 - 002281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 001242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-20 18:41 - 2017-08-09 11:28 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-09-20 17:39 - 2017-05-03 16:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-20 17:35 - 2009-04-06 15:27 - 000098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
2016-09-20 17:35 - 2009-01-05 20:12 - 000159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
2016-09-20 17:35 - 2007-12-06 10:24 - 001167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
2016-09-20 17:35 - 2009-04-06 15:27 - 000032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
2017-01-05 04:09 - 2016-02-24 13:30 - 000499712 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext.dll
2017-08-22 14:56 - 2017-08-22 14:56 - 000098816 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32api.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000110080 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\pywintypes27.dll
2017-08-22 14:56 - 2017-08-22 14:56 - 000364544 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\pythoncom27.dll
2017-08-22 14:56 - 2017-08-22 14:56 - 000320512 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32com.shell.shell.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000914432 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_hashlib.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 001176576 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._core_.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000806400 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._gdi_.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000816128 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._windows_.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 001067008 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._controls_.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000733184 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._misc_.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000682496 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\pysqlite2._sqlite.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000088064 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_ctypes.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000686080 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\unicodedata.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000119808 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32file.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000108544 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32security.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000007168 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\hashobjs_ext.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000017920 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\thumbnails_ext.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000088064 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\usb_ext.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000012800 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\common.time34.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000018432 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32event.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000167936 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32gui.pyd
2017-08-22 14:55 - 2017-08-22 14:56 - 000046080 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_socket.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 001303552 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_ssl.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000128512 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_elementtree.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000127488 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\pyexpat.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000038912 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32inet.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000036864 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_psutil_windows.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000524248 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\windows._lib_cacheinvalidation.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000011264 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32crypt.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000123392 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._wizard.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000077312 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._html2.pyd
2017-08-22 14:55 - 2017-08-22 14:55 - 000027648 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_multiprocessing.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000020480 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\_yappi.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000035840 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32process.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000078848 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\wx._animate.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000024064 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32pipe.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000010240 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\select.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000025600 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32pdh.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000017408 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32profile.pyd
