Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search result from google to search60.com


  • This topic is locked This topic is locked
21 replies to this topic

#1 John123456789

John123456789

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 November 2017 - 04:25 PM

Here are my logs!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017
Ran by JohnTheMan (administrator) on LAPTOP-PQNOO4BN (01-11-2017 13:58:50)
Running from C:\Users\JohnTheMan\Downloads
Loaded Profiles: JohnTheMan (Available Profiles: JohnTheMan)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(TOSHIBA CORPORATION) C:\Windows\System32\niaokbpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(hxxp://www.ruby-lang.org/) C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\bin\rubyw.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
() C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(hxxp://www.ruby-lang.org/) C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\wmi64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\IntelCpHeciSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
() C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16482040 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-09-22] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [562544 2016-05-10] ()
HKLM-x32\...\Run: [Intel® RealSense™ SDK info server] => C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe [21144 2015-07-16] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7377936 2016-05-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2016-10-18] (The NWJS Community)
Startup: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\killDota2.ahk.lnk [2016-06-09]
ShortcutTarget: killDota2.ahk.lnk -> C:\scripts\killDota2.ahk ()
Startup: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows-to-front.ahk.lnk [2016-06-09]
ShortcutTarget: windows-to-front.ahk.lnk -> C:\scripts\windows-to-front.ahk ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{1c09c734-7f32-43a2-aa66-a4336392d4ae}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{4de81d2e-c90e-4851-a670-ecec1b26baaf}: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{6c21bbdf-eb30-423c-8996-f06f1f40bddb}: [NameServer] 209.222.18.222,209.222.18.218
Tcpip\..\Interfaces\{6c21bbdf-eb30-423c-8996-f06f1f40bddb}: [DhcpNameServer] 75.75.75.75 75.75.76.76 8.8.8.8
Tcpip\..\Interfaces\{e92fbaba-44bc-4eb7-8901-97f99fa55cff}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: 9nuquj8l.default
FF ProfilePath: C:\Users\JohnTheMan\AppData\Roaming\Mozilla\Firefox\Profiles\9nuquj8l.default [2017-10-30]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-06-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://apps.timesolv.com/App/NoPermission.aspx","hxxp://www.rightoninteractive.com/","hxxp://podcasts.joerogan.net/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Slides) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Google Play Music) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-16]
CHR Extension: (Sheets) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2017-07-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Google Hangouts) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-05]
CHR Extension: (User-Agent Switcher) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2017-09-23]
CHR Extension: (Kaspersky Protection) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Profile: C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-28]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1195840 2016-05-10] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-07-20] ()
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.17\remoting_host.exe [71512 2017-10-24] (Google Inc.)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-07-20] (ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-09-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\vssbridge64.exe [426416 2017-11-01] (AO Kaspersky Lab)
S2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\WINDOWS\SysWOW64\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RealSenseDCM; C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [3663512 2015-09-09] (Intel® Corporation)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-28] (TeamViewer GmbH)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe [39885824 2016-07-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S2 PCOptimize; "C:\Users\JohnTheMan\AppData\Local\Temp\PCOptimize\PCOptimize.exe" [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DisplayLink Corp.)
R3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DisplayLink Corp.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32344 2016-07-20] (ELAN Microelectronic Corp.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339800 2016-07-20] (Acronis International GmbH)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [122120 2015-09-17] (Intel Corporation)
R3 IntelDFUACPI; C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [36352 2015-09-09] (Intel® Corporation)
R3 IXCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDCM.sys [72704 2015-09-09] (Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70872 2017-10-14] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [89952 2017-10-14] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2017-11-01] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [594144 2017-11-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055448 2017-11-01] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-10-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-10-14] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-11-01] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-11-01] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-11-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-11-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-11-01] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93920 2016-12-20] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136176 2017-10-14] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199360 2017-10-14] (AO Kaspersky Lab)
R3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [20208 2016-08-17] (Primax Electronics Ltd.)
R3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [27912 2016-08-17] (Primax Electronics Ltd.)
R3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [20720 2016-08-17] (Primax Electronics Ltd.)
S3 Lycosa; C:\WINDOWS\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\bhtscpcrx64.sys [202776 2015-08-04] (BayHubTech/O2Micro )
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
R3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (TPMX Electronics Ltd.)
S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [35328 2015-12-17] (TPMX Electronics Ltd.)
S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-07-20] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-07-20] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-07-20] (Acronis International GmbH)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-06-09] (IDRIX)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-07-20] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-01 13:56 - 2017-11-01 13:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-11-01 13:55 - 2017-11-01 13:55 - 000252232 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-01 13:55 - 2017-11-01 13:55 - 000116560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\avnbeilo.sys
2017-11-01 13:54 - 2017-11-01 13:54 - 000000129 _____ C:\Users\JohnTheMan\Desktop\New Text Document.txt
2017-11-01 13:48 - 2017-11-01 13:59 - 000032076 _____ C:\Users\JohnTheMan\Downloads\FRST.txt
2017-11-01 13:48 - 2017-11-01 13:58 - 000000000 ____D C:\FRST
2017-11-01 13:47 - 2017-11-01 13:47 - 002403328 _____ (Farbar) C:\Users\JohnTheMan\Downloads\FRST64.exe
2017-11-01 12:27 - 2017-11-01 13:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-01 12:20 - 2017-11-01 12:20 - 000000000 ____D C:\WINDOWS\pss
2017-11-01 12:14 - 2017-11-01 12:14 - 071535032 _____ (Malwarebytes ) C:\Users\JohnTheMan\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-11-01 11:51 - 2017-11-01 11:51 - 000000000 ____D C:\KVRT_Data
2017-11-01 11:49 - 2017-11-01 11:49 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-11-01 11:48 - 2017-11-01 11:49 - 100264280 _____ (Kaspersky Lab ZAO) C:\Users\JohnTheMan\Downloads\KVRT.exe
2017-11-01 11:33 - 2017-11-01 11:33 - 000026952 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP140.SYS
2017-11-01 11:13 - 2017-11-01 12:29 - 000000000 ____D C:\AdwCleaner
2017-11-01 11:07 - 2017-11-01 11:07 - 008261584 _____ (Malwarebytes) C:\Users\JohnTheMan\Downloads\adwcleaner_7.0.4.0.exe
2017-11-01 11:07 - 2017-11-01 11:07 - 000251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-11-01 11:06 - 2017-11-01 11:06 - 000229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-11-01 11:06 - 2017-11-01 11:06 - 000173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-11-01 11:06 - 2017-11-01 11:06 - 000112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-11-01 11:06 - 2017-11-01 11:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-11-01 11:05 - 2017-11-01 11:06 - 000003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-11-01 11:05 - 2017-11-01 11:06 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-01 11:05 - 2017-11-01 11:05 - 000002163 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-11-01 11:05 - 2017-11-01 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-11-01 11:05 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-11-01 11:04 - 2017-11-01 13:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-01 11:04 - 2017-11-01 11:06 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-11-01 11:04 - 2017-11-01 11:04 - 001055448 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-11-01 11:04 - 2017-11-01 11:04 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-11-01 11:04 - 2017-11-01 11:04 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-11-01 11:04 - 2017-11-01 11:04 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2017-11-01 11:01 - 2017-11-01 11:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-11-01 10:57 - 2017-11-01 10:59 - 162135728 _____ (Kaspersky Lab) C:\Users\JohnTheMan\Downloads\kav18.0.0.405aben_es_fr_12609.exe
2017-10-31 07:27 - 2017-10-31 07:27 - 000038570 _____ C:\Users\JohnTheMan\Desktop\Q3-November-2017-Newsletter.txt
2017-10-30 15:34 - 2017-10-30 15:34 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4e10fa01c1a2d85e
2017-10-30 15:33 - 2017-10-30 15:33 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigne26e411a058121ac
2017-10-30 14:42 - 2017-10-30 14:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignca8a5bde601b5da5
2017-10-30 14:42 - 2017-10-30 14:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign0099c3ac6cf1f1f0
2017-10-30 12:23 - 2017-10-30 12:23 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4481b1401fbd4135
2017-10-30 12:17 - 2017-10-30 12:17 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4200e9d4d1009a23
2017-10-30 12:14 - 2017-10-30 12:14 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign93f993b901c5484a
2017-10-30 12:10 - 2017-10-30 12:10 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign956a58a3fe4d5a7d
2017-10-30 12:06 - 2017-10-30 12:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign53c87727f6b996d9
2017-10-30 12:02 - 2017-10-30 12:02 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignadb9a3204a7a0ed4
2017-10-30 11:53 - 2017-10-30 11:53 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign3e308e1eeea53e8b
2017-10-30 11:50 - 2017-10-30 11:50 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign1c659659525ac929
2017-10-30 09:28 - 2017-10-30 09:28 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignca3d2e1defc01019
2017-10-30 09:13 - 2017-10-30 09:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb9ffa5eb1e04e39c
2017-10-30 09:06 - 2017-10-30 09:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignfe3bb3d471521801
2017-10-30 09:06 - 2017-10-30 09:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign5595efe93ab1303b
2017-10-30 08:40 - 2017-10-30 08:40 - 002707334 _____ C:\Users\JohnTheMan\Downloads\FPL Talent Trends Updates Q3.pptx
2017-10-26 12:34 - 2017-10-26 12:34 - 000000000 _____ C:\Users\JohnTheMan\Desktop\Example Set Guide.txt
2017-10-25 09:14 - 2017-10-25 09:14 - 000114609 _____ C:\Users\JohnTheMan\Desktop\Helix Water District Online Reservations.pdf
2017-10-25 08:47 - 2017-10-25 08:47 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign9f256508d17e0ba0
2017-10-23 19:50 - 2017-10-23 19:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 19:50 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys.old
2017-10-23 19:48 - 2017-10-23 19:49 - 071535032 _____ (Malwarebytes ) C:\Users\JohnTheMan\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 19:39 - 2017-11-01 13:56 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\svdlahe
2017-10-23 19:39 - 2017-11-01 13:39 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\sebvkni
2017-10-23 19:29 - 2017-11-01 13:55 - 002843648 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\niaokbpsvc.exe
2017-10-23 19:29 - 2017-10-23 19:31 - 000000000 ____D C:\Program Files (x86)\PowerISO
2017-10-23 19:29 - 2017-10-23 19:30 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-10-23 19:29 - 2017-10-23 19:29 - 000140800 _____ C:\Users\JohnTheMan\AppData\Local\installer.dat
2017-10-23 19:29 - 2017-10-23 19:29 - 000001087 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-10-23 19:29 - 2017-10-23 19:29 - 000000000 ____D C:\WINDOWS\SysWOW64\cwmbadk
2017-10-23 19:29 - 2017-10-23 19:29 - 000000000 ____D C:\WINDOWS\system32\cwmbadk
2017-10-23 19:29 - 2017-10-23 19:29 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\et
2017-10-23 19:29 - 2017-10-23 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-10-23 19:29 - 2016-02-10 06:21 - 000137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2017-10-23 18:35 - 2017-10-23 18:35 - 000002027 _____ C:\Users\JohnTheMan\Downloads\auto_addfwrs.bat
2017-10-23 18:18 - 2017-10-23 18:18 - 000001229 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
2017-10-23 18:17 - 2017-10-23 18:31 - 000000000 ____D C:\ProgramData\FLEXnet
2017-10-23 18:17 - 2017-10-23 18:28 - 000000000 ____D C:\Program Files (x86)\Rosetta Stone
2017-10-23 18:17 - 2017-10-23 18:18 - 000000000 ____D C:\ProgramData\Rosetta Stone Backups
2017-10-23 18:17 - 2017-10-23 18:18 - 000000000 ____D C:\ProgramData\Rosetta Stone
2017-10-23 18:17 - 2017-10-23 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2017-10-23 18:17 - 2017-10-23 18:17 - 000000000 ____D C:\ProgramData\RosettaStoneLtdServices
2017-10-23 18:17 - 2017-10-23 18:17 - 000000000 ____D C:\Program Files (x86)\RosettaStoneLtdServices
2017-10-23 14:03 - 2017-10-23 14:03 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign96b7658c7cd4c844
2017-10-23 12:51 - 2017-10-23 12:51 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign88dba261d5113b10
2017-10-23 12:50 - 2017-10-23 12:50 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb36c8a6696e2e46d
2017-10-23 12:48 - 2017-10-23 12:48 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign12cb4eb47d95d6c0
2017-10-23 12:40 - 2017-10-23 12:41 - 191290607 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-B (1).psd
2017-10-23 12:36 - 2017-10-23 12:36 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb5cf7d5f9995f26f
2017-10-23 12:35 - 2017-10-23 12:35 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign1bccc85e7bc1b052
2017-10-23 12:27 - 2017-10-23 12:27 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4789d754d5e1ed37
2017-10-23 12:25 - 2017-10-23 12:25 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign3d20fb35be6bca95
2017-10-23 12:20 - 2017-10-23 12:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignf46864c0e396ecd9
2017-10-23 12:18 - 2017-10-23 12:18 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign62bb5051fa3641df
2017-10-23 12:18 - 2017-10-23 12:18 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign0484e6d4fb2cf171
2017-10-20 17:15 - 2017-10-20 17:15 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigncd06ec68cee8aab6
2017-10-20 17:11 - 2017-10-20 17:11 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignd2f5b51de26aace4
2017-10-20 17:07 - 2017-10-20 17:07 - 191291853 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-B.psd
2017-10-20 17:05 - 2017-10-20 17:05 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign633ec385ab29f93c
2017-10-20 16:59 - 2017-10-20 16:59 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigndf8ea8e16f946b34
2017-10-20 16:55 - 2017-10-20 16:55 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign880362fb82ceb5b7
2017-10-20 16:54 - 2017-10-20 16:54 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign6583806a5d9783f1
2017-10-20 16:54 - 2017-10-20 16:54 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign40ab61e547f6d0a7
2017-10-20 16:51 - 2017-10-20 16:51 - 192970686 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-A-Jason.psd
2017-10-20 15:15 - 2017-10-20 15:15 - 000115336 _____ (CU37R1) C:\WINDOWS\system32\Drivers\828c24e0837e48f0c3fedbb069ab7fa0.sys
2017-10-20 15:15 - 2017-10-20 15:15 - 000051617 _____ C:\WINDOWS\uninstaller.dat
2017-10-20 11:22 - 2017-10-20 11:22 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign15255133f9094268
2017-10-18 17:11 - 2017-10-18 17:11 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignbf4535a64fe63fdd
2017-10-18 17:09 - 2017-10-18 17:09 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign97cea0319ac4988c
2017-10-18 15:26 - 2017-10-18 15:26 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign5184a7990c271a7f
2017-10-18 14:11 - 2017-10-18 14:11 - 002829304 _____ C:\Users\JohnTheMan\Desktop\aquarium-trip.pdf
2017-10-14 20:38 - 2017-10-14 20:38 - 000199360 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-10-14 20:38 - 2017-10-14 20:38 - 000136176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2017-10-14 20:38 - 2017-10-14 20:38 - 000089952 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2017-10-14 20:38 - 2017-10-14 20:38 - 000070872 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2017-10-14 20:38 - 2017-10-14 20:38 - 000050672 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2017-10-12 12:10 - 2017-10-12 12:10 - 000005280 _____ C:\Users\JohnTheMan\Downloads\User-Export-by-Report.csv
2017-10-12 12:02 - 2017-10-12 12:11 - 000013950 _____ C:\Users\JohnTheMan\Downloads\Esko-tracking-9-27-2017-to-today.xlsx
2017-10-11 11:37 - 2017-10-11 11:37 - 000329715 _____ C:\Users\JohnTheMan\Downloads\Profiles_without_User_accts.xlsx
2017-10-10 11:16 - 2017-09-17 20:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-10 11:16 - 2017-09-17 20:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-10 11:16 - 2017-09-17 20:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-10 11:16 - 2017-09-17 20:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-10 11:16 - 2017-09-17 20:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 11:16 - 2017-09-17 20:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 11:16 - 2017-09-17 20:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 11:16 - 2017-09-17 20:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 11:16 - 2017-09-17 20:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 11:16 - 2017-09-17 20:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 11:16 - 2017-09-17 20:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 11:16 - 2017-09-17 20:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 11:16 - 2017-09-17 20:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 11:16 - 2017-09-17 20:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-10 11:16 - 2017-09-17 20:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 11:16 - 2017-09-17 20:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 11:16 - 2017-09-17 20:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 11:16 - 2017-09-17 20:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 11:16 - 2017-09-17 20:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 11:16 - 2017-09-17 20:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-10 11:16 - 2017-09-17 20:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-10 11:16 - 2017-09-17 20:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 11:16 - 2017-09-17 20:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-10 11:16 - 2017-09-17 20:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 11:16 - 2017-09-17 20:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 11:16 - 2017-09-17 19:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-10 11:16 - 2017-09-17 19:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-10 11:16 - 2017-09-17 19:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 11:16 - 2017-09-17 19:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 11:16 - 2017-09-17 19:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 11:16 - 2017-09-17 19:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 11:16 - 2017-09-17 19:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 11:16 - 2017-09-17 19:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 11:16 - 2017-09-17 19:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-10 11:16 - 2017-09-17 19:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-10 11:16 - 2017-09-17 19:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-10 11:16 - 2017-09-17 19:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 11:16 - 2017-09-17 19:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 11:16 - 2017-09-17 19:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 11:16 - 2017-09-17 19:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 11:16 - 2017-09-17 19:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 11:16 - 2017-09-17 19:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 11:16 - 2017-09-17 19:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-10 11:16 - 2017-09-17 19:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-10 11:16 - 2017-09-17 19:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 11:16 - 2017-09-17 19:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-10 11:16 - 2017-09-17 19:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-10 11:16 - 2017-09-17 19:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-10 11:16 - 2017-09-17 19:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-10 11:16 - 2017-09-17 19:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 11:16 - 2017-09-17 19:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 11:16 - 2017-09-17 19:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-10 11:16 - 2017-09-17 19:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-10 11:16 - 2017-09-17 19:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 11:16 - 2017-09-17 19:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-10 11:16 - 2017-09-17 19:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 11:16 - 2017-09-17 19:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-10 11:16 - 2017-09-17 19:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-10 11:16 - 2017-09-17 19:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 11:16 - 2017-09-17 19:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-10 11:16 - 2017-09-17 19:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-10 11:16 - 2017-09-17 19:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-10 11:16 - 2017-09-17 19:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-10 11:16 - 2017-09-17 19:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 11:16 - 2017-09-17 19:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-10 11:16 - 2017-09-17 19:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-10 11:16 - 2017-09-17 19:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-10 11:16 - 2017-09-17 19:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 11:16 - 2017-09-17 19:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 11:16 - 2017-09-17 19:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-10 11:16 - 2017-09-17 19:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 11:16 - 2017-09-17 19:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 11:16 - 2017-09-17 19:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-10 11:16 - 2017-09-17 19:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-10 11:16 - 2017-09-17 19:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-10 11:16 - 2017-09-17 19:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-10 11:16 - 2017-09-17 19:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-10 11:16 - 2017-09-17 19:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 11:16 - 2017-09-17 19:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-10 11:16 - 2017-09-17 19:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 11:16 - 2017-09-17 19:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 11:16 - 2017-09-17 19:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-10 11:16 - 2017-09-17 19:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-10 11:16 - 2017-09-17 19:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-10 11:16 - 2017-09-17 19:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 11:16 - 2017-09-17 19:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 11:16 - 2017-09-17 19:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-10 11:16 - 2017-09-17 19:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-10 11:16 - 2017-09-17 19:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 11:16 - 2017-09-17 19:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 11:16 - 2017-09-17 19:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 11:16 - 2017-09-17 19:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-10 11:16 - 2017-09-17 19:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 11:16 - 2017-09-17 19:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-10 11:16 - 2017-09-17 19:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-10 11:16 - 2017-09-17 19:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 11:16 - 2017-09-17 19:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-10 11:16 - 2017-09-17 19:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 11:16 - 2017-09-17 19:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 11:16 - 2017-09-17 19:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 11:16 - 2017-09-17 19:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-10 11:16 - 2017-09-17 19:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-10 11:16 - 2017-09-17 19:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-10 11:16 - 2017-09-17 19:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-10 11:16 - 2017-09-17 19:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-10 11:16 - 2017-09-17 19:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 11:16 - 2017-09-17 19:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-10 11:16 - 2017-09-17 19:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-10 11:16 - 2017-09-17 19:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 11:16 - 2017-09-17 19:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-10 11:16 - 2017-09-17 19:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-10 11:16 - 2017-09-17 19:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-10 11:16 - 2017-09-14 16:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-10 11:16 - 2017-09-14 16:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-10 11:16 - 2017-09-14 15:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-10 11:16 - 2017-09-14 15:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-10 11:16 - 2017-09-14 15:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-10 11:16 - 2017-09-14 15:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-10 11:16 - 2017-09-14 15:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-10 11:16 - 2017-09-14 15:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-10 11:16 - 2017-09-14 15:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-10 11:16 - 2017-09-14 15:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 11:16 - 2017-09-14 15:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 11:16 - 2017-09-14 15:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-10 11:16 - 2017-09-14 15:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 11:16 - 2017-09-14 15:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-10 11:16 - 2017-09-14 15:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-10 11:16 - 2017-09-14 15:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-10 11:16 - 2017-09-14 15:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-10 11:16 - 2017-09-14 15:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-10 11:16 - 2017-09-14 15:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-10 11:16 - 2017-09-14 15:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-10 11:16 - 2017-09-14 15:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-10 11:16 - 2017-09-14 15:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-10 11:16 - 2017-09-14 15:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-10 11:16 - 2017-09-14 15:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 11:16 - 2017-09-14 15:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-10 11:16 - 2017-09-14 15:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-10 11:16 - 2017-09-14 15:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-10 11:16 - 2017-09-14 15:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-10 11:16 - 2017-09-14 15:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-10 11:16 - 2017-09-14 15:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 11:16 - 2017-09-14 15:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-10 11:16 - 2017-09-14 15:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-10 11:16 - 2017-09-14 15:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 11:16 - 2017-09-13 19:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 11:16 - 2017-09-13 19:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 11:16 - 2017-09-13 19:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 11:16 - 2017-03-04 00:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-10 11:16 - 2017-03-03 23:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-10 11:16 - 2017-03-03 23:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-10 11:16 - 2017-03-03 23:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-10 11:16 - 2017-03-03 23:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-10 11:16 - 2017-03-03 23:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-10 11:16 - 2017-03-03 23:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-10 11:16 - 2017-03-03 23:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-10 11:16 - 2017-03-03 23:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-10 11:16 - 2017-03-03 23:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-10 11:16 - 2017-03-03 23:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-10 11:16 - 2017-03-03 23:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-10 11:16 - 2016-08-26 22:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-10 11:16 - 2016-08-05 21:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-10 11:16 - 2016-08-02 01:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-10 11:15 - 2017-09-17 19:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 11:15 - 2017-09-17 19:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-10 11:15 - 2017-09-17 19:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 11:15 - 2017-09-17 19:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-10 11:15 - 2017-09-17 19:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 11:15 - 2017-09-17 19:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-10 11:15 - 2017-09-17 19:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-10 11:15 - 2017-09-17 19:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-10 11:15 - 2017-09-17 19:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-10 11:15 - 2017-09-14 15:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-10 11:15 - 2017-09-14 15:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-10 11:15 - 2017-09-14 15:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-10 11:15 - 2017-09-14 15:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-09 10:42 - 2017-10-09 10:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignf360dda0c4fe3987
2017-10-09 10:41 - 2017-10-09 10:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigne9ae417f5c949dcf
2017-10-09 10:41 - 2017-10-09 10:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigncac2451a79163427
2017-10-09 10:41 - 2017-10-09 10:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignc7511beba46b77f1
2017-10-09 10:37 - 2017-10-09 10:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignc3b3b44caf77b39c
2017-10-09 10:37 - 2017-10-09 10:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign9f3cbbc829c11eef
2017-10-09 10:37 - 2017-10-09 10:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign99d4ebad1b2bc1d4
2017-10-09 10:37 - 2017-10-09 10:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign04a569dd9cb2aae5
2017-10-04 10:39 - 2017-10-04 10:39 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign52e5334c424abe3e
2017-10-04 10:22 - 2017-10-04 10:22 - 000094208 _____ C:\Users\JohnTheMan\Downloads\Webinar 2_Registrations_Live Viewers (1).xls
2017-10-04 10:11 - 2017-10-04 10:11 - 000094208 _____ C:\Users\JohnTheMan\Downloads\Webinar 2_Registrations_Live Viewers.xls
2017-10-04 03:13 - 2017-10-04 03:13 - 000000000 ____D C:\WINDOWS\Panther
2017-10-04 01:02 - 2017-10-04 01:02 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Icecream
2017-10-04 01:02 - 2017-10-04 01:02 - 000000000 ____D C:\Users\JohnTheMan\.Icecream Screen Recorder
2017-10-04 00:58 - 2017-10-23 19:54 - 000000000 ____D C:\Program Files (x86)\Icecream Screen Recorder
2017-10-04 00:58 - 2017-10-04 00:58 - 000001199 _____ C:\Users\Public\Desktop\Icecream Screen Recorder.lnk
2017-10-04 00:58 - 2017-10-04 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2017-10-03 23:42 - 2017-10-03 23:42 - 000347584 _____ (Big Nerd Software, LLC) C:\Users\JohnTheMan\Downloads\WebLaunchRecorder.exe
2017-10-03 17:02 - 2017-10-03 17:02 - 000194429 _____ C:\Users\JohnTheMan\Downloads\shipping_label_RMA01329684 (1).pdf
2017-10-03 17:01 - 2017-10-03 17:01 - 000194429 _____ C:\Users\JohnTheMan\Downloads\shipping_label_RMA01329684.pdf
2017-10-03 17:01 - 2017-10-03 17:01 - 000064009 _____ C:\Users\JohnTheMan\Downloads\rma_label_RMA01329684.pdf
2017-10-03 15:35 - 2017-10-03 15:35 - 000005974 _____ C:\Users\JohnTheMan\Downloads\war.for.the.planet.of.the.apes.(2017).eng.1cd.(7114486).zip
2017-10-02 16:01 - 2017-10-02 16:01 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2017-10-02 15:29 - 2017-08-21 17:13 - 000126584 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2017-10-02 15:26 - 2017-10-02 15:26 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\JetBrains
2017-10-02 15:26 - 2017-10-02 15:26 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Android
2017-10-02 15:26 - 2017-10-02 15:26 - 000000000 ____D C:\Users\JohnTheMan\.AndroidStudio2.3
2017-10-02 15:21 - 2017-10-02 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2017-10-02 15:18 - 2017-10-04 03:13 - 000000000 ____D C:\Android
2017-10-02 15:18 - 2017-10-03 11:33 - 000000000 ____D C:\Program Files\Android
2017-10-02 10:13 - 2017-10-02 10:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignea56c3c41238917a
2017-10-02 10:13 - 2017-10-02 10:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignc6e85240b2c1634c
2017-10-02 10:13 - 2017-10-02 10:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigna91a14e176b82e81
2017-10-02 10:13 - 2017-10-02 10:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign85e73a5f6c7576ed
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-01 13:56 - 2016-08-14 08:53 - 000002966 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-01 13:56 - 2016-06-10 10:25 - 000000306 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-11-01 13:56 - 2016-06-09 12:48 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-01 13:55 - 2016-08-14 08:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 13:55 - 2016-08-14 08:50 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-01 13:55 - 2016-07-15 23:04 - 023592960 _____ C:\WINDOWS\system32\config\HARDWARE
2017-11-01 13:55 - 2016-07-15 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-01 13:49 - 2016-07-16 04:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-01 13:36 - 2015-11-03 12:28 - 006470678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 13:30 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-01 13:30 - 2016-06-09 12:50 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-01 13:22 - 2016-08-14 08:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-01 11:19 - 2016-08-14 08:51 - 000000000 ____D C:\Users\JohnTheMan
2017-11-01 11:17 - 2016-07-16 04:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-01 11:04 - 2016-07-16 04:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-01 08:29 - 2016-06-09 13:15 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Adobe
2017-10-31 07:24 - 2016-06-09 12:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-31 07:22 - 2016-06-09 12:20 - 000000000 __SHD C:\Users\JohnTheMan\IntelGraphicsProfiles
2017-10-27 13:21 - 2017-09-29 10:03 - 000000000 ____D C:\Program Files\rempl
2017-10-25 20:57 - 2016-06-09 13:24 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\CrashDumps
2017-10-25 18:57 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-25 18:48 - 2016-12-16 11:20 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 18:48 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 18:48 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 15:43 - 2017-03-01 16:23 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-10-25 15:43 - 2017-03-01 16:23 - 000000000 ____D C:\ProgramData\Oracle
2017-10-25 15:43 - 2017-03-01 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-25 15:43 - 2017-03-01 16:23 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-25 08:39 - 2016-12-05 17:14 - 000000000 ____D C:\Users\JohnTheMan\Desktop\Prints
2017-10-25 08:39 - 2016-08-15 15:13 - 000000000 ____D C:\Users\JohnTheMan\Desktop\wordpress-plugins
2017-10-24 08:31 - 2017-03-07 10:16 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\brave
2017-10-24 07:42 - 2016-07-11 09:09 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\uTorrent
2017-10-24 07:02 - 2016-12-12 10:29 - 000292088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-23 19:35 - 2016-06-09 12:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Packages
2017-10-20 16:55 - 2016-06-09 13:42 - 000000000 ____D C:\Users\JohnTheMan\Documents\Adobe
2017-10-20 16:55 - 2016-06-09 12:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\Adobe
2017-10-20 15:11 - 2016-07-12 10:32 - 165195776 _____ C:\WINDOWS\TEMPdebug_kit.sqlite
2017-10-20 10:28 - 2016-06-23 10:23 - 000000000 ____D C:\WINDOWS\TEMPcache
2017-10-19 17:12 - 2017-02-22 17:10 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-10-17 12:42 - 2016-07-16 04:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 15:27 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 15:27 - 2016-07-16 04:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 15:27 - 2016-07-16 04:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 14:19 - 2015-11-03 12:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 14:17 - 2016-07-16 04:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-12 14:17 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-12 14:17 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-09 10:45 - 2017-08-15 14:20 - 000002353 _____ C:\Users\JohnTheMan\Desktop\SourceTree.lnk
2017-10-09 10:45 - 2017-03-07 10:16 - 000002275 _____ C:\Users\JohnTheMan\Desktop\Brave.lnk
2017-10-09 10:45 - 2017-03-01 16:24 - 000001149 _____ C:\Users\JohnTheMan\Desktop\Yawcam.lnk
2017-10-09 10:45 - 2016-07-19 16:54 - 000001112 _____ C:\Users\JohnTheMan\Desktop\Duplicate File Finder v1.5.2.55 Portable.exe.lnk
2017-10-09 10:45 - 2016-06-09 13:48 - 000001111 _____ C:\Users\JohnTheMan\Desktop\RocketDock.exe - Shortcut.lnk
2017-10-06 17:53 - 2016-12-19 14:03 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\ElevatedDiagnostics
2017-10-05 09:41 - 2016-06-10 11:08 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\vlc
2017-10-04 09:53 - 2016-06-24 10:33 - 000000600 _____ C:\Users\JohnTheMan\AppData\Local\PUTTY.RND
2017-10-04 00:49 - 2016-06-10 11:07 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-10-04 00:33 - 2017-07-06 10:58 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Screencast-O-Matic-v2
2017-10-04 00:27 - 2016-10-28 14:51 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-04 00:27 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-03 11:34 - 2016-06-13 10:43 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\FluxSoftware
2017-10-02 15:29 - 2016-08-14 08:49 - 000000000 ____D C:\Program Files\Intel
 