2017-08-22 14:56 - 2017-08-22 14:56 - 000022528 ____R () C:\Users\Ean\AppData\Local\Temp\_MEI52442\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2224571949-512383846-3584647482-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6208C649-152E-4858-A76F-4767EFEACD1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{A7B3007D-166D-4C35-8608-AED14C94A540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{324D13F7-1979-4663-A5CD-8E2C82A45424}] => (Allow) LPort=26675
FirewallRules: [{F11CBE5C-62B7-4B57-B4DE-43F2FA47A714}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{9F4A88D7-A0AF-47F9-B5DC-91EBC7E4857F}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{763768EA-FEBB-403C-ACD0-104E56053C06}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A8DF2379-D76F-4B32-A6EC-E68DE4D7B3FB}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{409AD07A-698D-4718-95EC-FB75A30D95B7}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{2A09E610-6E75-4582-B65B-B00CF7440C9B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2CDEF5B0-A427-45E0-8E5D-ABEEB5D10A74}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF2D09C7-FD43-4463-B29D-DC40BE069426}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95706D5C-F06F-4658-85B9-739332F0F3E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4B2E646-5C8E-4111-BDDE-C3566C056366}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66AF4601-F8F4-4403-ABC6-6A29B62CF619}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C8A3BE7-D8AE-4C0A-A670-79B3F336D131}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{B7245517-DD6A-40EB-BDAE-6ABE710E6CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0702E476-E46A-4821-BB38-B039B80565B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{23AC7FAF-DC63-46A9-9426-EF72BA9C22F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{91CEC6DB-D2ED-4584-A569-585BD36E96D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{F4334086-D323-473C-B5C5-E2703F102ED5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{66DF4B91-98FF-4F2D-98D9-DAB7471732D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3484994-4650-407B-BDB6-6C37224DCD1D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C78620DD-48B6-4215-A276-2E9FCEC7ECA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{68EDC9F1-9831-421F-8B35-7BE1CB85F119}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{82E7C6C0-0743-4448-8B29-D2DAC22FF3AB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{25E8B6C0-EA11-4C89-97FA-490B27A9E2DC}C:\program files (x86)\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [TCP Query User{18851DBA-55A5-4C26-8875-8FC0CFD877EC}C:\program files (x86)\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [{6DA8F215-75F3-45B8-AA03-FE3AB93653BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dangerous Golf\Orlando.exe
FirewallRules: [{C1861CEE-05BA-48B1-B19F-75510888585E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dangerous Golf\Orlando.exe
FirewallRules: [{0D14FA9E-76D0-48D4-BCBA-8F002EC7AA21}] => (Allow) LPort=1900
FirewallRules: [{D52E2CF3-A019-4153-94F0-B9F91DCC64DD}] => (Allow) LPort=2869
FirewallRules: [{8213D336-9638-4039-8596-F7E259FF44DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E9F718C5-936C-4BE7-8FB4-9CE15F85C040}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Metal\Gunmetal.exe
FirewallRules: [{FDF3C601-53B0-44A1-9F40-1A70D010E9AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Metal\Gunmetal.exe
FirewallRules: [UDP Query User{51F37FCD-3C04-44FF-BC59-63BD2D265FE8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9B45C487-2908-489A-A49F-554D1BA95EFB}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{CBAC0DC4-0039-4578-A80C-CE3384E54943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [{A4831635-21FD-4377-9C18-8326122399A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [{119E24CE-9E4E-445B-AE06-8F93E33D64FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{BABF32BF-F7B2-40D1-B93F-89791DA8D978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{B2BE7C6F-9CF0-43F4-9220-51301561658F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [{3C413703-C744-41A4-AFD5-C37CC4181C7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE
FirewallRules: [{EFE00547-6280-4F9B-8D1E-CB050879751C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{53057EF8-78A7-4BAD-B7CB-BCC0E6D975B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{6E3E0CA6-E857-41B3-89B8-BE6874EFB42E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realms of the Haunting\DOSBOX\DOSBox.exe
FirewallRules: [{90A9C23C-0446-4DCC-8907-341A99FC0F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realms of the Haunting\DOSBOX\DOSBox.exe
FirewallRules: [{7A578E51-C9D4-4180-ADD5-A1F676E2EEC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{64A3B249-7EB7-4A31-AC82-BCFA73EA0407}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{BE00255E-0C67-4101-82DD-AC2C29F05D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{CF98BDCD-2443-4686-8BF6-5A9137D278FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{8732FF54-D030-4689-BE72-779FA41D2851}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A505AF2D-E1B4-4DE5-8841-EFCC6DE0BC14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{F3842737-F549-4AC0-A0B3-75A6306FBAA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{1DC747FC-12A0-44CD-AF40-9C38126D092C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{CA596586-5FA7-4EE0-8063-83D10C20F258}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{DE69EF5E-97F8-424D-B68B-410BBE42F15D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{4E162E87-77FD-4BB2-9725-57F754213F8B