==================== Files in the root of some directories =======
 
2016-07-19 11:25 - 2016-07-19 11:25 - 001608575 ____R () C:\Program Files (x86)\Duplicate File Finder v1.5.2.55 Portable.exe
2017-06-15 09:15 - 2017-06-15 09:17 - 059779783 ____R (PopCapGames                                                 ) C:\Program Files (x86)\Plants vs Zombies[A4].exe
2017-01-09 11:46 - 2017-01-09 11:46 - 000000112 _____ () C:\Users\JohnTheMan\AppData\Roaming\JP2K CS6 Prefs
2016-06-22 12:13 - 2016-08-02 11:16 - 000001456 _____ () C:\Users\JohnTheMan\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-23 19:29 - 2017-10-23 19:29 - 000140800 _____ () C:\Users\JohnTheMan\AppData\Local\installer.dat
2016-06-24 10:33 - 2017-10-04 09:53 - 000000600 _____ () C:\Users\JohnTheMan\AppData\Local\PUTTY.RND
2016-07-25 16:59 - 2016-07-26 10:21 - 000000183 _____ () C:\Users\JohnTheMan\AppData\Local\uts.ini
2016-08-14 08:49 - 2016-08-14 08:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-26 08:57 - 2017-05-23 10:57 - 000000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-08-14 08:49 - 2016-08-14 08:49 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
2017-10-25 15:42 - 2017-10-25 15:42 - 001856576 _____ (Oracle Corporation) C:\Users\JohnTheMan\AppData\Local\Temp\jre-8u151-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-23 10:13
 
==================== End of FRST.txt ============================
 
 


BC AdBot (Login to Remove)

 


m

#2 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 November 2017 - 04:27 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by JohnTheMan (01-11-2017 13:59:31)
Running from C:\Users\JohnTheMan\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2016-08-14 15:55:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3927385549-1633303989-2725746871-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3927385549-1633303989-2725746871-503 - Limited - Disabled)
Guest (S-1-5-21-3927385549-1633303989-2725746871-501 - Limited - Disabled)
JohnTheMan (S-1-5-21-3927385549-1633303989-2725746871-1001 - Administrator - Enabled) => C:\Users\JohnTheMan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{43B5FB0A-9900-43B0-BD46-9E7F89C88A98}) (Version: 19.0.6571 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{43B5FB0A-9900-43B0-BD46-9E7F89C88A98}Visible) (Version: 19.0.6571 - Acronis)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Advanced PDF Password Recovery (HKLM-x32\...\{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Brave (HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\Brave) (Version: 0.17.16 - Brave Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{3F95FA39-23FC-4570-86B3-E2057F5F7C3E}) (Version: 63.0.3239.17 - Google Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
DisplayLink Core Software (HKLM\...\{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}) (Version: 7.9.1488.0 - DisplayLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.2.30 - Dolby Laboratories, Inc.)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Icecream Screen Recorder version 4.75 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.75 - Icecream Apps)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4271 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7830A022-4C4C-4776-B1BA-220D75FCB9D4}) (Version: 18.1.1538.2273 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (HKLM-x32\...\{42AE2BCF-5702-11E5-9F75-2C44FD873B55}) (Version: 2.2.0.48405 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (HKLM-x32\...\{D734DE91-2B81-11E5-91AA-2C44FD873B55}) (Version: 2.2.0.32425 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager Beta (x86): Intel® RealSense™ SDK info server (HKLM-x32\...\{D7357ACF-2B81-11E5-8EF9-2C44FD873B55}) (Version: 2.2.0.32425 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.32425) (Version: 1.4.27.32425 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.48405) (Version: 1.4.27.48405 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (HKLM-x32\...\{8885534F-2B82-11E5-B349-2C44FD873B55}) (Version: 1.4.27.32425 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (HKLM-x32\...\{E00FA15E-5702-11E5-859F-2C44FD873B55}) (Version: 1.4.27.48405 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{8885EF8F-2B82-11E5-BFED-2C44FD873B55}) (Version: 1.4.27.32425 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{E012125E-5702-11E5-BC9C-2C44FD873B55}) (Version: 1.4.27.48405 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KB4023057 (HKLM\...\{B977A833-7734-41A5-B820-1F23D81DC87B}) (Version: 2.6.0.0 - Microsoft Corporation)
Koala version 2.0.4 (HKLM-x32\...\{434536F5-D7D0-4558-B756-F5D65705068A}_is1) (Version: 2.0.4 - Ethan Lai)
Kodi (HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\Kodi) (Version:  - XBMC-Foundation)
Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.017.00 - Lenovo)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.73.5 - ELAN Microelectronic Corp.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{AFAB079C-C258-4308-AF8A-C541FE38D7DE}) (Version: 3.3.00.158 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{AFAB079C-C258-4308-AF8A-C541FE38D7DE}) (Version: 3.3.00.158 - O2Micro International LTD.)
OpenSSL 1.0.2L (64-bit) (HKLM\...\OpenSSL (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
Plants vs Zombies (HKLM\...\{1E4E9CEB-AF32-4C7C-BEFB-CB3EAC11FE38}_is1) (Version: 1.0.0.1051 - PopcapGames)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
PremiumSoft Navicat Premium 10.0 (HKLM-x32\...\PremiumSoft Navicat Premium_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7780 - Realtek Semiconductor Corp.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Screen Calipers (HKLM-x32\...\Screen Calipers) (Version: 4.0 - Iconico)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version:  - )
SourceTree (HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\SourceTree) (Version: 2.1.10 - Atlassian)
Stardock Start10 (HKLM-x32\...\Start10_is1) (Version: 1.11 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Wampserver64 3.0.6 (HKLM\...\{wampserver64}_is1) (Version: 3.0.6 - Dominique Ottello aka Otomatic)
Web Launch Recorder (HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
Yawcam 0.6.0 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.6.0 - Yawcam)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3927385549-1633303989-2725746871-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4A892F72EA34}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3927385549-1633303989-2725746871-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-01] (AO Kaspersky Lab)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll -> No File
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-03-18] (Acronis International GmbH)
ContextMenuHandlers1-x32: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-01] (AO Kaspersky Lab)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-01] (AO Kaspersky Lab)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll -> No File
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxDTCM.dll [2017-01-04] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\ShellEx.dll [2017-11-01] (AO Kaspersky Lab)
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-03-18] (Acronis International GmbH)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04193C25-20D7-4E32-B150-FA7B1BD90DBE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {2E3DFE7E-EC88-4E87-992C-76C633BE25DF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-11-01] (AO Kaspersky Lab)
Task: {4129B096-379D-4A7B-B7F8-9C57703D47DA} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
Task: {49462EBE-E01F-47F7-9E82-690FC7CF3B1D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {5D912467-2221-46BA-BAAA-8C43D1280D08} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-PQNOO4BN-JohnTheMan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {62051960-07FF-4790-8A93-22DC426A2F6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.)
Task: {74FCC9E7-4CBA-4FAF-AF4B-BFF13FAA6C10} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-18] ()
Task: {9751A441-190A-48D2-B147-767038001B58} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C6D238A1-A740-4D21-AB33-5617B6799EF0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {CB265431-300E-4CF6-9F98-5FB14F346484} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-10-23] ()
Task: {D888DFEA-F416-492E-B8AA-FCA7D283BA8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.)
Task: {EBDFB0BA-AC5D-4838-90A9-200880D2351B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {F6A0CB7D-7D65-4801-BC61-066838BEB982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 07:44 - 2017-09-06 23:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-10 15:51 - 2016-05-10 15:51 - 001195840 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-01-27 05:04 - 2016-01-27 05:04 - 000163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-07-20 09:03 - 2016-07-20 09:03 - 004463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-06-09 13:03 - 2016-06-14 18:14 - 000369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 000289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 003613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 001990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 002667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 001842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 000208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-14 08:50 - 2016-12-29 06:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 000035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-09 13:03 - 2016-06-14 18:14 - 000921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-06-09 12:57 - 2016-10-18 16:30 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2016-06-09 13:05 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2016-03-28 11:07 - 2016-03-28 11:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-15 12:49 - 2016-09-06 21:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 10:52 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 10:52 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 10:52 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 10:52 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-10 11:16 - 2017-09-17 19:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-10 11:16 - 2017-09-17 19:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-10-01 20:20 - 2017-10-01 20:20 - 000936960 _____ () C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe
2015-09-22 21:40 - 2015-09-22 21:40 - 000628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-05-10 15:39 - 2016-05-10 15:39 - 000562544 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2017-09-29 11:24 - 2017-09-29 11:24 - 001087488 _____ () C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe
2016-06-09 13:15 - 2016-03-26 18:17 - 001209344 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2016-05-10 16:23 - 2016-05-10 16:23 - 007377936 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2017-08-14 03:48 - 2017-08-14 03:48 - 034865232 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2016-06-09 12:57 - 2016-10-18 16:30 - 000693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-06-09 12:57 - 2016-10-18 16:30 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-06-09 12:57 - 2016-10-18 16:30 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-06-09 12:57 - 2016-10-18 16:30 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2016-04-16 12:56 - 2016-04-16 12:56 - 009698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-10-27 13:20 - 2017-10-27 13:20 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-11-01 11:04 - 2017-11-01 11:04 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\kpcengine.2.3.dll
2016-02-14 22:08 - 2016-06-14 18:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-09 12:51 - 2017-09-09 12:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-09 12:51 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-09 12:51 - 2017-10-30 20:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-09 12:51 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-09 12:51 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-09 12:51 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-09 12:51 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-09 12:51 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-09 12:51 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-09 12:51 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-09 12:51 - 2017-10-30 20:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-09 12:51 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-10 11:14 - 2016-08-10 11:14 - 040523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\JohnTheMan\AppData\Local\svdlahe\libcef.dll
2016-12-13 08:34 - 2017-08-16 15:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 07:32 - 2017-09-06 19:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-06-09 12:51 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-11-16 18:05 - 2015-11-16 18:05 - 000126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-05-10 15:37 - 2016-05-10 15:37 - 000333744 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-05-10 16:21 - 2016-05-10 16:21 - 020582752 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2016-05-10 15:35 - 2016-05-10 15:35 - 000037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-05-10 15:35 - 2016-05-10 15:35 - 000050096 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-04-16 12:45 - 2016-04-16 12:45 - 000248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-05-10 15:36 - 2016-05-10 15:36 - 000445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-05-10 15:31 - 2016-05-10 15:31 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2017-11-01 13:56 - 2017-11-01 13:56 - 000012800 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000009728 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000014848 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000094208 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\src\rgloader\rgloader193.mswin.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000009216 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000094208 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000126976 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000087552 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000016384 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000127316 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\bin\libffi-6.dll
2017-11-01 13:56 - 2017-11-01 13:56 - 000008704 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000013312 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000095744 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000026624 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocr9A2C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\JohnTheMan\AppData\Local\svdlahe\pepflashplayer.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-22 18:55 - 2017-06-22 18:55 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-06-22 18:56 - 2017-06-22 18:56 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-07-13 10:12 - 2017-07-13 10:12 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-06-22 18:56 - 2017-06-22 18:56 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-11-01 13:56 - 2017-11-01 13:56 - 000012800 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000009728 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000014848 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000094208 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\src\rgloader\rgloader193.mswin.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000094208 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000118784 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000069120 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000083968 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\bin\zlib1.dll
2017-11-01 13:56 - 2017-11-01 13:56 - 000026624 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000275968 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000015360 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000008192 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000009216 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000023552 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000008704 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000008704 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000008704 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000008704 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000036352 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000126976 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000087552 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000016384 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000127316 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\bin\libffi-6.dll
2017-11-01 13:56 - 2017-11-01 13:56 - 000013312 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000095744 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-11-01 13:56 - 2017-11-01 13:56 - 000026624 _____ () C:\Users\JohnTheMan\AppData\Local\Temp\ocrDAEE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-10-18 16:30 - 2016-10-18 16:30 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-10-18 16:30 - 2016-10-18 16:30 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-02-14 21:34 - 2015-02-12 17:02 - 000224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-08-03 12:06 - 2016-08-03 12:06 - 000204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2016-03-28 11:07 - 2016-03-28 11:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 00:24 - 2017-10-24 07:56 - 000004753 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 fe2.update.microsoft.com.akadns.net 
0.0.0.0 s0.2mdn.net 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 view.atdmt.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
 