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7CB581E8-0970-47A2-87CE-6E9147A25334}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{711EA1F0-0597-4F3A-AFD4-D4576D486C7E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{67BE6C5C-88C2-40F4-9795-2B7817D64DBC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{87B5A817-885B-441D-B8DE-D1672CBB71D0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{40E09416-C7DB-414D-8F39-3BA19B9BD78D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{20FA99DF-D70C-4809-886C-E979CFB18AC2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{393F682D-0B70-4477-92E9-679A2219C8E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAE7C748-E494-4649-B26D-15BC2FA470F9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5C35DCF5-92B3-4A4D-B2B7-009DDACE569D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AB7B813-3042-4D42-B72C-1570A9FAA825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{1145D2D8-75AD-4524-A664-1AAA38ACA693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [TCP Query User{74095241-C874-49DC-937C-2BC304893E45}C:\users\ean\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ean\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{61D1093B-1C33-46B2-8091-2EB74C6A1EBB}C:\users\ean\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ean\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0174AFD2-5428-456F-B9F4-985773CBDAB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Demo\sw.exe
FirewallRules: [{12EE76F0-C05E-4833-8F0F-B1C0A4D99A5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Demo\sw.exe
FirewallRules: [TCP Query User{ADFCA713-4007-4472-B00C-F8CF3D9708EA}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{A4F23FC3-F2DB-4610-8F16-778B618B4AB7}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{6EE54966-58CA-43DC-8D65-64C389E30E0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bound By Flame\BoundByFlame.exe
FirewallRules: [{0232939E-7197-4D39-80C3-B0BA7508BA61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bound By Flame\BoundByFlame.exe
FirewallRules: [{C22D066E-0ADC-46A8-BB7D-F4A8ED1B0A4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{186DFDCE-1E04-49AF-8CA6-8071365BB127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{7F0B27CB-0094-4EB0-B97E-25D7EA656F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GooCubelets\GooCubelets.exe
FirewallRules: [{918A44BC-557A-4B4D-99D6-AA2BECB5F72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GooCubelets\GooCubelets.exe
FirewallRules: [{A0630562-35F1-4134-8783-6BA8C20A344F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Music Machine\The Music Machine.exe
FirewallRules: [{21E6F6A2-E67F-4D11-807C-9C594B1D1B82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Music Machine\The Music Machine.exe
FirewallRules: [{15156BA1-696A-45A4-8D01-43F26DCA0D4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{E11CF1C7-2F6E-4B7E-BEE1-E60BB179BE37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{24D6F4FB-138D-4860-82D5-6A75F735813C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{CA301EB0-B05F-4912-A2C5-0B29BEA310CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{F8018776-6B8E-4EE5-9B1F-665E929319CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{EC2483A3-8CDF-4207-89D3-AD12119344D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{990AA1D5-7FFC-4094-A6F5-D4D5D078B7AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{15AFD4F9-FD54-48BF-A3E6-ABA627351DD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8A972C91-2E6D-4F7D-A280-A7764F839249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blades of Time\bladesoftime.exe
FirewallRules: [{27A1ED05-CA0A-44FA-8188-009D8E90231E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blades of Time\bladesoftime.exe
FirewallRules: [{464EA84E-4141-4B9E-B895-28C28B4414A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon2\CARMA2_HW.EXE
FirewallRules: [{4811ABB5-A85A-4B59-984E-5D0422E4B854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon2\CARMA2_HW.EXE
FirewallRules: [{CC2EB742-FF11-40C9-B223-1D2DB7E969C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knee Deep\Knee Deep.exe
FirewallRules: [{BE536F1A-A101-4362-AEB1-00F0491AA77A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knee Deep\Knee Deep.exe
FirewallRules: [{97322F46-64E5-40F7-824A-5FE7AC7471FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS1EE\sshock.exe
FirewallRules: [{62CF8A81-B9D0-4191-8166-7315A4CE3184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SS1EE\sshock.exe
FirewallRules: [{3B0C457F-A8F9-4061-8053-B77B4ACF9095}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{9795A723-4F7D-41F2-A1B9-42D95C87845D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{75CF4D41-3F51-4BB7-9348-F6B01EC459DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24A987FB-12BF-4B69-87F5-3AFB6B52C356}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B163F17-5D16-468E-990A-D3BB226F482A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{31830528-D452-4941-9722-4A508739C5F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{90CDF77F-B9AF-4ECE-9C69-4B7799B2349A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{3C2ADFFA-49CD-4FC3-80B6-2B6846BBFA0D}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{9CA1E641-7236-4591-A63E-C8F0E6D13ED6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Velvet Assassin\Launcher.exe
FirewallRules: [{BFEAFA26-4F16-4872-A343-6FA19B663F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Velvet Assassin\Launcher.exe
FirewallRules: [{D448FFE2-A976-47FC-B8D6-53EE56400E8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{C3BA9967-8B74-4281-BD2E-608EAA494695}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{25D1F2ED-5F35-4C88-88E1-0AA08B345999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe
FirewallRules: [{C241AA53-A2D8-4A2E-A9CF-D6F5CA32ED66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe
FirewallRules: [{E1C61961-5271-4F16-9A1E-FB2F1802AA6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9C53B285-DD0B-4290-8A19-9D4BAFBE7D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A44042C3-E23D-4EA4-97D1-ACEDCAE80637}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pongo\Pongo.exe
FirewallRules: [{B434018A-2D1C-44FB-9E4B-413EAB6191DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pongo\Pongo.exe
FirewallRules: [{84AF00E8-B75F-4546-BCB5-15AAA96A0D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{CA6A5341-056A-4766-9241-FEF61A81A9C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{C3DFF3D3-8976-46A7-9932-B5FECD27C13D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{7B8AF2AD-0D93-4183-B6EA-28F54774792D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [TCP Query User{04DC7302-B5B9-43EA-ADE1-E9D6AC0BF79D}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{F9720A87-19F6-4114-8FEB-34A73213FE3F}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{D0EE4E2A-A3FD-4779-8955-4105365D6C2A}C:\users\ean\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ean\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{79DA4ACC-F0BA-4102-AF3D-749E79314CB2}C:\users\ean\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ean\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6D0341A3-7658-4EF1-88D8-E12ABACCBE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1161D49E-B47F-4759-852D-E6416E179B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{A4F1B17E-547F-40E6-9ED8-1AABABA533B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GT Legends\sudo.exe
FirewallRules: [{C52A2226-5D98-46C6-BCD5-BBD353FCB717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GT Legends\sudo.exe
FirewallRules: [{769521F4-A659-4CC2-B53D-4A93D336A62C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{99380C47-6EBF-4C7F-89F6-7817903ED61E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The7thGuest\ScummVM_Windows\scummvm.exe
FirewallRules: [{4C6B0D08-FE20-4813-B93F-EDDC0E016C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Troma\TROMA.exe
FirewallRules: [{5BDCE707-AD4E-4DD4-813A-FA91BB26085B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Troma\TROMA.exe
FirewallRules: [{1CC320F6-BD0E-4771-B6DD-DB39BEB290D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Troma\BonerMaterial\START.exe
FirewallRules: [{B1E79302-5A1E-494C-92F6-C8ABE3C1AEB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Troma\BonerMaterial\START.exe
FirewallRules: [{CC9B9E5E-83DF-45BE-B9C5-1F7224B8544F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{EFD4E2D6-1DF1-4B9B-B7A3-55CEB987ED7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strider\Strider.exe
FirewallRules: [{08001F92-F5A8-496F-A930-DF49439C2F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{5CA20843-9D0B-4ED9-AF7B-6154EA5C287B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic Commando Rearmed\bcr.exe
FirewallRules: [{A08C6593-00ED-4F22-95F1-5AF5C25C588D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe
FirewallRules: [{86959D77-C76C-4F78-8389-158D226823D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Batman 2\LEGOBatman2.exe
FirewallRules: [{37496D76-6637-480A-9E1A-4AF4E6B67C98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BadMojo\launcher.exe
FirewallRules: [{73BADEF6-B219-445C-B309-DCF7AA36576C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BadMojo\launcher.exe
FirewallRules: [{A2FD70F6-63CA-4018-9E81-5B0381A7A638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{70CBC8BC-5184-41C7-A92D-F8C43572D104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\dosbox.exe
FirewallRules: [{5BBB6F4B-976F-454E-924D-D434995B2563}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{C027BEB8-F05F-4690-B41C-D731F7B4F4F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harvester\dosbox_windows\daum\dosbox.exe
FirewallRules: [{955B2C98-A464-40DC-B132-0162BBBA3715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{74D993CE-3C24-49B8-8D8B-DF4426E8F256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The11thHour\v32win.exe
FirewallRules: [{7DACFF79-1799-4CF3-BC41-8575C04247C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\1953 - KGB Unleashed\Bin\Phobos.exe
FirewallRules: [{A2EB9237-DF01-497F-B18C-17C004DBBD06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\1953 - KGB Unleashed\Bin\Phobos.exe
FirewallRules: [{DEF09F88-49BA-4157-B534-C160BB160338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Batman\LEGOBatman.exe
FirewallRules: [{750EDBD6-A075-4AB7-B349-15F9588B3B30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Batman\LEGOBatman.exe
FirewallRules: [{90A17BD7-0614-4ABE-9998-59A5E341B8EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Marvel Super Heroes\LEGOMARVEL.exe
FirewallRules: [{8D778D39-82E9-4A43-BD53-FB3543029EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Marvel Super Heroes\LEGOMARVEL.exe
FirewallRules: [{0526C4E8-BD72-4A39-BC72-93A46BB19E13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{D562B88F-05F4-4F0B-B7E8-B04581D3F62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{A79D345C-3573-4D62-AB01-8D1A8234121C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Harry Potter\LEGOHarryPotter.exe
FirewallRules: [{119C6BA0-90EE-494A-BA54-12EA53689C22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Harry Potter\LEGOHarryPotter.exe