There are 52 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\StartupApproved\Run: => "f.lux"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{4C3F3290-73C9-4BA6-ADEF-84BD8BEE5560}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [TCP Query User{F2CC1B70-D528-4A95-846E-BEBA0178CCAA}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [UDP Query User{A08DCD6F-5895-4FBE-8C02-DD77180C463B}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{FBEA5CE3-AAD1-40C2-9AA4-D9F0F38126BC}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{F7FB81AC-0C3D-4F59-A9A3-02482BCBAD0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{BE89EA75-7C12-4CF8-A5BE-CFD3C07AA86B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{AA765417-3DAE-4D1A-A3D7-58A39C891AAA}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll
FirewallRules: [{5D32D754-ADB4-4730-8930-FC12C43E6AA6}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
FirewallRules: [{17B337E8-ABA6-4071-B037-E73C1EE1D02F}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\sqldrivers\qsqlite.dll
FirewallRules: [{62C36485-20A0-42B8-828C-1C258DA5B786}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\platforms\qwindows.dll
FirewallRules: [{217E5488-8BB5-4848-A038-5D13157534B7}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qjpeg.dll
FirewallRules: [{7D1BAE6B-ACFD-413A-994B-B097571F4C6C}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qico.dll
FirewallRules: [{1657A3F6-797A-4820-8717-3CAFDDAB1CF4}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qgif.dll
FirewallRules: [{CB10B1C9-A07D-4D97-AD08-4B0AEDCF5233}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\versions_view.dll
FirewallRules: [{6A5B1DA0-85D1-4D1B-8426-D0ACE90CD016}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll
FirewallRules: [{1CD7BE6F-D674-4705-B3AD-A86B6E67EDC8}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
FirewallRules: [{01B7C275-A64E-49DD-B3E9-2458EB8D5059}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
FirewallRules: [{C15D9917-6398-456B-BCD1-B2BE237555D1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
FirewallRules: [{0ADC3ADF-A690-43AB-B466-AB648B8FAF6F}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
FirewallRules: [{C96CC284-EFFB-48C1-AD34-C77745E9B28E}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell32.dll
FirewallRules: [{715CC344-4895-4B5F-BACA-9A0920E97D08}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
FirewallRules: [{C61AA13D-542B-4038-99EE-72CEF497C541}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ssleay32.dll
FirewallRules: [{5082AC79-14C3-4A0E-82F7-8E6D35BDCBA7}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WinExtras.dll
FirewallRules: [{15F91174-2364-4117-9677-E5F3FA603A4D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Widgets.dll
FirewallRules: [{9E751E96-EA28-4343-B203-4198F9471267}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKitWidgets.dll
FirewallRules: [{32860275-C7C3-4C4A-BDB7-67605691D30D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKit.dll
FirewallRules: [{25406AF5-B499-415D-BD38-F0EB19663CAC}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Sql.dll
FirewallRules: [{F6AEBC62-EAC1-4B39-B26F-DFC2796EA836}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5PrintSupport.dll
FirewallRules: [{F9B46E1B-1855-4DE0-BEC5-32FBFC5FF21B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5OpenGL.dll
FirewallRules: [{3D59183B-DA67-4744-B8D7-2477E6EDE3F2}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Network.dll
FirewallRules: [{1A8D50A1-B1F3-4977-BA6E-372F2EBF385B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Gui.dll
FirewallRules: [{D30FFCCE-A392-4998-BA30-ABFE9843A890}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Core.dll
FirewallRules: [{6566C056-CC22-4867-AC9C-0EF1C4268356}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\opengl32sw.dll
FirewallRules: [{05B70401-C5D4-4CD5-8507-870FF4CEB0A9}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libssl-10.dll
FirewallRules: [{B706B624-B78A-4131-87E3-BEDA61769CA5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libGLESv2.dll
FirewallRules: [{F34845CB-BF56-4ACB-BCAD-1DE4B484990D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libEGL.dll
FirewallRules: [{7751A152-F6D7-4546-A967-5B06B1EFCDB4}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libeay32.dll
FirewallRules: [{0D9A046B-B26F-4459-A92C-E37529A959E1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libcrypto-10.dll
FirewallRules: [{B1037E09-F06B-4BCB-A8CB-1E4282FE6AB0}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
FirewallRules: [{9601A9D1-5D1B-4748-B5D7-3AC016441923}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
FirewallRules: [{E177BD3C-8CD2-4451-B27F-906B2574EC77}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
FirewallRules: [{2A54BF09-C9A0-46C1-AC3E-5F6D94B81D1E}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
FirewallRules: [{6879C20D-E816-4A59-B1BE-9D252C064575}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\d3dcompiler_47.dll
FirewallRules: [{6B995260-5F0C-47CA-94BB-EBE8E6C195B1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
FirewallRules: [{62F0E407-17C6-4C4F-85C8-114732B05D34}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll
FirewallRules: [{A127FA44-6D09-43A9-A3A4-C58913C6A093}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
FirewallRules: [{9E351CFE-F993-4041-B913-AFEA618827E3}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\sqldrivers\qsqlite.dll
FirewallRules: [{29B7081C-3AA8-4297-A940-F265CF7D7E4F}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\platforms\qwindows.dll
FirewallRules: [{44A2BBF6-491C-4807-BB4E-4A73BEC77D43}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qjpeg.dll
FirewallRules: [{64F79B0B-A303-44DB-AA56-7CF519377943}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qico.dll
FirewallRules: [{0E1225DF-5208-483D-94C0-C4A1DB9DEEC4}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qgif.dll
FirewallRules: [{EEDA5688-25BA-4832-9BF9-ADB252D4F9BF}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\versions_view.dll
FirewallRules: [{02D8AE44-08F6-49F9-8F41-9C365D64CF34}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll
FirewallRules: [{473D054B-6742-4B6D-8495-39BB1A4DEDFC}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
FirewallRules: [{793E5702-886F-4969-8592-AAAE8DF111B0}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
FirewallRules: [{A7AF158C-9E0C-4C22-B2E1-9C149A421B28}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
FirewallRules: [{1F336197-853C-4E4C-B428-4853B3D2E5EA}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
FirewallRules: [{6457FFD2-F49D-49C3-AE24-D425C0604D0C}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell32.dll
FirewallRules: [{062EDD5C-2823-41BE-A493-5EF39196959B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
FirewallRules: [{FE65C266-EDFF-4BD6-835E-8E68186336CD}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ssleay32.dll
FirewallRules: [{06A9BBAD-D455-40D6-B41F-71A7E745601A}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WinExtras.dll
FirewallRules: [{1C4E730E-4D1E-4750-866E-B11FF4F4B29B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Widgets.dll
FirewallRules: [{827C14C5-1967-4B40-8CCB-E98350AF83E6}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKitWidgets.dll
FirewallRules: [{C1671272-1C6F-4082-A262-07104F58A604}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKit.dll
FirewallRules: [{4AB37C12-5785-4AC3-A7EF-3E3B4F99D5C0}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Sql.dll
FirewallRules: [{CE317E4F-5F2B-4813-A304-C6B18B99C9D5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5PrintSupport.dll
FirewallRules: [{814AAF9D-39E2-487D-9D0B-D02C83881605}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5OpenGL.dll
FirewallRules: [{63D3C1CE-377A-43DD-B8B2-C336C9AAD015}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Network.dll
FirewallRules: [{C0D560C8-B0F5-441E-926C-572AB72B5B1D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Gui.dll
FirewallRules: [{2A23B0BE-A5F8-4420-8A9F-9C78B799C3D1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Core.dll
FirewallRules: [{79F4EFDA-C9C4-4A4C-888C-738E0AB6EDB2}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\opengl32sw.dll
FirewallRules: [{1C4DB44C-C5D5-4540-9AE7-AFD0D991CCA0}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libssl-10.dll
FirewallRules: [{0E232590-7E06-4E89-ACEC-FF56CAB889C1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libGLESv2.dll
FirewallRules: [{7A523544-9CD5-47ED-BBE6-ADF7F0687665}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libEGL.dll
FirewallRules: [{6AED74F5-D58D-4B0B-89E6-F1F13B6238A1}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libeay32.dll
FirewallRules: [{BE5753AA-08D7-4559-AAAF-1AA48482EAE7}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\libcrypto-10.dll
FirewallRules: [{4805CEE1-0DCD-4F93-8E96-F28A856E9002}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
FirewallRules: [{B483B421-851A-4983-AE9A-FA92DB29B064}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
FirewallRules: [{464E02EB-2FCA-474A-8BF8-D25710F1B195}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
FirewallRules: [{EBE8CCE0-B03D-4406-90E9-34C43CF5D9B5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
FirewallRules: [{A4B4EE19-C068-455E-875F-90C1797CC52F}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\d3dcompiler_47.dll
FirewallRules: [{7BEF522C-D084-4A36-9E3C-1A781F46A65C}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
FirewallRules: [{1A9CA7AE-36F3-4843-8EDB-D8CF0CEE40EC}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Uninstall.exe
FirewallRules: [{BA9BE0B0-347F-4FE5-BFD5-9D4DB2450DA0}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{F4C5182D-8076-41F7-95BE-6A89641A7170}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{3D0CD6F7-4616-4293-976C-A40A8214C05E}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
FirewallRules: [{CD963B19-1C38-43BE-A08B-368DD2E0EDA5}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{3412E5DF-FBC6-443D-B4BC-B8A2AE9F372D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_command_executor.exe
FirewallRules: [{431F72FC-5A18-4204-B243-616ACFBA1474}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{2251EC77-E0DD-4CE3-B3F1-F8161D1C7740}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\spawn.exe
FirewallRules: [{BD385838-6812-4945-AB61-6E8C3BEF8230}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\prl_stat.exe
FirewallRules: [{5D9DCF55-5A3C-4B20-9150-62796E064711}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\prl_report.exe
FirewallRules: [{755E663F-1627-4DBA-89A8-0DABC187541D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{EDB6D2E0-4426-41BB-8600-9129682201DF}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\license_activator.exe
FirewallRules: [{B0001510-EC37-40E9-BA4B-7EFEB325E886}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\extcmp.exe
FirewallRules: [{1CE49327-2B92-442E-8C88-5E1BDFC85A29}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\BrowseFolderHelper.exe
FirewallRules: [{A84BED84-FA66-4060-BA58-8D8C9DF5E8B2}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\aszbrowsehelper.exe
FirewallRules: [{5FD4E1CA-B91A-4BC7-9F0B-56450C301FDC}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{5ECE9F50-CA3C-4BFF-8AEC-2C733749BF4D}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\Uninstall.exe
FirewallRules: [{D50FC48C-8CE4-4185-BD4E-6BDD5B23E2E7}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{941C861F-5240-4CE6-91D8-785C57801DA9}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{1E340E10-A44A-4440-9E35-E00248D11486}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
FirewallRules: [{F89D999B-0744-490D-9138-1E4C2CEC61B8}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{19F8D7CA-ED1C-4CDF-924B-6EE97F424C96}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\ti_command_executor.exe
FirewallRules: [{3BB9C7BA-3062-4AEB-8970-15E4E6180918}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{0972800E-970E-4580-AB81-35130E208FA3}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\spawn.exe
FirewallRules: [{87A69D49-FB76-40C9-9A17-CC4666DFAA90}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\prl_stat.exe
FirewallRules: [{4370141B-4EB6-40CE-AFAB-6D0214D073EA}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\prl_report.exe
FirewallRules: [{6847EB41-E4DF-4D92-9A68-3E4893111963}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{EA793612-0417-49D7-A530-AC0C125C5304}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\license_activator.exe
FirewallRules: [{26D4789F-B6F9-4E02-B4DB-8FA71B14B375}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\extcmp.exe
FirewallRules: [{5FF63704-0A16-40E3-AB38-804D99F89C4B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\BrowseFolderHelper.exe
FirewallRules: [{FFB75D8B-B206-43C7-85AC-5957C507A862}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\aszbrowsehelper.exe
FirewallRules: [{B40C69B7-01D4-4FA0-B663-9FFDF4C22B1F}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{CF1A6DF9-F0FF-455A-BF47-CCD190591F28}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{D9736C99-C0D1-476E-AFDD-8322D28A5D33}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6A2D89CD-1191-41EC-9540-D3EC816E6F3D}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{47D44EEF-A715-4706-921B-301825C9788C}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14B42DA7-428C-4F76-B60F-708CF32AF2C2}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F1FC3973-ED53-48D1-BA94-B4B44BFE99B5}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DDC8BAA8-582D-4117-8438-952EAB5057C9}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBF3B7E8-D51B-415A-A30F-476B0C6F5591}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0EC4C887-A578-4FCC-A961-EB6CEE2207A2}] => (Allow) C:\Users\JohnTheMan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F7B4BB61-7481-4CF0-9FDE-14F837DDDCCE}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{3AF9A528-E1E1-4B94-BFE1-BFE965A360C6}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F5571F6B-460A-484C-800A-7749BE081D94}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{75E8A20B-2B0D-4A70-9307-EDA2C5055511}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{85A80465-AFEC-464D-84B2-612CB5D32B23}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\LogTransport2.exe
FirewallRules: [{19E7B42B-B61F-4AD7-B85A-E7CB1F70D452}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
FirewallRules: [{29C821EC-EF37-4769-9D17-B4A735C22D25}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
FirewallRules: [{1C38CCB5-67B5-47FC-A926-F0746761E1F7}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTextExtractor.exe
FirewallRules: [{5490704B-B4A5-4249-AE0F-0154B9A87459}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
FirewallRules: [{118C5E7E-7925-450E-96F3-2274994DB8FD}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcroBroker.exe
FirewallRules: [{84B76B2B-433B-4F01-9CDE-E035F7B49F2E}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcrobatInfo.exe
FirewallRules: [{4E2ACE6D-4A8A-4103-AD1B-6044D085A662}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
FirewallRules: [{E91010EA-9005-4555-B1DC-2164B44B3986}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
FirewallRules: [{EFD90A0C-CF96-4B3D-9A3C-886ACCC7B351}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\LogTransport2.exe
FirewallRules: [{4665D78D-92FD-473A-BF38-DD853A3D94A3}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
FirewallRules: [{609C6860-9CFB-4C90-8173-C02DE25C0C0D}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
FirewallRules: [{A83F58E5-3672-44F9-A8CE-D82BCBB7F3CA}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTextExtractor.exe
FirewallRules: [{EE66911C-16EA-4FC2-847C-824AD2129FAF}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
FirewallRules: [{63870E45-C97C-4F10-B9E0-83283E32014F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcroBroker.exe
FirewallRules: [{5AC9482D-DB59-4ADA-B032-D2D148207BD8}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\AcrobatInfo.exe
FirewallRules: [{B80438ED-1BE5-4F19-A8C9-A7DA0E10E5AD}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
FirewallRules: [{CAC37837-3E5E-4B81-82BA-10789516F499}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
FirewallRules: [{95024EA0-B9E5-45C4-A8EB-8E01721253FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26A793C6-8247-4BBA-961E-66EE7DA32F02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12891ECC-96EA-48A2-A6FF-0F13C8E21ED5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06098BA4-9E31-4ACA-A04F-F2AD35E684B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{294C142D-61E8-443B-9491-C9A79426EBDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F1CA9B35-9B54-4CFD-9D47-3AD243EF23F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4AAA7B65-D487-4A1C-B6F2-7DB2AD0002B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{31E4AE23-2737-4B30-90E8-F2B32BF64476}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1186FF96-3D1D-4409-9E7F-19B1639923A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{14036C80-A0AA-4C4D-BDD5-CE492CFCC3D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8585FC58-4963-4D44-A3E9-2CF4838AEE62}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{00FC88CA-A9E0-440A-AC96-58680A5782F8}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{B8497EF5-1E1E-4712-A478-014B04FA5412}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{C8CFEF01-1248-4A6C-B03F-8B23C267AD0C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{72E6E048-CB11-425E-952E-C93F8D73D589}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1F1F7657-DFAC-49CB-B052-F23A6DC236B2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{52C73836-60BC-48A6-A80D-3F16689D3A21}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{7D447E86-D950-4843-9D34-55E318C13026}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{98178C8E-18C7-4709-8ED7-EDB305BB085A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F11E8E48-1DC9-4E89-B08F-90D27F52F3F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6FC4509E-F084-4EB3-9497-E8EE6DA037A2}C:\users\JohnTheMan\desktop\zerobundle\python\python.exe] => (Allow) C:\users\JohnTheMan\desktop\zerobundle\python\python.exe
FirewallRules: [UDP Query User{61B9185C-AE4E-4DB9-B883-09A7582D2A7D}C:\users\JohnTheMan\desktop\zerobundle\python\python.exe] => (Allow) C:\users\JohnTheMan\desktop\zerobundle\python\python.exe
FirewallRules: [TCP Query User{8A7ED15D-5A6F-46DB-AB85-FFFACA37070F}C:\program files\adobe\adobe dreamweaver cc 2015\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\dreamweaver.exe
FirewallRules: [UDP Query User{A3D15558-5F77-4706-9DE9-55F77C128F37}C:\program files\adobe\adobe dreamweaver cc 2015\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\dreamweaver.exe
FirewallRules: [{348E7F18-37D0-43E3-8803-74E70475F12F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{F4656C0F-250A-44CA-9CBF-A45A7B942599}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{44EF6CA2-7CFE-4B88-B20F-A2DD0B22E104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72B41941-8514-4AED-8EFB-FFA53BFB20AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED33D1D2-8654-4280-9BF8-B50A1F6D7FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6F45D0B-2F37-46CA-81CB-59D730A427BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2C16258-17C3-49DE-9B4F-E4787F44A8A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32E50EA5-D1F4-4DEE-9791-C073F173EDCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A8786A7-E6D8-41B4-A150-0DF4FEB92BF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73D7FF0E-799D-49E0-912F-74BC94DC4D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{019B056D-EF8F-4CF6-ADA9-61CEC457EB93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61C5D902-C98C-4D49-9308-1DC27303600C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F353BF41-1640-4F7E-8159-2A1CCB1365EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C48FD63A-6F76-45EB-9F43-3328A501869F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6D593C3-6AE3-427E-80A2-DC617F9BE98E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D1A69AAC-2E34-446D-A610-4583AF3AE845}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3365E5AE-AE30-443A-9788-89DB17811EDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6D9C1001-2A69-4BE7-A243-681082A0AC97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72EF9688-074A-4895-B97B-BD7E74CF389E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21925B5B-E52D-4231-944C-AA312268EAC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12BBEEA1-22DD-4571-8065-D38250D4D089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7AF4CA4-10EE-427E-85AD-376644E5A9B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CDADF02-28F7-43DC-8742-6DBE77B6D838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1238A2EB-A358-406F-BFAC-28EB44CFD724}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0083B1DF-7093-4AE3-8CCC-ECC0AC1C14DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B339DD99-1F8F-4DB3-AD32-BF7426C821C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CCA690A-D14F-41D0-9C70-52A74AEED7CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BCDFE984-ACFC-4834-B077-0A162FDFB83F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{440A561C-D026-4A2A-95E3-3896CE64CC7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69727043-462C-4FB2-A87E-50D2B1DE0FA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EE492858-78EB-4A3E-986E-C8C1BDFEA2FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{550B238C-E029-4915-864C-7AB031D9BF04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F15530C9-77A9-4DDD-9310-BE629E97A16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{05F2A36A-4636-4316-9CA7-A44FADCBC3CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{485057B1-80D5-421A-8A19-0CED4D205E0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D26778DC-BD7D-458C-B46C-E99B00C936D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BAAD2F93-B7EF-4144-8042-B5C404FC3B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09A15B3D-01DE-48C3-BFE7-E517317889F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D16E600-12CE-4133-A4B2-05842003AF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E9109A6-BA07-4F24-B5FD-B6B6A88AE932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3AF5F56-21D6-4494-9985-8AE4200026CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C46AE22A-E5D5-4B8E-8070-36E01CE35778}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBF0AEA7-73CA-4322-95B2-451126160263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33A0E2AA-CCBA-4CEA-B88C-B16B3FD232D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{859999AD-CC28-4914-A4A3-C9378CAE1240}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B42DF36A-67D5-47F1-84B0-C0502AC5302B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8C3766BF-92D9-4D52-8EBB-FF24EB20BDB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77627A1D-EF1E-4304-A48D-AC03BB339C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E677B0D7-5DC0-4C31-B53F-761A684C535F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA63F6AD-47A8-4316-BC88-16FE57D67019}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B68084D-4CF7-4A74-9064-92C8F0675E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3825C58B-A2B8-4C4B-B98A-257B11394602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F53AC96F-EF98-40C9-AA9E-C48227B3DBF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A51D8DD-F15B-48C5-B1FB-CBDC23B17E32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E00A50C-8939-45BE-993F-E1F9DA4D628A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2178F79D-05ED-42D2-8124-AA30C2D41626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ECB3ADC2-7AF8-4B4F-8C17-881A630112F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6F4420C-2E5F-43DD-982B-36B50997D8EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{133ECBCB-08A7-4B35-8D72-2092D27A5552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7FF6AF2D-832E-4351-89D1-9AA929A961E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{F26792ED-3BA0-4B10-A4E7-C02A6C68C60A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{797FE3FE-7684-41FE-A8ED-0B342AB4965F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{F7037A2C-721F-4CF3-A7A0-03FEFC14E688}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{4001FDC3-A104-4F6D-94C6-129710C9C7AF}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{E475F576-99FF-43F8-ABD6-D092D1C5F849}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{76094A56-72D5-4C29-899F-F7466C91BCF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7FB4CD8-6AB9-485C-8401-97CDDB7AF684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2F5A411E-C3BA-4431-83F9-97EB6CE4711E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7103B559-1264-4AD6-94A6-CD81F26146D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B161A808-5E71-4F27-B88A-58F7C00B71E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61EA984B-F75B-473A-A74D-68EA0E383DE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12D08D8B-6D03-45F7-B472-C19C6A9BD488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85E8E919-0253-4D9E-B44C-D8F6DB62838B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09BC20ED-F2A2-42A2-8653-DF4487ADF196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{01DD3CA2-0A6F-452A-BF13-50BA68953FED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{7497C06D-20C7-4F97-8306-34578792BFE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{D8D5B1F7-E08D-4A68-87BF-E57CE475E3E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{39D80558-1BC1-42D7-893C-55E6387FEB52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1C677F01-C5A7-4A15-B58A-882676132CC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A818EC2-DE80-4E1D-9C13-A3D08F77C31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{211B33E6-BBCD-4FCE-A239-83DA108B7810}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E70FDE3B-8D27-4E9C-A87A-C90E87D9D59F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B3618208-39D2-46A2-A6D2-227EF3E0BEC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{13A4E9DA-714D-44BA-BF38-164B0CDB6A3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF98E021-1FB5-48E4-9C4E-B5D1FC884A86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9070114A-BE62-4712-ACA9-28E0FE2B9ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1495A359-C0D4-46BB-B2BA-AF9B342F6889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA20B60A-C0C7-416F-8C9E-B4B16767F28C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D0A6F32-C493-4DF0-A3E8-1012E07412C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6BD5B5E2-A8E4-4232-849C-B845E429A06B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E0434C9-6DF5-4740-8789-E16018D76B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E3AE664-D68F-4B5F-8134-6775EC36E36B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2436ACA-54D4-4E84-914E-2808C36FE417}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AFA682C-BA07-4C88-A841-EF612841D06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15FD7672-70CD-4722-9D3B-F79E19583A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C813073F-A04D-4F53-BEE4-16315BBED3A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{67057C2A-AD84-4A9E-A91A-53C140AE3A7