FirewallRules: [{5F8E31DA-2976-4FA6-B31C-7C2BAB6E6A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{F5BF73FB-B81E-481F-9BD9-F6CF268779BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{9F0AAD80-F9B6-4243-A20B-DF86299CD7EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{818B7478-2C0C-45D2-9105-6BB6E93BF70D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{9A5C6C67-9E07-42CA-A1AA-49CA47878AE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{6D52850E-0F68-474E-859D-6748737CCBB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{FFC73A51-5726-4386-8B26-7FF858A28013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{B780EF1F-3849-481D-A5FA-BFBB20A2ACD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{F49348FF-CC9B-4193-AE8B-2D9A45C8253D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{11295C06-DC6A-410C-B08E-1161DA099A1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{7A6C81D8-0A75-42BE-898B-DC030B078A22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrowHome\GrowHome.exe
FirewallRules: [{A54CFA79-08F8-4690-8A2E-8D0A9F0ABDAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrowHome\GrowHome.exe
FirewallRules: [{E2A06C4C-18FA-4F57-8875-7BE4C81FC7B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toy Soldiers Complete\Game.exe
FirewallRules: [{02EA66F4-30C0-4097-9B94-E07B86AC37E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toy Soldiers Complete\Game.exe
FirewallRules: [{D4DBABFF-4CDA-4206-A457-9E777CC9340B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{0BB039B5-3671-4B78-93E6-DFFE905394E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{21B9DEC3-1FF2-4808-91D8-E04D795039B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{175D9B6E-3B2E-4D61-BF14-4A8C292B4757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{142D1B0C-9026-4BE6-AAA0-C0893D849A99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\2WSG.exe
FirewallRules: [{46C5D3CE-767D-40FF-BDB0-B6FF3A4FDF45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds - Epic Edition\2WSG.exe
FirewallRules: [{0B2496D1-1A85-4C9D-B1F9-C0C95BD62576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BallisticNG\BallisticNG.exe
FirewallRules: [{F22C653B-9F77-4914-ADE5-501A820757F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BallisticNG\BallisticNG.exe
FirewallRules: [{D17CD3E7-3545-4521-BEE8-AB1B41016A15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{83F9E13D-3AF8-461F-AB89-ACBED3A49664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B72C61D5-ECEF-4D9E-8F89-C76521907217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8E40AF97-C8F3-419C-9164-11EB9FF85EBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B6917FD4-5997-488C-B570-AFB94255156C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7AFDB271-49C9-4211-AF14-A4FBBC3A02DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0C3AA039-3D0B-4FF2-91A1-5E299919A6EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{ECE7B494-D172-4C03-ABE9-59779D2D655C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{16621DE5-0216-4982-B618-74CA1B56D5D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E2BFDC92-4D17-4AFD-8920-54294F7219BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{ECECE84F-EFBC-4933-968F-098FB05F8DE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{71CFB7DD-5CBB-4881-8534-8C7E5A048C85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E34CA1A9-D860-48E9-B6A0-464AD5757659}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{ED5A71D8-E246-4276-B536-F6E962BA54DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{DD344172-E439-4D23-92C5-4320598C6A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{65009601-5B50-463A-8BCA-5957A68BAF2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{FA87CB68-D4BA-4E06-BB42-CCBAC4A94B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{22A3AB54-AF2C-442E-9873-6962734A6124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{FF9C9097-0DD0-44AA-BEF3-D5A0FEE8D0D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balls of Steel\Balls of Steel\bos.exe
FirewallRules: [{44D8F661-70D4-4014-8D38-DC2A40F9CE25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Balls of Steel\Balls of Steel\bos.exe
FirewallRules: [{16FEF8B8-9E43-4BE7-9E8A-5D175EFE75EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon TDR 2000\TDR2000.exe
FirewallRules: [{B1A721D8-92FB-4E66-9C8F-8C7FDBD37F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon TDR 2000\TDR2000.exe
FirewallRules: [{AF9D3EEB-C4D7-4889-8763-6CF148FFE7C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS_Demo\bin\DemoCastlevaniaLoSUE.exe
FirewallRules: [{577836FF-C4F7-47D0-ADA2-C91755011029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS_Demo\bin\DemoCastlevaniaLoSUE.exe
FirewallRules: [{22DE7CAC-A5C0-46B3-87E2-8C6ECC26C10D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{4C49EFF9-AB59-4D29-BEF0-424025AB8B23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{4A9E9D5C-FD76-46DD-AAEE-0C5B2C2C98CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Daikatana\daikatana.exe
FirewallRules: [{E862EF38-6C92-4F5A-804D-320BA0B54667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Daikatana\daikatana.exe
FirewallRules: [{BB6FD015-3898-42DA-B197-778F8EC5855B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Codename 47\Hitman.Exe
FirewallRules: [{5A0F67A2-26C0-4306-B6DF-C5E35E80AF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Codename 47\Hitman.Exe
FirewallRules: [{825DC86E-8CFD-4C12-BAB6-1B4835624AA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Codename 47\Setup.exe
FirewallRules: [{9F01C369-9D9E-4DC8-A89A-2F88C1514AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Codename 47\Setup.exe