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3864E2A-EDCC-43A3-82AF-DF37D312FDDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFD76D8D-E436-4C4A-BBD9-493C956FB52F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8ACC08E4-CDFC-4E17-9E4B-AF843B70F5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{033292B0-00C1-412B-B328-6BD504238B7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6CE65847-FDBB-4C2F-8482-0792F346245C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F2DFEDD-B1A7-4A3F-BC04-D898C8ED7631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0F509BCE-2D0C-4B8D-8CDB-9EA324105896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FB2CA4C-7E8C-485F-B527-41A82AACE9DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F27F6394-46D9-4815-A876-AAA42CD27FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EDA5380-1CD5-43A9-8F6F-016816AD608F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B7BA1DD-BB22-450A-BA34-A4FA1312A99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6458C37D-74D9-45E9-B9EC-6242EF0E4F75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5594F789-4FE4-4451-87D3-B4093614012F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{34081BE1-A41C-400B-BAEA-AF641121C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07083396-13B4-464A-843C-AB6C003FA080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C943828-3B1E-43DC-AAC8-1C0F1EB90D27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A92B66EC-31FE-4215-BB12-48993F1B909A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE2C82D7-199A-47D0-A00C-F8BB5D8208B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{573C363B-F6F2-4533-90B3-900FBD9AF19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F82B9ED-B14E-4807-A607-63719F2252A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{87F5112C-0ADB-47A4-986D-8E5D52CA4EEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD66A5E8-ED49-4767-9C69-FB66113A77CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E645AA99-AD98-4334-A15A-A52ACD9F6B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA48859A-FD45-4C0E-B4E0-0B2C2A4CD3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4E2002A-E226-41FD-8501-F2CBA33D02FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CCD883B6-01F1-4638-93D2-0BD7E69E9710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4AF08370-AAC0-4062-B45B-DDF4CDC188FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C926FF74-84B6-4DE9-B8CB-591E3017AD9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E242A468-B1AC-40E9-A59B-AB4D4BA11344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A0901DF-50C1-4076-B51A-C191E1075E4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{403ABED3-2AEC-4ADB-A40B-EB55331C46AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ACFF45C5-F724-42B5-8106-0402938A7942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06112619-561C-46AD-BFB3-58E61A10F6C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{45640FA1-E7DE-4E94-9A20-87121F1E11A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E564214E-2814-45A2-8B61-922102BF6B2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B3DD1D1-7F39-428F-8A8A-98516D3D6F72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3109D303-E95F-4B11-AEB6-572002D0CECF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA6A84DB-3FD4-4A7C-893F-40EC73A7D12F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BAC04F32-FF72-42CF-9B27-C56749C35B6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4B5FB1D-344E-4C31-AD00-65D601198327}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F72DF3E-CB0C-4AD6-8C07-E78CB7769B08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3299D5FF-5474-4134-8D78-77446BFFAABF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8AF5D45C-74DA-46EC-B3C8-0BBFC13CF81A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{543A9D91-C889-4CAF-982D-2BA971AFC65B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C54AC87-EA34-4133-8275-67F7279611B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30C7B5FB-4BAB-4DF7-A4FF-1E0D59EBAB6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5066CFD-6005-4DA5-9465-C9AA1DCF40BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B20FAB16-4291-4BA3-B248-693E7B7989C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE77542C-5609-46F1-976A-BA093E8AA4E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2783F2C3-A212-4D6C-B71A-AFA04AC6B3AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7086BFA8-B8BB-4E53-8F7D-6C946B1AEC70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3521E277-675E-4DF3-A5E2-4645C354480B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E5F1C23-AA05-4E0E-8932-AE509DDA08F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{255B0CDE-0B65-4969-B067-76BC21F9593A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FAB79F54-E398-4742-9B23-CFD8EF869C04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B763D80B-A6D6-4661-97A1-B18B54FA6EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E6BB05CA-63DE-4ACC-8050-457D6B218060}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B5EFF40B-DC35-4523-9448-9FAECBA53683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DAE29ED-6113-4756-B48D-EFABDBDFCCBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B890813E-7A4E-463D-954E-444BD0EE9B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{57D963C9-0786-43A8-92FD-8A3486145BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C92A814-AD7C-4995-8D6E-02299B18AE3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B55B142-9CE5-4DE6-8CD1-B659CB20B4FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8095B7C5-22FB-48E1-87B0-2EFB42CCC202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{596EAB9E-6933-41D9-AA71-08B44C427096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11692909-4F3B-47CD-9992-974F277CC06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A0AE5578-D5B9-4B65-ABD2-7EBB92FE7342}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71475C0B-ACBF-4C8F-9355-F274BB23D40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0ECC417B-6A9F-4A48-BA77-87B64D93F2B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C0039910-812C-4AD2-ACCF-C536EB5F2088}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{595D5687-D840-4A9B-90FE-B639FD2EBC5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44CA73F7-4698-4D1C-A877-3256184BFFC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5305DDDD-CF26-4A33-8574-D03568D11E13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC61BD36-305D-4B23-B3DF-2B39BEDD6D30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77D17741-9CDA-455C-A30E-D0DE66F843E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ADC8B336-54F5-4D10-8C78-A2E1D5A179DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AB2CBF28-3134-47F7-90D3-8DCCFB7DB575}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{88FDAD7E-33CA-49E0-AC8D-62F7BC41340C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F46CD7D0-2189-456D-97B5-FA759DDB6275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE77958C-628E-4E75-B400-5101559D9A1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FBF3F1C4-59FC-43D5-9DFF-9B8DB79550AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC2B3D4F-8D93-42D8-AD4C-8D145951DBFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95959707-FD0A-4D13-B09E-5880082BD501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D99DF9A9-2398-4C49-8BA2-6EB72C0F5D7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00C72FD8-A2E4-4E20-8B19-3B56AF897D89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B75721B-61F6-496D-A88C-A0B0450534C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F7CBD10-4B52-4DC6-B6C4-B3BCA931EF96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D9F1CB8-9DD8-4B94-97C0-80EC84D45A85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{905BA0D7-C0A2-44C3-B19E-7ED2255EBE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{DFAD39F0-E0A6-484E-831E-5241D11F07D7}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_27032687\javaw.exe
FirewallRules: [UDP Query User{9A7CB46E-32EF-4B82-AB34-EDEB269065CD}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_27032687\javaw.exe
FirewallRules: [{0DA69448-7CE2-42EC-A9DF-E03639B260EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C428C75-384B-4C0B-9A47-2DE7AAEB80B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D3C854C-16DD-4D75-BE53-80EA9B09EE0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50835D8C-A430-4BE1-9232-F22CAA208533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8883C84-EFE5-4516-A9A9-006EEEE6C048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2C255410-6B3A-47BF-9446-4B1D3D0478F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BCF9744-9B14-47E4-979E-33996D99A90D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7321222D-4619-40DA-848D-126E90764F43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FCF7D97-B15D-4B08-A1C2-4E250CEBD4DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E2D01A8-787D-48CE-ACED-9011241F5651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{831D610D-31A5-4D8C-8CFB-D16CAC8537FD}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{BD5C4F79-8EF2-48C2-A8AC-4744035DF3A4}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{DA67C7BE-06FB-4406-BF9A-F5A757ACF9A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A54D692-5858-4F09-A005-C07B548C7B6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2BAE1F01-B75F-4B05-8645-E75FFB11E184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1823F593-8C61-48A6-8E46-773CF627B8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E1E5F6D-4FC6-43FC-9EFB-2C34CAAF654A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68BD027F-8483-4381-AED5-B01142BD1301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{142CDE3D-652F-40A2-9664-D696F448CCF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDBBFD32-A06B-46ED-9941-029C65AD37C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6CB4E397-D68F-4D0A-A509-FA93A04488CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65616B69-2D60-423E-8ABE-06560168B7AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1A157D4-DEEB-4113-ABCF-9861B4A52A3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7035522C-A2CE-4D4E-85B8-6123DE6CEB07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F45B4DB-DB1B-4ABC-8112-A4EBAE2C53D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EA6A878-EA27-4477-B8E4-5D1B0B7E608D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8AAE8741-A4E6-4E5B-BF5B-805891034291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB7DAFE0-8062-4D15-A4D2-A1EA5DE42A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{982EECCC-3EBC-482E-9020-602E27004BA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D765E87-3380-4C0B-9B55-CB917260C2C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8758B31-13A8-4E72-8309-FFCB2EA0813F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F8F3C866-F2EA-4F1F-A3D4-E7CF7A958391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23116658-676C-43B5-9367-31339FB64B31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{794A4AF5-148E-482A-9ABA-F742779D21EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5124A4F9-667D-4563-960D-DF9A306EA212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29FC3D0C-777E-44BC-B889-B8BB26173994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E038FA6-578D-41A4-8ACB-FDEC680923BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E8EB8BA-6D01-4EBD-BBD0-D3412433F049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F430371F-95B0-48CF-A915-01223D7D7E2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2065C7E5-00D0-40C9-B33F-106FF6F1E91C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C2CAB2E-1715-4B64-BE19-427F0F187146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6BAB4E08-CBEF-4BCB-AAC4-8739C7AEFF71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D8EBA34-28FA-4F32-BDA5-5EFB48DAE59C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FAE8FAD-54F3-4E2B-8704-7E6DDE72319F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32A47A04-20D1-4FE5-89CF-E49C44E2AB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D82FA6B7-45E9-4451-9D1A-E8F118F06292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A60B6430-30CC-437C-B9D1-A4B76F53442D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C79C6A52-F267-400D-BD48-7B438EF6E812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FCCE7243-E544-4DCF-BA1C-7D28A437093C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BABA272A-DB59-42BD-9B3C-C3D578081936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AEB50E6E-BCCB-49C2-8D43-1FD26BBEA0E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{087C722E-AC6D-492E-A7F1-879012BBD7D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F833C42-B11C-47A5-9852-F785C840C28D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FF0D20E-EF16-4936-9312-6B4B3874EF1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7548C73D-AB07-4469-8B8F-955112022FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A057DF6-A023-4151-AD9A-4BA1311A90F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3913BB7C-EFA0-4E13-840F-E199661A11A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{820773D4-3556-4352-9A72-70C353CE1EC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EE03D6F7-A420-4013-8A9A-42024D1E9527}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F85F4F0-081B-429A-8687-FB4B13B407F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA99D1AF-B551-4746-940E-20C714F4D7C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3857CEE-89A1-4BC9-86E4-5040224FBFB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60F5EE83-3084-496D-B7F2-40ACDBCE5DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F648EC5A-EAB9-4862-9DB9-5C9468028E92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4ACB30A1-664F-48E8-847B-54A8EEB5317E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{951EE2CD-4F67-4F9F-A785-2E7C5D8E0A16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{691E66EA-FC06-4832-9404-56CEFEAC868F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D9A5287-EC74-4561-9127-9A75AC4F523C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E9320FF-30AB-4F3C-984C-3DA09C3115C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3ED21355-CDBA-432B-B868-B4CBD02542AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CA9A796-58CE-4F7D-ADAE-C5372318F047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7FDB2AD-6AFE-4260-A6EF-13B550795DD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B48B9F1-8B72-4B74-8754-6D706864A693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{52422FC1-9B56-46F5-81DA-8F25B86553F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0246A5BC-7A8D-4F61-94AF-1F77A14FC2CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D841136E-8D77-4ABE-A1A5-C31FBA1A27C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AA16950-F6F4-47DE-82E1-F07574AEBF82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C98EFA6-E6DD-470F-A0E8-49E662FE55CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96E0064C-6262-460B-A679-C9CB43F7A06B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E0491D9-1257-476D-B11D-4EEB304A0850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E212860-A3C5-4088-A4C0-B295D91DDB87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C646285-AD18-40CA-8AF9-B2BFE5CA709B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1FCCB4E-AFDD-4F1E-AD52-991EA9E0F358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{01AD3AF2-6325-486B-AEE4-EBB335A1F1CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{687640B5-7D9B-4093-9594-AF58F34765D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41D9B6CF-D710-4075-9153-20D44CBE0763}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42744801-545D-4679-A619-698C302ED471}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D2E2DBA-8343-40EF-AB93-6198291D22FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{202D10D7-C8E0-492E-8963-9382F84AB852}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29F54268-B7B6-4E2C-9027-5E1094335E49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{049356D7-435D-451B-87C3-E671CB9F054D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6787C100-88A7-4E8D-B693-519DD52D68C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3BFABEB6-ED12-4A58-A8EF-411F693821B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0CAD69B-6ED9-4092-B384-00D576A20D5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{073E36BC-F3E9-451A-83FE-68BCDCBB9BC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21736DA8-7B11-46FE-B209-AACD8D6A8F85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8E9B5A0-9DB9-4BF4-8A5E-F1ECF1AF264C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0BFF3F5D-963E-4F9C-B76B-11CFB25EBC57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5B050CD-C179-4B75-818A-39C73A275654}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3C6F557-7624-44EF-B399-F1E170C87E8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{849EFDCE-3DC6-497E-B91B-6896BD8988C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A806E594-3C9E-417C-9F88-AB4E45F8F8AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DBDD2896-2D2F-46E8-B9E3-9B4641D957EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0D4AEBC-BF5C-4913-80AD-B0BB637B579F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8FB54F85-40C2-419D-BD00-32D364D9CD20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95EE6AE0-6FF8-4F74-9215-754B959E363A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7760002-4B2A-4606-9185-451D3CA11F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{02BAD334-6B52-49DC-93D6-7ABE7DE3DDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5B246E0-7E0A-4FD1-9C70-864117A0DDE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A88B6E30-B6C6-45A0-A731-B7D686FA50BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{870F632B-6F47-4D36-A5A5-4B32892625EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40C2038E-3B5F-4DCA-8971-5D18C3E57FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0614BDD7-310C-4296-9A16-8313556CE547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F41238F7-6F98-4738-8E12-8E99F546D9F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B88F35AB-88EA-428D-8A81-61EABD0D7BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD8D925A-F72E-4E9F-B7B2-088C453155A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{11B9D07E-0FBC-4737-9CC4-C2422CC521BA}C:\users\JohnTheMan\appdata\local\brave\app-0.15.2\brave.exe] => (Allow) C:\users\JohnTheMan\appdata\local\brave\app-0.15.2\brave.exe
FirewallRules: [UDP Query User{B45B6D00-791D-4F98-8E75-AF7638BDDC0D}C:\users\JohnTheMan\appdata\local\brave\app-0.15.2\brave.exe] => (Allow) C:\users\JohnTheMan\appdata\local\brave\app-0.15.2\brave.exe
FirewallRules: [{E496D8A0-0C0E-492C-9893-D85E86B526B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{653FDC6A-4715-4447-AF69-A85270F74AA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F4FBC762-F389-4CB5-B14F-DFC28BF37A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FFE4040-1863-40AC-BE7C-F0E4CF085C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5ED8C205-9721-4CBB-8DF6-A3DE4A0FB386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{001F1F35-75A8-43F6-9619-C2F910E48939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C148E03D-7155-4759-9168-71E04A0AAB56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E4024A4-F171-408F-9155-3D919095BED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{160A8C60-4652-4970-A671-35A318861ABC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{9B3D0997-FFAA-48ED-BB96-2B5B55B9FF50}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6F709F92-0C58-406E-8D1E-2A2785A89321}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4FB2DE02-E2A7-4A07-87B7-8CBFE27F240C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1AF847E9-BAFD-44E2-BE4A-B07BE7895601}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{01CD5E3F-C1C6-434A-A90D-16DA5AE3A91B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EC56FAA2-7B2F-4051-BB82-A315AB0944F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C77F776-2FE2-418E-BB5C-1A0DEA5D607C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BF68B26-4355-41FF-9531-14640EEEE367}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BF8E2268-C8CF-4AED-8574-FB321D6D9FAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{543E9BF9-FB8A-4DDF-A556-B618C8F8D834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB834B9F-2240-4A24-B6FC-FAB13017B424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{363CF936-BF27-4B70-A706-EB98B2545328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B4C6B20-75DD-4EA5-BEAB-CCE6D753EB09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A4EB526A-4D01-4B23-9DA8-B253ED08DB77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C72749C-3A51-47E2-818D-39D6D25A3928}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10AE3D9F-8811-4E44-B30C-9D4B0119B79B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{80DDDA7B-51E4-4378-8E0B-BC008353DDB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2B134F34-3C05-4C71-A510-D978287A087A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{25FFEB5B-57F1-43BE-B4F7-8D91744ED426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{488D0B6A-29F0-448A-A3BB-D1824CA8C2E4}C:\wamp\bin\apache\apache2.4.23\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
FirewallRules: [UDP Query User{5F8790C8-345E-490E-868E-8DF34B16B981}C:\wamp\bin\apache\apache2.4.23\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
FirewallRules: [{98FC1D68-A6AF-4588-854E-226627F654AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0E803D6-1C01-4E73-ABDE-5FD08E79AB93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9D4D0A2-D2D3-4B03-896E-C506E0664B56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE1C4CF5-C1DC-45C5-84F9-F0FE63244AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B0B14A7-2ED7-44D6-81BA-44DF7AF11CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C06C2C1D-6530-4868-83F6-C9C0547EA93C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86794B81-094E-40B1-8E62-5BE4E35132C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5D1AD99A-64E7-40BA-B0E9-9A100E464F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2210DABF-6789-46D2-A695-B8E2DD0DE7CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7BAF314-9849-4674-9C2E-4C5687B296F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04D8D435-559D-4AD8-B29D-B39E7A295E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31DB88D0-E631-44BB-81CF-41A07D7C1BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{4F501607-7D82-492C-BFC4-910040A69F31}C:\program files\adobe\adobe dreamweaver cc 2017\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\dreamweaver.exe
FirewallRules: [UDP Query User{2FF25CE5-79EE-425C-8A39-FCA413575F2C}C:\program files\adobe\adobe dreamweaver cc 2017\dreamweaver.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\dreamweaver.exe
FirewallRules: [{A4138200-816A-4D16-8CED-D72851F56755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95A822D1-5F1C-43F1-91FB-C92F60F3BBAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D627FCDF-482C-4D08-AFEC-21DB735F86CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C258CBE-108C-4DA5-B98E-C7801AC27A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C10686C8-80BD-488B-B380-A08D3F15EDF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{05B7DF94-C67B-440C-BB24-6B911942B4FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F42732D1-F93F-4C32-81B3-ED64AFF6BED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{005FF9C7-B83B-4F5C-B082-368F55E85C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73DF9408-847E-401B-BD87-FAF988B7248C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AB5EFCA-40B0-4026-949C-B62674CA1A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B4C63B10-DCAB-4B7D-B94A-C16B09DFE819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{16A85718-A2A5-44F2-BC35-D83524E302CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{45E87ACF-EF3F-406B-A36B-7736C500707D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C53E0E5-E728-4399-BF80-A97BF5B3D0C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94C64AAC-A1DD-43CB-8D4C-4D398E01F8E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C95F7681-4E52-4525-AC69-6EB615032B6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{916555E0-2C65-4E3E-9BB3-97D025A78225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CEBBD58-4475-4FCD-B4BC-D755729614AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0BDBB590-7CEB-4DA3-AD6F-63A547EBAC9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9BBD61DE-9B4F-42BA-86D4-6FC4C36DBB87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC8C6B8A-44FC-4397-8609-CCC87C028197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E680D3A4-56B5-41BD-AF03-425A53F8B061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32257905-B013-4DA3-B2B3-1FF828D6A7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CB90B426-AA26-4787-BBB0-753B2DCC469D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8E1320A-DEA0-46F7-BBAA-231CEE684673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2852C860-A184-43B5-B9B2-C747A4E087BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{462DB304-872B-431F-88BC-CE8CA710EBD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D66B8E59-1DD3-4100-AD6B-FB5F77F197E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E451C840-55DC-4F22-A705-E866484A0650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{08BE8922-8460-4ADB-8AB4-BF427D6EC087}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4D28261-DB85-46EF-B6F4-2F4C247DFE70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29901DA7-13DB-4A73-8941-728730C7BBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6581E325-2BC1-423E-A0A9-3051559BFAB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FB51226-6BB4-43D6-AA10-17B4C42622B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFC91D59-5D18-4D78-851D-C19024096C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DFD89EE7-A541-4F4A-B57E-33F8185E2098}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{20505D5E-F405-4AEC-93B1-B15419B9F310}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{258353AC-6610-4FB8-B8AF-39A0811DE2BF}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{E29F675C-4686-4DD3-9A66-FA6FE138429B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E3F0DFC-31DE-4695-B758-B698BE6B30F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F53A2392-1F1B-4C81-96B1-C472BF8E5756}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{026116A9-9332-4C2E-B73C-4695DE49163E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FEE7FBF-D09A-4409-9F84-89832AFF814C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E8ABFBF-6055-4864-816A-F171439BFA40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A753849-FBBE-4C14-8C5C-058304A80621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBD0B629-A84D-4157-A7D3-3A6CCDAC8ACC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96A5C47C-5294-4FE6-B88B-D20246169117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79E3D325-6DE7-4752-8E99-206E4530B5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AEB90493-AFCE-4624-B716-FDE43B7F22C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BAF23F74-A2F4-4CF6-8B52-588DD1404BA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{701D0D40-5599-4ED7-A68B-024AC305DFD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