FirewallRules: [{284DB7C1-D347-41E3-A91A-FADE9640A237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{6DB8A170-26E6-4261-8DC8-8FBCF73FB8BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{8B85674F-E6B1-44EF-82AD-4B4CF3C17E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{27EA0D9D-9DB2-4765-B46A-EED33B4E8691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{974DB2CD-D0C6-4A14-BA10-AFBED3B5D79B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{21A9A3B3-8606-4152-B8AA-778D7889DD8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{CCBA8B17-A712-4C3A-9132-B74E4E30F52D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{31BC5A0A-19DC-4F53-9B5F-544C4429B16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{8E76C82C-A7EF-45E8-87C3-BB7712944DA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{91D9F5DB-5EB7-40D7-8135-A0BE18E246F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{1DEBFA14-FCE1-46AE-A163-BB2651385DE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{12997C21-41BA-497D-9479-8DF7825D61FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [TCP Query User{78D628DF-3601-4DE7-8155-005260FFD104}C:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe] => (Block) C:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe
FirewallRules: [UDP Query User{CE080921-2857-4A28-9FDA-79FB4F7739BE}C:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe] => (Block) C:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe
FirewallRules: [{34D10F04-A998-4D74-BCB5-DB8DB87F5A39}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{EA78984C-38FD-4BCC-B545-A04C2AE5F97D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{99384A2A-55AD-4B96-AFBF-2463ADBB1463}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{3135F4B6-E07A-4FFF-B42D-19443BBB960A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{10814841-0DE4-4409-95F7-1BF12A8AAD05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{590D3D62-2DA4-49C0-9A91-39CB5553BCF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{67D6170C-5458-490B-9092-A9B6D617A633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{CDF34869-7B41-445A-9A69-A66BF044692E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{5440895B-7AA2-4B01-A41C-63E4F88B5FE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{5336198F-582B-470C-B547-299815AAF002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{BFB4EDEF-60E3-4F6D-9A3D-4189D2196739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{360D3B30-1C8F-4551-AD8F-4E8A21255E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{186A1626-5669-4ED8-8F40-E914BD35DDF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{19B23037-2139-4A97-8B38-14DF1D7DDA24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{3ADE060E-C527-468A-9779-28939DC85B67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\soniccd.exe
FirewallRules: [{2AEA2C30-DF73-476B-B5C8-F2BE5D1C8217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\soniccd.exe
FirewallRules: [{9FF40D4A-F4F7-42E7-9705-A935310F214A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\setup.exe
FirewallRules: [{840E896C-3FCC-4B68-809C-387EDA5FB6D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\setup.exe
FirewallRules: [{74FA7ED8-AD1D-4985-8B41-AFD14E90FECD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadEffect\DeadEffect.exe
FirewallRules: [{A4E3CC70-618C-4F39-B4E0-AE024183CB3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadEffect\DeadEffect.exe
FirewallRules: [{FB3E96EF-CAB7-48D3-A7E8-4534E1A95249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force\fforce.exe
FirewallRules: [{1667E0B9-A4EA-4091-A3B6-600055A3BF3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freedom Force\fforce.exe
FirewallRules: [{A984622B-26AC-4FA0-95BB-9E6CD2613861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{8C3DD156-0DE8-4DFF-A89C-F3DA66EA6078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battleborn\Binaries\Win64\Battleborn.exe
FirewallRules: [{C8406D8D-B657-4FDF-A587-20586770522E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2048EBCB-73D0-44DC-8BC3-7826B32130A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{61C1A670-5F81-46FA-A0DC-5FC4F185AE2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58665A1F-7205-41DA-85E8-7512FB366636}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{17107D25-16CE-4028-A25A-F837BB44D5A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [{28AF9C48-21CA-4430-BE5C-A19223B9A002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6 Benchmark Tool\RE6.exe
FirewallRules: [{BE2D121C-1388-4329-B27C-285DD5CB0077}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{51D97F41-2A57-4B5F-942F-2D8FD86764B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{0B5D5060-0A0F-4143-84D7-DA5AF1ECC900}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{2E1D0040-B1BD-4040-A00B-E4EDF098F8E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{3EF8A064-BFEF-49E6-B120-819133503A40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tony Hawk's Pro Skater HD\Binaries\Win32\THHDGame.exe
FirewallRules: [{50F7E129-B16B-44F3-B111-3008C488614C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tony Hawk's Pro Skater HD\Binaries\Win32\THHDGame.exe
FirewallRules: [{16381E90-5931-4A42-A479-2F40903EE4CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
FirewallRules: [{261B8566-67D1-477D-90A7-3C6BD43A6631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroesOmega.exe
FirewallRules: [{8D476D3A-68D2-4C9F-98CD-B9CD33087ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{8EFCB31E-415B-4D1B-A2A9-F71D30E67382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{BB228F68-C4AF-4F96-A1E3-E5A43F34AD3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{3612BDAB-2AB7-49CD-9A53-663DD042540E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{1484627B-284E-4B5C-A25E-F514F2043D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Complex Remastered\Binaries\Win32\ShadowComplex-Win32.exe
FirewallRules: [{1A4FDC96-3D98-4FF7-87DB-93E31B8AB776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Complex Remastered\Binaries\Win32\ShadowComplex-Win32.exe
FirewallRules: [{0ECE604D-E39E-4A5C-8E5D-1E73647CC586}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Another World\anowor.exe
FirewallRules: [{014EDBFC-F821-4043-8905-BF90B1DD7924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Another World\anowor.exe
FirewallRules: [{8D483AF6-E60C-4A46-A105-2DC0C081C952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Curse The Eye of Isis\RunCurse.exe
FirewallRules: [{6010AA2D-BBE5-4AE3-B6C9-9857B9F8E47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Curse The Eye of Isis\RunCurse.exe
FirewallRules: [{566A4E37-8F5F-4D34-BC10-7ED3BE02574C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clive Barker's Jericho\bin\Jericho.exe
FirewallRules: [{90102B46-914B-4AD3-AA9B-DFCC1CE6F9D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clive Barker's Jericho\bin\Jericho.exe
FirewallRules: [{3AAE74AD-C906-4A29-8050-E76C5A027A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{98BBD3FD-B805-41C5-A717-C2E828462E87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{AE905D44-159D-46C4-B5AA-7613563B4655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{5D33EAB6-1903-4D92-94DD-4E86728BCDFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{A5866928-0851-4BBE-B1C4-F128B0093BA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the_deadly_tower_of_monsters\Binaries\Win32\TS.exe
FirewallRules: [{203B822A-65F7-4C74-BAAA-7D9D41714F2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the_deadly_tower_of_monsters\Binaries\Win32\TS.exe
FirewallRules: [{07A4EBEB-78BA-4133-B5C0-1F590062A916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{6E32E1D6-8C85-4876-99D2-323E0D4CD66E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{3B6CBD53-9AB5-46B1-83E0-5FBE115F4FC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{1CF6677E-D7F6-4D5D-81B6-C29F5ABF9580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{7C640F30-E80A-41A0-8F3F-4A31BD85A568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TW2SG.exe
FirewallRules: [{34D92C6B-726C-4789-AA55-8EBA5AB44BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TW2SG.exe
FirewallRules: [{0852D614-E1A5-498B-AA73-2F6AF8150019}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TW2POTFFSG.exe
FirewallRules: [{3A815A2C-8D0C-4EFF-B52C-B254F93AC579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TW2POTFFSG.exe
FirewallRules: [{415E5E6A-DA7F-461D-B6D5-966131EB370F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{6A3B8EF3-D8C3-4A3F-9DFD-94644ECF1230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{323B8C50-6685-41E1-957A-AC399DD8E83D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucius\Lucius.exe
FirewallRules: [{1D420C34-BF4B-4BC8-8935-4A9847D0EFD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucius\Lucius.exe
FirewallRules: [{2D820555-48AE-44AF-A0D4-13ABCEBFFD0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{8131D00B-99ED-440C-A1F6-1AFEA2FE278B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldritch\Eldritch.exe
FirewallRules: [{4F550E7D-D082-48AC-B790-5BA2BBA46ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{1C27BA88-36F4-478F-BB60-442F1414989A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{74363F7F-5276-41F2-A448-A7A7797F7D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{8BDF5EED-BEDD-408A-A63A-CF8A14BB7BA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{527D5EA8-9169-4328-9FE2-6737E20E6FCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{61D01F10-29EF-42FD-9540-D39F5A4D14B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{21B65F95-C231-45FE-A200-AE40B2318268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon1\DOSBOX\dosbox.exe
FirewallRules: [{2B039F59-3073-4AFA-B494-1FED221DBA00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon1\DOSBOX\dosbox.exe
FirewallRules: [{F54E1194-7862-43ED-9CDE-4FDD389C52E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon Max Damage\bin\Carmageddon_Max_Damage.exe
FirewallRules: [{6FAFAB50-5110-4642-98D9-5034106B02DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carmageddon Max Damage\bin\Carmageddon_Max_Damage.exe
FirewallRules: [{A9905AFC-D0AA-45AE-8BD0-137CFDAF5F6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreezeME\Freeze.exe
FirewallRules: [{00B398E0-75D1-43EC-B874-E19EFADD01E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreezeME\Freeze.exe
FirewallRules: [{C38E4E3D-3CFE-4F98-AE87-303377E5EE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheMonsterSlayer\distro\Garshasp.exe
FirewallRules: [{C7BBB95D-3250-4197-87F7-A56797C9DC88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheMonsterSlayer\distro\Garshasp.exe
FirewallRules: [{4940C24F-7CE9-4EA4-9149-DBB7144314F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheMonsterSlayer\distro\GarshaspConfig.exe
FirewallRules: [{57496AAC-E91C-4478-9C00-06AEDA856311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheMonsterSlayer\distro\GarshaspConfig.exe
FirewallRules: [{528BBEBF-C171-4D0B-99E6-2C377AE0BF10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe
FirewallRules: [{34AFC1A3-CCFA-406E-B209-32E260870B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe
FirewallRules: [{9814C6EC-865A-4A29-831B-B4790DB097E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ittle Dew\dew.exe