2F9C80EB-44F5-46E0-BFB4-6C8B33E80901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1CAA4370-1519-47B5-BC1A-C141F7F199E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C318632-E7F2-46FA-8D6A-B4D8D20E05A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{503656BF-0E9D-47BD-8107-F93474441B8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{91105265-1807-44D9-9376-91F47E2FB3F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F091882-1642-4655-8B4A-5C45C2643D50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5644161-1EBC-4B91-8008-A0D3BC256749}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EFC2228-46AD-450A-87D1-C244808A0456}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81D228AF-C9B6-4757-ABD9-3BA57E9F1F1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9219C72B-6C04-4DB4-90F1-F12F7A6E3BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F81AE28-A2BE-4320-BF1C-53D5A73249A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{39474901-1DCC-461B-99F7-F552CCD22D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E2EFA28-B186-47BC-8B8E-8CCDE486C643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18E48860-CEC1-4A29-971D-431B3F08E81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66F06925-914C-46C2-8E73-9AD2A73BF5CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D92C629-BEEE-496A-98D7-D92B53327FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48B5F5F5-2993-4C07-B651-4E679A5A33CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CA853DF7-EAA5-4EEF-9B3F-4A1ECEC6FFC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5868FFDF-1F51-4EF9-91E5-230511FEC430}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7EAF696-5BD2-4E00-A132-B62410CDEAD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2D9CB50-D958-43BC-82FC-4A05B2D8E8F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F6850C2-8417-48F7-A9B2-5D5202B8C9A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0418C67-F010-4945-B38D-FFA9D94366A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38D554D9-9157-40B1-B797-8E741328B0CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65C05F9E-C8C0-4CB5-8840-7DF715DE1A62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F46EA3BB-0F89-4669-90A9-3DCA7F23870D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC3136D5-F914-407E-9BF7-764C9BB4E73D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0F7422B2-4331-411E-BFEE-BC1482E138AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FAA39B9-73F3-483E-9FD2-C55391004162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EFF79853-5DFD-401B-8262-8BCC536A42C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED6C1DB5-8B8B-4522-9673-9EEAE51A14AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB8EE1D8-1CB6-4048-BC87-0C7ADDB851ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{469AFD2F-A203-49A6-ADF9-AB8B3C701574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6751D936-513A-4E6D-A39B-3E2B3910CCEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68058D8E-9DC6-4EDF-889A-6811C70E0114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{804BA7F2-6542-4135-8D47-44DD5B3C0F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F93857C-FC83-4E36-A4EF-01A282E22324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6983D26F-AF5E-4425-8800-31AE9A909F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4EAFA8DB-2AC7-4C9D-93A2-5DCCB1EE7FA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B877A44-812C-4E8D-937F-2069D301855C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FF7B3A8-EDB0-4C21-B4E8-AF224F14F547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FEA8F357-4649-4CE2-9A7B-A665BD08459C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FA58933-2189-4501-BE82-3011249DE1FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CAD8971-3D5D-4E1C-8EB6-D281E7CCB64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B0EF6A9E-6D9D-4A75-B688-116F27252961}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BABCA933-ABC5-4B22-9BFA-0A266EBAA7A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{67D54B4B-AF26-4605-BC3E-9A893B26D551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32CFD5E1-D5CF-4C09-8CC5-F849A5166F2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{493E990A-41C2-4731-9E31-0B264C154180}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{172095C2-D05B-4B07-9DC1-4D09AF81F223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D5A999FE-8451-481B-B24C-0E6D8F842841}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0231ACCD-20CE-4BF6-8F61-3BEA5E7BDEF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1ABBD701-D32C-4B0B-9317-38E64E8E7105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F71BE4B1-2D63-4875-8B2F-2D65B8A626A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EC40FC1-A491-4D5A-B964-0A8C9A1060E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96B26527-3450-493B-AB5E-737D27905D12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C53D779-D215-4B04-AAF0-2A8116DA6B49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A962821D-CE87-438C-97D0-7F46D241EE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{705D9EF2-0B2C-4554-893A-693076B0E79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A2DB134-1E47-45AB-AE26-274FF6EC5775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7B211651-0204-4861-B14E-07E28D2E08D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{01CBE7BD-BD7D-4424-98B2-486EA79C0D98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8019DB6D-4361-4474-AD5B-11551AF47FE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA44EE4F-84DF-41CB-A391-C2E3BB51442E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79991F2E-1E5F-42F1-B61D-21B66AB5B5AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0FBDB5BA-CA80-4D9E-9556-6D1471039247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{613AF76C-ED67-4B13-BD0A-69107C5B0D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{310588F6-D51E-439A-9A01-AFADD25D79FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F156D343-ADC9-43AE-B94F-64AD761C66BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B568D9F-40B6-4E57-9FDB-BC04EAE705DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FE7D028-0018-484C-BE74-211FB8BC5CB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3D927BB-97CD-4722-B6B7-7D1BD6B8F96D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E26DC85C-81BC-4D6D-816F-82C0C87893FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF2CC46E-9A81-4650-A765-AB8A4307BFDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15C25CB0-3579-497C-8980-E6F29391345E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9ED4FBAC-B439-4B66-A457-E3F005DAFE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{58BDD260-B49B-408D-B7FC-AB82C3623095}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD8298A7-2A59-4A38-BE09-B4DA640C8893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30EA5A66-6966-483F-B921-138C33C1ED65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6248DC3F-E137-4AB1-A1E5-C0E145CD4292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3E63DD5-D968-4E3F-AA0A-5709A3154005}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38EA174D-6EAB-40CC-9FD2-3D4C68E66A79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B56F953D-1537-4572-804E-D4075FA9AB7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2DC4E64A-B713-4C0B-9C3D-C14FB7E40EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F64AE283-E44C-48A4-81DE-330A9808E386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A688B833-7097-4ACF-8149-8CDD032BEA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20C8A2CB-F336-4B34-A597-9F8409917F6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3C6167E-30A7-49C0-9B49-92E7A50B2D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A3BEBB9-2DDC-4F3B-9852-B521CD43EC57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CA449924-DFE2-40C4-8A46-578B502AB3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99B07E20-4C4F-43C9-BE15-DD91AE2C914F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{459F6884-98BF-4B3B-B8D0-F28B61B3F81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0DD17385-1849-4AD7-80B1-5DDFB522103A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ABD2CA6F-85B3-4DA9-8E1D-AEDF3A2B0AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53804299-B7EA-443B-8809-BA4FF6A59A83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DCAD4DF5-FE62-411D-9631-71A8A9E50AAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7092CB0-42D1-4BF7-ABF9-318036BD286B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A3F8BA3-88D0-4F68-812F-ABFA4018230B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7551FAE8-5ABC-4662-9F95-1A15596F9A99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D335AEEC-78F9-4B15-B241-727974573B8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1272633B-5891-438F-BB43-7D454A344796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A4715129-97EB-4986-A588-EAEA30786989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A68FF9D0-387D-410B-9A3A-2E6569DBD0A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B366B126-EE85-4011-95C6-34E8E31028DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CFC4B9F1-0F88-4BBB-A8A2-A947C3501F07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21181408-A045-4B5C-A2D7-C93A963317F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{967AB28A-CB93-496C-AED8-1B583FC49D21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E732410-92E9-4298-9873-E200C40C4CCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99A19EB2-79A7-454E-8AB7-1A8690258FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00BEA7FF-D29E-4EB0-BD04-047151344FBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{28EE447E-2640-4776-BAC6-7B1FABF27DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF47083A-87E1-4344-941F-4AB8AA45FBCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E383F739-B2DD-41E4-B1E9-1738EF2C5224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C07B435-FAB5-4307-8088-D4D80ABD0D3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FF87F9E-EEC7-47FB-80CE-08DD04848013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DB330BE-BC88-434C-9527-3043D7946733}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C8506E-621B-49B5-93C7-C01FE1E05C10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3179BAE8-F922-4812-8139-F44D2E2BD371}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA31016A-D3B9-4D73-A7B3-EE67BF107574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E79612C-7F77-4F9D-BC6B-30C78112FB4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{92B88A3A-34ED-4FFF-9D65-9E39C09269FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{784A7865-C979-436C-8212-5E1440E0A96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8095FC35-016E-4E77-8D13-AB2A5576D879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F75B6C9F-422F-4A3F-8B46-3A11B9C6DB3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3FDF846-063C-4C16-AB19-E778E43F131F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B443A928-E391-4D92-B1D5-A6704C5B45BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33F8E546-3F61-40A5-8098-B8D7AB1E5DEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBE8C03A-900B-4D2A-84D0-F08BF158F186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6BACA845-51EF-4B0E-BB69-4CF017213D1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E938293-F631-4379-9276-B308F34D5D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6DB5E169-2AA8-434C-A47E-6C294BFD815E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{49282DCC-186B-4BCB-BF23-24D01C7261E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0A5F21B-CA71-4DC9-A33C-69705ED50661}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DAB38C17-8B33-4700-BBC8-FC198620C6A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAAD1870-E720-480B-A369-A02611604C90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB4D048A-63A4-4B07-A684-09B497207C92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EB12182-E26C-4FCC-BF43-0605DDB15D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{430BE17D-E775-43F5-9843-D8DF602DA519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{809A1F61-5BD8-410D-AA14-B87B2C637861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4221A703-1C5A-4F45-9FF8-569B1471CE00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{255F399C-CB67-40E3-B496-0B9F275A4BE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23E7CB06-A416-4E47-BEFE-632AB11CCC65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{599BDD5E-7BD8-49E7-B021-2930C0552B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5240FD18-8323-4864-AA25-16839C575A27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FCB7ADF2-817F-4C3D-B00E-85670EC23BE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FBEA50EC-3965-4E60-9B75-FBE0C94856AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FE9D0E5-7B19-46A7-A54C-C67A0FB4511C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8049B8FD-689F-48ED-A537-D990B6B43E07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90B02C78-942D-44F4-9538-DCCE4FDE96AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C59E05B4-1E50-475B-A0C0-6BA04EB323A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2C0D35D2-C55F-47A8-9F69-D1463510FDE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4BEC9A0A-AB62-44B8-96A7-0B16E3092EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9704F144-470D-4855-BFCF-DE431B70DA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42BEF987-460E-4D45-9C60-2E401C1FCEEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C5F4E49-ECA8-468C-BE33-37FC8D7C4DED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD51939F-C2BB-404E-A72A-D1F9B3735CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1DC6A182-974C-4CCD-AF6A-04D7AAF2D480}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D6415B9F-F640-483D-8F77-B95FCB17C2A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F5D01DE-D2A8-4F6D-8831-B1505891480F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{05FCCCD3-D259-4593-9CC1-ADA73561D013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{49E6E5AB-79F8-424C-A174-DF45C838B977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3139A87-7CA5-4542-878E-53591E9AB729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F2E65DAB-1E74-4CB5-A91E-C493DAA5015D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F904281-AA0C-4DD3-8DA1-7936E9D6B753}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94D24DD7-0C48-4EED-9BE9-50619B1591CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1ADCE318-1F65-4E38-9847-9880161A8818}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7A9D052B-8FDC-4320-8D1B-1AD3C376ED17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F9E0DA88-0E30-46DC-8C2F-CC57401AEF4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7A373AA5-83BE-4F05-80C6-85C52911AA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B2AFF89F-687C-4B24-90A9-964662D8D406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FBFF1D26-F718-4AF1-AC77-A91575DD50DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5EDBFFCE-6AF2-4446-8DBD-68A85057AC85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C35CF00-21CF-4DB3-A6F7-CE0405D3E145}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{01BE6CCE-7A5C-4C07-89D0-9A31AA0E9599}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F8F289A5-4ED3-49E5-AB7B-4CE7F61B7305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{435BD8BA-71E7-449D-AC81-4C8219245A87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F47CF4D0-B257-4950-AB9D-C3004C6D6647}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{821E1113-5AEB-45D1-9389-3F33960DC485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32644326-6D6A-4E1F-9320-F774F086A954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3EE20A96-2AB3-4794-9867-38A142BCDEA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0EDC819-9176-4846-95D3-76031D8EEFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40B7DE6B-2344-4ADC-AE39-0744AC85EDB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{063753E5-08DB-4D1A-8778-BD64D031326A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{34283614-6ED0-45A9-8BF7-BFA3420F379B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{5416EBF8-0851-4ADF-9DE2-34CA41939151}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{7BE96C6A-36F9-48A4-B56D-4B35191A1C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0182F791-AFBB-4477-B7A8-354E8EDFACF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{39256C57-C607-4A0B-A400-7B45AC7F3179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D3D7FBD-E8DE-4E9E-8321-681BFBCD4E50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{956378EC-594F-49D1-9040-B7360CD78E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E6A946F-78C1-4B58-9E64-D32B78DDBC4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{524A0848-18E3-4406-899E-47E569B9E599}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC8827FA-52AB-4834-BA94-21F4A978C1E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CD1AB710-A8A1-4B0C-9F1F-9C371A836159}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3262515E-F1BA-4A1B-9FB5-85DAF162B572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E2A10CA-0657-4996-BF1E-458DD40F6A44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F1BB5CC-F0FE-430E-BD9C-DC33C969DE17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{960F9573-7D67-43B5-A81F-D40275EAD2CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{547D2DA3-4EFD-41E5-8AA9-F201BA9721AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55330D14-CE5E-4154-958A-5A21CEF72A50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9404702B-B5C9-4270-BCB2-9E71F07A8062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E78FA3A3-7C81-486C-A022-FEAABDBF5A32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{310DAED8-02B9-4A7F-A0E0-22D6003AFC02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FB4EAA7-28F0-418E-BC52-1924727B562A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F510B34-EADC-475F-80D4-74786577D36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78E1DBD3-1BE1-4822-A263-791DADF2BC4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F6F6AF8-8532-4C38-8F28-B345D426AD44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E829EDCA-ED85-463F-A704-9D78EB6DB6AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{97B57206-9EB6-4CF4-87B3-5917C27FEBC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{575A9DF9-3901-4538-9E93-60F9C5151BCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9E9D904-C107-4BD8-A4EB-1EE4A905C7DD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{F2854B78-E5CA-4FD9-B5FA-165D84481F5B}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{E16331B6-5582-47AE-8B64-54E8C3AC13F2}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{3671E0E3-D7F6-4B86-B36D-9D0AFAE840D7}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{4A6DCBCC-FE37-42D0-BF79-1CA4E8EABC55}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Rosetta Stone.exe
FirewallRules: [{8E418350-547F-4F48-889D-74DEA2AD32EC}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
FirewallRules: [{A7F2EDC3-B72E-4DBE-BB6A-ACDC3B2DB5FA}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Rosetta Stone.exe
FirewallRules: [{63705F59-7082-4D9E-A390-4F0F43145BD2}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
FirewallRules: [{CDA5A525-9A0F-436B-98E0-51CAEC37B5E5}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Adobe AIR.dll
FirewallRules: [{16A02122-DE7E-4431-BCA9-7F58643C755E}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\adobecp.dll
FirewallRules: [{7BDCA8A4-B4A3-422A-8CB8-0C10C15AC49F}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll
FirewallRules: [{A72319D3-EFB9-4650-A3FB-EF831A250A6C}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
FirewallRules: [{EF0A1387-B8AE-4322-90B2-15A9D47B3414}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\WebKit.dll
FirewallRules: [{7CAAE2DE-8BA4-4202-95D1-0AD112B026A7}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Adobe AIR.dll
FirewallRules: [{3F0A8B58-D4DF-41AE-959C-4D2D5B3641D1}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\adobecp.dll
FirewallRules: [{80169F09-026E-4366-826E-8FEFABCA48FB}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll
FirewallRules: [{D6596FD8-17B9-40AA-AEFE-E4F71CD722D0}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
FirewallRules: [{C66E59E8-81BF-48D6-B3E9-D89FB21E85D8}] => (Block) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Language Training\Adobe AIR\Versions\1.0\Resources\WebKit.dll
FirewallRules: [{66CC2F42-EA19-4D4B-8344-0B3F42029C6B}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\ExecutableLauncher.exe
FirewallRules: [{BA523432-56FA-4AAD-A6FD-13BCA1398BC8}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\installanchorservice.exe
FirewallRules: [{496CDD45-77F2-498B-ADBD-D9F08EE20334}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{C522F609-4BE9-473B-A856-D8459190F2F2}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{DEA8E592-F9A5-41EE-9D78-AB254D48F624}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\ExecutableLauncher.exe
FirewallRules: [{AA392F09-50A2-424A-8EBC-0DBD3A393138}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\installanchorservice.exe
FirewallRules: [{CFBD4911-8187-479B-9FBD-881A6B38EB36}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{77D6F829-BA68-4A7A-A9CE-73A4A8EC61AB}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B194C16E-B27B-41AE-AF9C-CDABE3DBF9A4}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\ActivationDaemonPlugin.dll
FirewallRules: [{04C2DCD2-DF47-469A-A6CE-38D7BF18119B}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\DataInstaller.dll
FirewallRules: [{82442339-8EEF-40CE-9B38-4247D6CABD0C}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\DataInstallerDaemonPlugin.dll
FirewallRules: [{88F81A1F-4CA2-49F4-BD0F-BABFDC65A84A}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNInterface.dll
FirewallRules: [{7A45D29F-7E81-4545-A587-CF9B57F13A07}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNInterface_libFNP.dll
FirewallRules: [{5C812F06-DDF6-445F-B595-66D7EE0E9539}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FnpCommsSoap.dll
FirewallRules: [{2898C6E9-F5E6-40D5-BB3D-98878D9ED2B6}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNP_Act_Installer.dll
FirewallRules: [{F487C25B-44BA-4459-A0B3-C0D82D73BAFF}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.dll
FirewallRules: [{8A8BB0BA-B4D4-4686-ADDE-2A6CF1C90594}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\SREDaemonPlugin.dll
FirewallRules: [{3D20C456-FEB3-4021-95F9-9A6E6D9FA04C}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\ActivationDaemonPlugin.dll
FirewallRules: [{DE37E997-3360-4ADB-9D3D-E2DD5CAAD923}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\DataInstaller.dll
FirewallRules: [{39E13346-9410-4DBA-81A6-2851E24885B8}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\DataInstallerDaemonPlugin.dll
FirewallRules: [{2E16B43E-6AA3-4530-AA2A-9E519B7AF9AE}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNInterface.dll
FirewallRules: [{077E89DA-E24D-4F24-A95E-6F3D08E8A67C}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNInterface_libFNP.dll
FirewallRules: [{63866607-4DAB-4730-A46B-72DE8E3BD42C}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FnpCommsSoap.dll
FirewallRules: [{9E9CDDAB-CDB4-40F1-8D75-3D0B592558E4}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\FNP_Act_Installer.dll
FirewallRules: [{6CE811C8-76BB-4100-87EA-08218A1F5617}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.dll
FirewallRules: [{E665AD35-CA55-4026-A47A-ACEEBF2ECA97}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\SREDaemonPlugin.dll
FirewallRules: [{F7562D4B-84E3-4345-BC37-E2A20F8E9313}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{BC8B1EE8-D2F3-4667-8996-996F51BA3E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{691ADF32-DED4-4F49-9E7C-A478B65D40BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6478E4FC-12BF-4582-8243-C9A989EEAE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E65CA4D2-6426-4F7E-8A6A-D6D9993DE528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6F23C8A-8A49-4CE9-B5AA-4AE424DFD66B}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.17\remoting_host.exe
FirewallRules: [{719BDD55-F0E2-42C8-97CC-B202459E8027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15EB298A-4F46-49A5-AF2B-D1F8CCBDF89F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A79CEC6-0900-4628-9B85-56D0BEF91FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC5AD565-952A-4639-8D6F-351179325012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{98D09548-8890-42F0-A2E3-38F6313AB621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FD0FC90-089A-40CE-B8A3-C240DF389ACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
23-10-2017 18:17:40 Installed Rosetta Stone Ltd Services
27-10-2017 13:20:56 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® RealSense™ 3D Camera Virtual Driver
Description: Intel® RealSense™ 3D Camera Virtual Driver
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Intel
Service: IXCamera
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/01/2017 01:58:10 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (11/01/2017 01:55:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Faulting module name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Exception code: 0xc0000005
Fault offset: 0x001c166f
Faulting process id: 0xda8
Faulting application start time: 0x01d35353ce25d2d2
Faulting application path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Faulting module path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Report Id: 484a97c4-1d91-4e27-acbd-edd0203afd9b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/01/2017 01:53:15 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (11/01/2017 01:32:18 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (11/01/2017 01:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Faulting module name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Exception code: 0xc0000005
Fault offset: 0x001c166f
Faulting process id: 0xc64
Faulting application start time: 0x01d35350321a556b
Faulting application path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Faulting module path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Report Id: 7f0705ab-db46-4f70-adc3-221960def963
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/01/2017 01:28:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-PQNOO4BN)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/01/2017 12:27:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-PQNOO4BN)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/01/2017 11:34:44 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (11/01/2017 11:32:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Faulting module name: RealSenseDCM.exe, version: 1.4.27.48405, time stamp: 0x55f04364
Exception code: 0xc0000005
Fault offset: 0x001c166f
Faulting process id: 0xca0
Faulting application start time: 0x01d3533fc5a8faa3
Faulting application path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Faulting module path: C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
Report Id: 6fbb8dcf-a40f-4510-bacd-355691b8edc9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/01/2017 11:22:21 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
 
System errors:
=============
Error: (11/01/2017 01:57:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2017 01:56:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2017 01:56:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2017 01:55:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® RealSense™ Depth Camera Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/01/2017 01:55:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCOptimize service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/01/2017 01:55:52 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled
 
Error: (11/01/2017 01:55:46 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
 
Error: (11/01/2017 01:55:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2017 01:35:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/01/2017 01:30:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 23%
Total physical RAM: 16211.78 MB
Available physical RAM: 12409.73 MB
Total Virtual: 18643.78 MB
Available Virtual: 14729.08 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:427.45 GB) (Free:219.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 8A5C399B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Thanks any help will be greatly appreciated!


#3 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 November 2017 - 04:29 PM

Any and all help will be greatly appreciated!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:27 AM

Posted 02 November 2017 - 07:49 AM

Hi John123456789 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 November 2017 - 11:27 AM

Dear Yoan,

         Thank you very much in assisting me, I have downloaded the malwarebytes anti-rootkit but it will not open or run. When I run as administrator or double click happens so noticed while reading the instructions the first step is to extract the files. Because the exe didnt seem to be working I used 7-zip to extract it manually. I then opened the folder and ran as administrator the mbar.exe file but yet again nothing happened.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:27 AM

Posted 02 November 2017 - 11:40 AM

Alright, are you able to run the mbar.cmd (with Admin Rights) file inside the MBAR folder?

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 November 2017 - 01:15 PM

Yes that worked I was able to get it running and here is its log.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.14393 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.1770.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 16999284736, free: 10230628352
 
Downloaded database version: v2017.11.02.06
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/02/2017 10:20:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\avnrvybe.sys
\SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\cm_km.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\klbackupdisk.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\klupd_klif_klbg.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\vybfil.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\klhk.sys
\SystemRoot\system32\DRIVERS\klbackupflt.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\klwtp.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\drivers\kltap.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\bhtscpcrx64.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\ETDSMBus.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\IntelDFUACPI.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\DRIVERS\RealSenseDCM.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\hidparse.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\system32\DRIVERS\dlusbaudio_x64.sys
\SystemRoot\System32\drivers\dlcdcncm62_x64.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\exfat.SYS
\SystemRoot\System32\drivers\LEub6022.sys
\SystemRoot\System32\drivers\LEMo6022.sys
\SystemRoot\system32\DRIVERS\pelusblf.sys
\SystemRoot\system32\DRIVERS\pelmouse.sys
\SystemRoot\system32\DRIVERS\pelvendr.sys
\SystemRoot\System32\drivers\LECs6022.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\IndirectKmd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\virtual_file.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\IntelHaxm.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\System32\Drivers\klupd_klif_kimul.sys
\SystemRoot\System32\Drivers\klupd_klif_mark.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\??\C:\WINDOWS\system32\drivers\5447E63C.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.11.02.06
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffbf0399f6c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf0399f70640, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf0399f6c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffbf039742f970, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffbf0393ef9400, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\avnrvybe.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\avnrvybe.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8A5C399B
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2211776263
    GPT Header CurrentLba = 1 BackupLba 1000215215
    GPT Header FirstUsableLba 34  LastUsableLba 1000215182
    GPT Header Guid de864452-3966-467f-873d-8dc6b49a66cd
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2211776263
    Backup GPT header CurrentLba = 1000215215 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1000215182
    Backup GPT header Guid de864452-3966-467f-873d-8dc6b49a66cd
    Backup GPT header Contains 128 partition entries starting at LBA 1000215183
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 919a9ef3-ec8c-4df4-8391-ded8cf14884
    FirstLBA 2048  Last LBA 534527
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID e618b509-58eb-45b3-b991-7f36361923f
    FirstLBA 534528  Last LBA 567295
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d9b6290d-2be0-46e4-b65-3b33b9385191
    FirstLBA 567296  Last LBA 896999423
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 22c4364d-c20f-4d6a-a93b-6851aff12d1
    FirstLBA 896999424  Last LBA 949428223
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 20ddf3f7-fa73-4044-b0b5-264f8d2241f
    FirstLBA 949428224  Last LBA 951476223
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 57b64c66-6221-4b10-925c-477c5115e89
    FirstLBA 951476224  Last LBA 998166527
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 6 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 6c74b09a-17f3-4a74-b271-c11b11e3fec4
    FirstLBA 998166528  Last LBA 1000214527
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 512110190592 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe --> [Trojan.Clicker]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe --> [Trojan.Clicker]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Infected: C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe --> [Adware.Yelloader]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


#8 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 November 2017 - 02:19 PM

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.11.02.06
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1770.14393.0
JohnTheMan :: LAPTOP-PQNOO4BN [administrator]
 
11/2/2017 10:20:49 AM
mbar-log-2017-11-02 (10-20-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 308418
Time elapsed: 11 minute(s), 55 second(s)
 
Memory Processes Detected: 6
C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe (Trojan.Clicker) -> 1700 -> Delete on reboot. [6d511edfa207989e7818708b639e6b95]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> 14420 -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> 8828 -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> 6420 -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> 14588 -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> 11468 -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\avnrvybe.sys (Rootkit.Agent.PUA) -> Delete on reboot. [853c5d3f0e8d37675cf2da37a10b5959]
C:\Users\JohnTheMan\AppData\Local\svdlahe\svdlahe.exe (Trojan.Clicker) -> Delete on reboot. [6d511edfa207989e7818708b639e6b95]
C:\Users\JohnTheMan\AppData\Local\svdlahe\coibztl.exe (Adware.Yelloader) -> Delete on reboot. [0ab4708d07a20a2cbeeaf4793ec329d7]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:27 AM

Posted 03 November 2017 - 07:49 AM

Awesome! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 03 November 2017 - 09:25 AM

Ok installed and scanned and here is the log:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/3/17
Scan Time: 7:15 AM
Log File: 8043efce-c0a1-11e7-bb6e-507b9d8a1d85.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3165
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.1770)
CPU: x64
File System: NTFS
User: LAPTOP-PQNOO4BN\JohnTheMan
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395997
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 55 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by John123456789, 03 November 2017 - 09:26 AM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:27 AM

Posted 03 November 2017 - 10:33 AM

Good. Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 03 November 2017 - 11:36 AM

RogueKiller Logs:

RogueKiller V12.11.22.0 (x64) [Oct 30 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : JohnTheMan [Administrator]
Started from : C:\Users\JohnTheMan\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 11/03/2017 08:40:48 (Duration : 00:40:33)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCOptimize ("C:\Users\JohnTheMan\AppData\Local\Temp\PCOptimize\PCOptimize.exe") -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{DFAD39F0-E0A6-484E-831E-5241D11F07D7}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_27032687\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9A7CB46E-32EF-4B82-AB34-EDEB269065CD}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_27032687\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 2 ¤¤¤
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] %WINDIR%\Tasks\AutoKMS.job -- C:\Windows\AutoKMS\AutoKMS.exe -> Found
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found
 
¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][File] C:\Users\Public\Desktop\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Found
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[Root.Wajam][File] C:\Windows\System32\drivers\828c24e0837e48f0c3fedbb069ab7fa0.sys -> Found
[PUP.uTorrentAds][File] C:\Users\JohnTheMan\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Found
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies -> Found
[PUP.Gen1][File] C:\Users\Public\Desktop\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/u/0/#inbox|https://apps.timesolv.com/App/NoPermission.aspx|http://www.rightoninteractive.com/|http://podcasts.joerogan.net/] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google.com_] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LITEON CV1-8B512 +++++
--- User ---
[MBR] fb43618679326993f33deb73c63bf69b
[BSP] 7f1b96d887406e03ba6d8a76d7c66cd0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 437711 MB
3 - Basic data partition | Offset (sectors): 896999424 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 949428224 | Size: 1000 MB
5 - Basic data partition | Offset (sectors): 951476224 | Size: 22798 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998166528 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK
 
and after reboot/cleaning
 
RogueKiller V12.11.22.0 (x64) [Oct 30 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : JohnTheMan [Administrator]
Started from : C:\Users\JohnTheMan\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 11/03/2017 08:40:48 (Duration : 00:40:33)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCOptimize ("C:\Users\JohnTheMan\AppData\Local\Temp\PCOptimize\PCOptimize.exe") -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{DFAD39F0-E0A6-484E-831E-5241D11F07D7}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_27032687\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9A7CB46E-32EF-4B82-AB34-EDEB269065CD}C:\programdata\oracle\java\javapath_target_27032687\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_27032687\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
 
¤¤¤ Tasks : 2 ¤¤¤
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] %WINDIR%\Tasks\AutoKMS.job -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
[PUP.HackTool|VT.HackTool:Win32/AutoKMS] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
 
¤¤¤ Files : 7 ¤¤¤
[PUP.Gen1][File] C:\Users\Public\Desktop\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Deleted
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.ini -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted
[Root.Wajam][File] C:\Windows\System32\drivers\828c24e0837e48f0c3fedbb069ab7fa0.sys -> Deleted
[PUP.uTorrentAds][File] C:\Users\JohnTheMan\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\bass.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\achievement.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\awooga.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\ballooninflate.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\balloon_pop.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\basketball.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bigchomp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bleep.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\blover.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\boing.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bonk.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bossboulderattack.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bossexplosion.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bowling.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bowlingimpact.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bowlingimpact2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bugspray.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bungee_scream.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bungee_scream2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\bungee_scream3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\butter.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\buttonclick.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\buzzer.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\ceramic.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\cherrybomb.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\chime.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\chomp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\chomp2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\chompsoft.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\coblaunch.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\coffee.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\coin.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavecrazy.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveextralong1.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveextralong2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveextralong3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavelong1.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavelong2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavelong3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavescream.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydavescream2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveshort1.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveshort2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\crazydaveshort3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\dancer.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\diamond.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\digger_zombie.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\dirt_rise.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\dolphin_appears.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\dolphin_before_jumping.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\doomshroom.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\evillaugh.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\explosion.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\fertilizer.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\finalfanfare.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\finalwave.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\firepea.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\floop.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\frozen.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\fume.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gargantuar_thump.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gargantudeath.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\grassstep.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gravebusterchomp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gravebutton.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gravestone_rumble.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan4.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan5.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\groan6.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\gulp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\hatchback_close.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\hatchback_open.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\hugewave.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\hydraulic.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\hydraulic_short.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\ignite.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\ignite2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\imp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\imp2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\jackinthebox.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\jack_surprise.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\jack_surprise2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\jalapeno.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\juicy.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\kernelpult.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\kernelpult2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\ladder_zombie.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\lawnmower.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\lightfill.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\limbs_pop.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\loadingbar_flower.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\loadingbar_zombie.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\losemusic.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\lowgroan.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\lowgroan2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\magnetshroom.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\melonimpact.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\melonimpact2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\mindcontrolled.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\moneyfalls.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\newspaper_rarrgh.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\newspaper_rarrgh2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\newspaper_rip.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\paper.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\pause.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\phonograph.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plant.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plant2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plantern.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plantgrow.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plant_water.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plastichit.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\plastichit2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\pogo_zombie.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\points.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\polevault.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\pool_cleaner.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\portal.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\potato_mine.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\prize.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\puff.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\rain.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\readysetplant.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\reverse_explosion.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\roll_in.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\RVthrow.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\scream.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\seedlift.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\shieldhit.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\shieldhit2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\shoop.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\shovel.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\siren.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\slotmachine.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\slurp.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\snow_pea_sparkles.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\splat.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\splat2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\splat3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\squash_hmm.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\squash_hmm2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir3.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir4.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir5.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\sukhbir6.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\swing.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\tap.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\tap2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\tapglass.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\throw.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\throw2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\thunder.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\vase_breaking.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\wakeup.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\watering.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\winmusic.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\yuck.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\yuck2.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zamboni.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zombaquarium_die.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zombiesplash.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zombie_entering_water.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zombie_falling_1.wav -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\cached\sounds\zombie_falling_2.wav -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\cached\sounds -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\cached -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\layout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\allscreens -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\commonLayout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\commonLayout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\LevelLockedCommonLayout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\LevelLockedCommonLayout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\strings.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\TimeTrialCommonLayout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\common\TimeTrialCommonLayout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\common -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\EsrbLayout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\EsrbLayout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\EsrbWithDescriptorsLayout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\EsrbWithDescriptorsLayout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\esrb -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\layout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\footer\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\footer -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\header\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\header\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\header\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\header\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\header -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\layout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\helpandsecurity -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Arial10.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Arial10Bold.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Arial12Bold.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Arial9.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Arial9Bold.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri11.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri11_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri12.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri12_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri8.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Calibri8_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\HelveticaRoman10.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\HelveticaRoman10_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\HelveticaRoman18.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\HelveticaRoman18_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\MyriadPro9.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\MyriadPro9_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Omnes-Semibold12.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Omnes-Semibold12_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Omnes-Semibold14.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\Omnes-Semibold14_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesBold14.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesBold14_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium13.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium13_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium14.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium14_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium18.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium18_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium20.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium20_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium24.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesMedium24_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesRegular14.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\OmnesRegular14_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebBold12.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebBold12_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebItalic9.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebItalic9_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebStroke18.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebStroke18_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\TrebStroke18_layer1_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\_Arial10.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\_Arial10Bold.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\_Arial12Bold.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\_Arial9.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts\_Arial9Bold.png -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\fonts -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\bbb.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\bullet.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_intro_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_intro_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_intro_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_outro_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_outro_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\buy_outro_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\btn_close.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\btn_close_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\btn_close_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\btn_close_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\modal_bg.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\modal_overlay.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common\modal_overlay_.gif -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\common -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\esrb.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\esrb_with_descriptors.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\footer_background.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\header.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\help_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\help_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\help_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\playtrial_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\playtrial_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\playtrial_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\play_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\play_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\play_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\popcap.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\price.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\register_small_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\register_small_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\register_small_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\security_down.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\security_norm.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\security_over.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images\tooltip.png -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\images -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base\_common_assets -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Base -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\ClientMetrics\config.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\ClientMetrics\config.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\ClientMetrics -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\contentdb.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\contentdb.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb\PromoBlurb\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb\PromoBlurb\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb\PromoBlurb\promoblurb.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb\PromoBlurb\promoblurb.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb\PromoBlurb -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\PromoBlurb -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\APScreen\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\APScreen\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\APScreen\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\APScreen\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\APScreen -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\BuyConnectCheck\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\BuyConnectCheck\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\BuyConnectCheck\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\BuyConnectCheck\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\BuyConnectCheck -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\purchase\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\purchase\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\purchase\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\purchase\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\purchase -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegConnectCheck\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegConnectCheck\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegConnectCheck\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegConnectCheck\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegConnectCheck -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegSucceeded\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegSucceeded\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegSucceeded\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegSucceeded\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\RegSucceeded -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptConnectCheck\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptConnectCheck\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptConnectCheck\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptConnectCheck\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptConnectCheck -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptScreen\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptScreen\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptScreen\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptScreen\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\ResendReceiptScreen -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\ConnectCheckAnimation.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\ConnectCheckAnimation.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\ConnectCheckAnimation_SingleBall.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\ConnectCheckAnimation_SingleBall.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_cancel_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_continue_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_lost_email_rec_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_receipt_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_register_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry_down.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry_down_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry_over.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\btn_retry_over_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\connecting.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\connecting_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\editbox_bg.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\editbox_bg_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\error_bg.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\error_bg_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\green_check.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\green_check_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\internet.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\internet_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\lost_your_email.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\monitor.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\monitor_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\regbar_bigball.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\regbar_smallball.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\reg_bg.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\success.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration\success_.gif -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images\registration -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\images -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase\_common_assets -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Purchase -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\expire\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\expire\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\expire\expire.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\expire\expire.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\expire -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\intro\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\intro\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\intro\intro.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\intro\intro.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\intro -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\outro\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\outro\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\outro\outro.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\outro\outro.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\outro -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedendscreen\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedendscreen\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedendscreen\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedendscreen\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedendscreen -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedintroscreen\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedintroscreen\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedintroscreen\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedintroscreen\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\purchasedintroscreen -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\arial-regular7.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\arial-regular7_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-medium11.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-medium11_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular13.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular13_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular14.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular14_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular27.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-regular27_layer0_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-semibold13.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts\omnes-semibold13_layer0_.gif -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\fonts -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images\introBackground.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images\introLogo.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images\price.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images\rtpanel.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images\time_remaining_background.png -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets\images -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens\_common_assets -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\Screens -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialog\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialog\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialog\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialog\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialog -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialogNext\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialogNext\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialogNext\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialogNext\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateAvailableDialogNext -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadedDialog\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadedDialog\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadedDialog\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadedDialog\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadedDialog -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadFailedDialog\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadFailedDialog\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadFailedDialog\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadFailedDialog\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateDownloadFailedDialog -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateInstallingDialog\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateInstallingDialog\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateInstallingDialog\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateInstallingDialog\layout.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateInstallingDialog -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateUIBase\control.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateUIBase\control.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateUIBase\updateui.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateUIBase\updateui.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\UpdateUIBase -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\dialog_bg.png -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\modal_overlay.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\modal_overlay_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue2.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue2_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue3.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue3_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_continue_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow2.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow2_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow3.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow3_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_downloadnow_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install2.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install2_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install3.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install3_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_install_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks2.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks2_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks3.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks3_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\updatebtn_nothanks_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_dlinprogress.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_dlinprogress_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_installerror.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_installerror_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_installsuccess.jpg -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_installsuccess_.gif -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update\update_text.jpg -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images\update -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\images -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI\_common_assets -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content\UpdateUI -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm\content -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\drm.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\gameversion.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\layout.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\layout.xml.bin.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\strings.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm\strings.xml.bin.sig -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\drm -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm.xml -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\drm.xml.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\DynamicContentLib.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\eula.rtf -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\eula.txt -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\gameversion.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\Install_props.xml -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\main.pak -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\PlantsVsZombies.dat -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\PlantsVsZombies.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\properties\partner.xml -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\properties\partner.xml.sig -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\properties\partner.xml.sig2 -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\properties\partner_logo.jpg -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Plants vs Zombies\properties -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\readme.html -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\steam_api.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\systemversion.xml.bin -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\unins000.dat -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\unins000.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\updates.xml -> Deleted
[PUP.Gen1][File] C:\Program Files\Plants vs Zombies\XLayout.dll -> Deleted
[PUP.Gen1][File] C:\Users\Public\Desktop\Plants vs Zombies.lnk [LNK@] C:\PROGRA~1\PLANTS~1\PLANTS~1.EXE -> Removed at reboot [2]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/u/0/#inbox|https://apps.timesolv.com/App/NoPermission.aspx|http://www.rightoninteractive.com/|http://podcasts.joerogan.net/] -> Deleted
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google.com_] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LITEON CV1-8B512 +++++
--- User ---
[MBR] fb43618679326993f33deb73c63bf69b
[BSP] 7f1b96d887406e03ba6d8a76d7c66cd0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 437711 MB
3 - Basic data partition | Offset (sectors): 896999424 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 949428224 | Size: 1000 MB
5 - Basic data partition | Offset (sectors): 951476224 | Size: 22798 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998166528 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK
 


#13 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 03 November 2017 - 11:39 AM

Here is the AdwCleaner Log:

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 03 16:31:37 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Ask.com - search.ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1660 B] - [2017/11/3 16:30:55]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:06:27 AM

Posted 05 November 2017 - 09:22 AM

Good :) Now please run a new scan with FRST and provide me a fresh set of logs, so we can check for remnants.