FirewallRules: [{05799428-B6A0-49AE-84D7-E78B043A786F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ittle Dew\dew.exe
FirewallRules: [{F7690B2C-85C6-48DB-B6BD-BFAAAB4F8BB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Malebolgia\palace.exe
FirewallRules: [{45B7EACC-16AB-46F4-994F-9F6D79B08280}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Malebolgia\palace.exe
FirewallRules: [{D4E1839D-FA59-4916-AC80-9407085BD3FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{8C149D4D-6D4F-460A-84D4-190B599BCC27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{D507E437-FB23-415B-AC42-E87EA06CAEE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty No. 9\Binaries\Win32\MN9Game.exe
FirewallRules: [{EB87691F-3B06-4793-A9B1-6A6F7DEB228E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mighty No. 9\Binaries\Win32\MN9Game.exe
FirewallRules: [{AC7B7DD6-7977-481A-A2D4-4789DE7AB55C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{95E27A63-D5A9-46DB-A671-2EDBE63AC6C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{A039BCB8-5510-4A8F-8B25-092C5699F885}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{72DB994B-2A65-474B-8B0D-565A3FC1959B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{EEB9FE0C-8A55-446C-9261-C00C78FB92D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xotic\Xotic.exe
FirewallRules: [{4C66684E-BA2F-44A2-BAF4-9BC6CEC9CE1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Xotic\Xotic.exe
FirewallRules: [{DD780E21-4477-4A72-BFB1-F8675CC60656}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-07-2017 04:11:39 Scheduled Checkpoint
07-08-2017 23:27:13 Scheduled Checkpoint
15-08-2017 00:22:31 Scheduled Checkpoint
22-08-2017 07:27:08 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (08/22/2017 02:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (08/22/2017 02:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/22/2017 07:28:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/22/2017 07:28:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ITHLBJ0)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/22/2017 07:17:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2017 07:17:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (08/22/2017 07:16:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/22/2017 07:15:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2017 07:15:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/22/2017 07:15:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Wizard Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/22/2017 07:15:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Xperia Companion Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-08-22 14:56:58.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 14:56:58.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 14:53:44.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 14:53:44.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 12:20:35.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 12:20:35.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 12:20:35.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 12:20:35.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 12:20:35.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-22 12:20:35.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\6527ee56ee911144daa6fb882d68eb06\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.15063.332_none_d3d416dc8d9a5f18\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8191.18 MB
Available physical RAM: 5522.52 MB
Total Virtual: 9471.18 MB
Available Virtual: 6718.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.07 GB) (Free:77.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive i: (BATMANAA) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BDE98DA)
Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 AM

Posted 24 August 2017 - 12:11 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\artur.dubovoy@gmail.com [2017-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Please let me know what problem persists with this computer.

#3 TLSOG

TLSOG
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 25 August 2017 - 01:38 AM

Thanks so much for the help, I ran the fix and reset my browsers. So far so good, but since first posting this thread, I found that the pop-up sometimes wouldn't open upon startup, so I can't say for certain just yet that they're gone forever. Either way, I really appreciate the help, and can't thank you enough for the service you provide here.

 

Here's the requested log file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ean (24-08-2017 22:07:43) Run:1
Running from C:\Users\Ean\Desktop
Loaded Profiles: Ean (Available Profiles: Ean)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\artur.dubovoy@gmail.com [2017-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]


End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\Ean\AppData\Roaming\Mozilla\Firefox\Profiles\6f8vu3ns.default\Extensions\artur.dubovoy@gmail.com => moved successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Ean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 176769158 B
Java, Flash, Steam htmlcache => 850278073 B
Windows/system/drivers => 3877926 B
Edge => 5498867 B
Chrome => 961431523 B
Firefox => 381461267 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 718010 B
Ean => 310951578 B

RecycleBin => 4579 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:13:06 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 AM

Posted 25 August 2017 - 07:45 AM

I will keep this topic open for 6 days. If the problem returns let me know.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users