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 John123456789

John123456789
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 06 November 2017 - 01:59 PM

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by JohnTheMan (administrator) on LAPTOP-PQNOO4BN (06-11-2017 10:52:04)
Running from C:\Users\JohnTheMan\Downloads
Loaded Profiles: JohnTheMan (Available Profiles: JohnTheMan)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel® Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_bde03d8af75e6be5\IntelCpHeciSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\wmi64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16482040 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427712 2016-03-31] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-09-22] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [562544 2016-05-10] ()
HKLM-x32\...\Run: [Intel® RealSense™ SDK info server] => C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseInfo.exe [21144 2015-07-16] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7377936 2016-05-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2016-10-18] (The NWJS Community)
Startup: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\killDota2.ahk.lnk [2016-06-09]
ShortcutTarget: killDota2.ahk.lnk -> C:\scripts\killDota2.ahk ()
Startup: C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows-to-front.ahk.lnk [2016-06-09]
ShortcutTarget: windows-to-front.ahk.lnk -> C:\scripts\windows-to-front.ahk ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1c09c734-7f32-43a2-aa66-a4336392d4ae}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{4de81d2e-c90e-4851-a670-ecec1b26baaf}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6c21bbdf-eb30-423c-8996-f06f1f40bddb}: [NameServer] 209.222.18.222,209.222.18.218
Tcpip\..\Interfaces\{6c21bbdf-eb30-423c-8996-f06f1f40bddb}: [DhcpNameServer] 75.75.75.75 75.75.76.76 8.8.8.8
Tcpip\..\Interfaces\{e92fbaba-44bc-4eb7-8901-97f99fa55cff}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3927385549-1633303989-2725746871-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: 9nuquj8l.default
FF ProfilePath: C:\Users\JohnTheMan\AppData\Roaming\Mozilla\Firefox\Profiles\9nuquj8l.default [2017-10-30]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-06-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://apps.timesolv.com/App/NoPermission.aspx","hxxp://www.rightoninteractive.com/","hxxp://podcasts.joerogan.net/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Slides) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Google Play Music) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-16]
CHR Extension: (Sheets) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2017-07-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Google Hangouts) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-05]
CHR Extension: (User-Agent Switcher) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2017-09-23]
CHR Extension: (Kaspersky Protection) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Profile: C:\Users\JohnTheMan\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-28]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1195840 2016-05-10] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-07-20] ()
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.17\remoting_host.exe [71512 2017-10-24] (Google Inc.)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-07-20] (ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-09-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\vssbridge64.exe [426416 2017-11-01] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\WINDOWS\SysWOW64\drivers\o2flash.exe [82088 2015-08-04] (BayHubTech/O2Micro International)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RealSenseDCM; C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [3663512 2015-09-09] (Intel® Corporation)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-28] (TeamViewer GmbH)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe [39885824 2016-07-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DisplayLink Corp.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32344 2016-07-20] (ELAN Microelectronic Corp.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [339800 2016-07-20] (Acronis International GmbH)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [122120 2015-09-17] (Intel Corporation)
R3 IntelDFUACPI; C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [36352 2015-09-09] (Intel® Corporation)
R3 IXCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDCM.sys [72704 2015-09-09] (Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70872 2017-10-14] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [89952 2017-10-14] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2017-11-01] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [594144 2017-11-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055448 2017-11-01] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-10-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-10-14] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-11-01] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-11-01] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-11-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-11-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-11-01] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93920 2016-12-20] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136176 2017-10-14] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199360 2017-10-14] (AO Kaspersky Lab)
R3 LECs6022; C:\WINDOWS\System32\drivers\LECs6022.sys [20208 2016-08-17] (Primax Electronics Ltd.)
R3 LEMo6022; C:\WINDOWS\System32\drivers\LEMo6022.sys [27912 2016-08-17] (Primax Electronics Ltd.)
R3 LEub6022; C:\WINDOWS\System32\drivers\LEub6022.sys [20720 2016-08-17] (Primax Electronics Ltd.)
S3 Lycosa; C:\WINDOWS\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\bhtscpcrx64.sys [202776 2015-08-04] (BayHubTech/O2Micro )
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
R3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (TPMX Electronics Ltd.)
S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [35328 2015-12-17] (TPMX Electronics Ltd.)
S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-07-20] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-07-20] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-07-20] (Acronis International GmbH)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-06-09] (IDRIX)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-07-20] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 10:50 - 2017-11-06 10:50 - 000000000 ____D C:\Users\JohnTheMan\Downloads\FRST-OlderVersion
2017-11-06 09:45 - 2017-11-06 09:45 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7F6102A1.sys
2017-11-06 09:45 - 2017-11-06 09:45 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-03 08:29 - 2017-11-03 08:29 - 000135694 _____ C:\Users\JohnTheMan\Desktop\roguekiller2.txt
2017-11-03 08:28 - 2017-11-03 08:28 - 000009894 _____ C:\Users\JohnTheMan\Desktop\roguekiller.txt
2017-11-03 07:40 - 2017-11-03 08:40 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-03 07:39 - 2017-11-03 07:40 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-03 07:39 - 2017-11-03 07:39 - 026813512 _____ (Adlice Software) C:\Users\JohnTheMan\Downloads\RogueKiller_portable64.exe
2017-11-03 07:36 - 2017-11-03 07:36 - 008261584 _____ (Malwarebytes) C:\Users\JohnTheMan\Downloads\AdwCleaner.exe
2017-11-03 06:23 - 2017-11-03 06:23 - 000001251 _____ C:\Users\JohnTheMan\Desktop\mb-scan.txt
2017-11-03 06:13 - 2017-11-03 06:13 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-03 06:13 - 2017-11-03 06:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-03 06:13 - 2017-10-04 12:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-02 09:20 - 2017-11-06 09:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-02 09:20 - 2017-11-03 06:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-02 09:20 - 2017-11-02 10:15 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5447E63C.sys
2017-11-02 08:27 - 2017-11-02 08:27 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign6ad5d93dbccc64ba
2017-11-02 08:21 - 2017-11-06 09:53 - 000000000 ____D C:\Users\JohnTheMan\Desktop\mbar
2017-11-02 08:20 - 2017-11-02 08:20 - 014178840 _____ (Malwarebytes Corp.) C:\Users\JohnTheMan\Downloads\mbar-1.10.3.1001 (1).exe
2017-11-02 08:16 - 2017-11-02 08:16 - 014178840 _____ (Malwarebytes Corp.) C:\Users\JohnTheMan\Downloads\mbar-1.10.3.1001.exe
2017-11-01 13:01 - 2017-10-24 06:56 - 000004753 _____ C:\WINDOWS\system32\Drivers\etc\hosts - Copy
2017-11-01 12:59 - 2017-11-06 10:50 - 000177482 _____ C:\Users\JohnTheMan\Downloads\Addition.txt
2017-11-01 12:54 - 2017-11-01 12:54 - 000000129 _____ C:\Users\JohnTheMan\Desktop\New Text Document.txt
2017-11-01 12:48 - 2017-11-06 10:52 - 000033364 _____ C:\Users\JohnTheMan\Downloads\FRST.txt
2017-11-01 12:48 - 2017-11-06 10:52 - 000000000 ____D C:\FRST
2017-11-01 12:47 - 2017-11-06 10:50 - 002403328 _____ (Farbar) C:\Users\JohnTheMan\Downloads\FRST64.exe
2017-11-01 11:27 - 2017-11-01 12:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-01 11:20 - 2017-11-01 11:20 - 000000000 ____D C:\WINDOWS\pss
2017-11-01 11:14 - 2017-11-01 11:14 - 071535032 _____ (Malwarebytes ) C:\Users\JohnTheMan\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-11-01 10:51 - 2017-11-01 10:51 - 000000000 ____D C:\KVRT_Data
2017-11-01 10:49 - 2017-11-01 10:49 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-11-01 10:48 - 2017-11-01 10:49 - 100264280 _____ (Kaspersky Lab ZAO) C:\Users\JohnTheMan\Downloads\KVRT.exe
2017-11-01 10:33 - 2017-11-03 06:29 - 000026952 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP140.SYS
2017-11-01 10:13 - 2017-11-03 08:41 - 000000000 ____D C:\AdwCleaner
2017-11-01 10:07 - 2017-11-01 10:07 - 008261584 _____ (Malwarebytes) C:\Users\JohnTheMan\Downloads\adwcleaner_7.0.4.0.exe
2017-11-01 10:07 - 2017-11-01 10:07 - 000251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-11-01 10:06 - 2017-11-01 10:06 - 000229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-11-01 10:06 - 2017-11-01 10:06 - 000173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-11-01 10:06 - 2017-11-01 10:06 - 000112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-11-01 10:06 - 2017-11-01 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-11-01 10:05 - 2017-11-02 17:23 - 000000000 ____D C:\Program Files\Common Files\AV
2017-11-01 10:05 - 2017-11-01 10:05 - 000002163 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-11-01 10:05 - 2017-11-01 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-11-01 10:05 - 2013-05-06 07:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-11-01 10:04 - 2017-11-06 10:51 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-01 10:04 - 2017-11-01 10:06 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-11-01 10:04 - 2017-11-01 10:04 - 001055448 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-11-01 10:04 - 2017-11-01 10:04 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-11-01 10:04 - 2017-11-01 10:04 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-11-01 10:04 - 2017-11-01 10:04 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2017-11-01 10:01 - 2017-11-01 10:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-11-01 09:57 - 2017-11-01 09:59 - 162135728 _____ (Kaspersky Lab) C:\Users\JohnTheMan\Downloads\kav18.0.0.405aben_es_fr_12609.exe
2017-10-31 06:27 - 2017-10-31 06:27 - 000038570 _____ C:\Users\JohnTheMan\Desktop\Q3-November-2017-Newsletter.txt
2017-10-30 14:34 - 2017-10-30 14:34 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4e10fa01c1a2d85e
2017-10-30 14:33 - 2017-10-30 14:33 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigne26e411a058121ac
2017-10-30 13:42 - 2017-10-30 13:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignca8a5bde601b5da5
2017-10-30 13:42 - 2017-10-30 13:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign0099c3ac6cf1f1f0
2017-10-30 11:23 - 2017-10-30 11:23 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4481b1401fbd4135
2017-10-30 11:17 - 2017-10-30 11:17 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4200e9d4d1009a23
2017-10-30 11:14 - 2017-10-30 11:14 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign93f993b901c5484a
2017-10-30 11:10 - 2017-10-30 11:10 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign956a58a3fe4d5a7d
2017-10-30 11:06 - 2017-10-30 11:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign53c87727f6b996d9
2017-10-30 11:02 - 2017-10-30 11:02 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignadb9a3204a7a0ed4
2017-10-30 10:53 - 2017-10-30 10:53 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign3e308e1eeea53e8b
2017-10-30 10:50 - 2017-10-30 10:50 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign1c659659525ac929
2017-10-30 08:28 - 2017-10-30 08:28 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignca3d2e1defc01019
2017-10-30 08:13 - 2017-10-30 08:13 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb9ffa5eb1e04e39c
2017-10-30 08:06 - 2017-10-30 08:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignfe3bb3d471521801
2017-10-30 08:06 - 2017-10-30 08:06 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign5595efe93ab1303b
2017-10-30 07:40 - 2017-10-30 07:40 - 002707334 _____ C:\Users\JohnTheMan\Downloads\FPL Talent Trends Updates Q3.pptx
2017-10-26 11:34 - 2017-10-26 11:34 - 000000000 _____ C:\Users\JohnTheMan\Desktop\Example Set Guide.txt
2017-10-25 08:14 - 2017-10-25 08:14 - 000114609 _____ C:\Users\JohnTheMan\Desktop\Helix Water District Online Reservations.pdf
2017-10-25 07:47 - 2017-10-25 07:47 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign9f256508d17e0ba0
2017-10-23 18:50 - 2017-10-23 18:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 18:50 - 2017-10-04 12:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys.old
2017-10-23 18:48 - 2017-10-23 18:49 - 071535032 _____ (Malwarebytes ) C:\Users\JohnTheMan\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 18:39 - 2017-11-02 10:11 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\svdlahe
2017-10-23 18:39 - 2017-11-02 09:17 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\sebvkni
2017-10-23 18:29 - 2017-11-02 08:13 - 002843648 _____ C:\WINDOWS\system32\niaokbpsvc.exe
2017-10-23 18:29 - 2017-10-23 18:31 - 000000000 ____D C:\Program Files (x86)\PowerISO
2017-10-23 18:29 - 2017-10-23 18:29 - 000140800 _____ C:\Users\JohnTheMan\AppData\Local\installer.dat
2017-10-23 18:29 - 2017-10-23 18:29 - 000001087 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-10-23 18:29 - 2017-10-23 18:29 - 000000000 ____D C:\WINDOWS\SysWOW64\cwmbadk
2017-10-23 18:29 - 2017-10-23 18:29 - 000000000 ____D C:\WINDOWS\system32\cwmbadk
2017-10-23 18:29 - 2017-10-23 18:29 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\et
2017-10-23 18:29 - 2017-10-23 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-10-23 18:29 - 2016-02-10 05:21 - 000137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2017-10-23 17:35 - 2017-10-23 17:35 - 000002027 _____ C:\Users\JohnTheMan\Downloads\auto_addfwrs.bat
2017-10-23 17:18 - 2017-10-23 17:18 - 000001229 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
2017-10-23 17:17 - 2017-10-23 17:31 - 000000000 ____D C:\ProgramData\FLEXnet
2017-10-23 17:17 - 2017-10-23 17:28 - 000000000 ____D C:\Program Files (x86)\Rosetta Stone
2017-10-23 17:17 - 2017-10-23 17:18 - 000000000 ____D C:\ProgramData\Rosetta Stone Backups
2017-10-23 17:17 - 2017-10-23 17:18 - 000000000 ____D C:\ProgramData\Rosetta Stone
2017-10-23 17:17 - 2017-10-23 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2017-10-23 17:17 - 2017-10-23 17:17 - 000000000 ____D C:\ProgramData\RosettaStoneLtdServices
2017-10-23 17:17 - 2017-10-23 17:17 - 000000000 ____D C:\Program Files (x86)\RosettaStoneLtdServices
2017-10-23 13:03 - 2017-10-23 13:03 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign96b7658c7cd4c844
2017-10-23 11:51 - 2017-10-23 11:51 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign88dba261d5113b10
2017-10-23 11:50 - 2017-10-23 11:50 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb36c8a6696e2e46d
2017-10-23 11:48 - 2017-10-23 11:48 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign12cb4eb47d95d6c0
2017-10-23 11:40 - 2017-10-23 11:41 - 191290607 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-B (1).psd
2017-10-23 11:36 - 2017-10-23 11:36 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignb5cf7d5f9995f26f
2017-10-23 11:35 - 2017-10-23 11:35 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign1bccc85e7bc1b052
2017-10-23 11:27 - 2017-10-23 11:27 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign4789d754d5e1ed37
2017-10-23 11:25 - 2017-10-23 11:25 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign3d20fb35be6bca95
2017-10-23 11:20 - 2017-10-23 11:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignf46864c0e396ecd9
2017-10-23 11:18 - 2017-10-23 11:18 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign62bb5051fa3641df
2017-10-23 11:18 - 2017-10-23 11:18 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign0484e6d4fb2cf171
2017-10-20 16:15 - 2017-10-20 16:15 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigncd06ec68cee8aab6
2017-10-20 16:11 - 2017-10-20 16:11 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignd2f5b51de26aace4
2017-10-20 16:07 - 2017-10-20 16:07 - 191291853 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-B.psd
2017-10-20 16:05 - 2017-10-20 16:05 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign633ec385ab29f93c
2017-10-20 15:59 - 2017-10-20 15:59 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigndf8ea8e16f946b34
2017-10-20 15:55 - 2017-10-20 15:55 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign880362fb82ceb5b7
2017-10-20 15:54 - 2017-10-20 15:54 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign6583806a5d9783f1
2017-10-20 15:54 - 2017-10-20 15:54 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign40ab61e547f6d0a7
2017-10-20 15:51 - 2017-10-20 15:51 - 192970686 _____ C:\Users\JohnTheMan\Downloads\Navis-WF-Home_Oct16-R2-A-Jason.psd
2017-10-20 14:15 - 2017-10-20 14:15 - 000051617 _____ C:\WINDOWS\uninstaller.dat
2017-10-20 10:22 - 2017-10-20 10:22 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign15255133f9094268
2017-10-18 16:11 - 2017-10-18 16:11 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignbf4535a64fe63fdd
2017-10-18 16:09 - 2017-10-18 16:09 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign97cea0319ac4988c
2017-10-18 14:26 - 2017-10-18 14:26 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign5184a7990c271a7f
2017-10-18 13:11 - 2017-10-18 13:11 - 002829304 _____ C:\Users\JohnTheMan\Desktop\aquarium-trip.pdf
2017-10-14 19:38 - 2017-10-14 19:38 - 000199360 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-10-14 19:38 - 2017-10-14 19:38 - 000136176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2017-10-14 19:38 - 2017-10-14 19:38 - 000089952 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2017-10-14 19:38 - 2017-10-14 19:38 - 000070872 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupdisk.sys
2017-10-14 19:38 - 2017-10-14 19:38 - 000050672 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2017-10-12 11:10 - 2017-10-12 11:10 - 000005280 _____ C:\Users\JohnTheMan\Downloads\User-Export-by-Report.csv
2017-10-12 11:02 - 2017-10-12 11:11 - 000013950 _____ C:\Users\JohnTheMan\Downloads\Esko-tracking-9-27-2017-to-today.xlsx
2017-10-11 10:37 - 2017-10-11 10:37 - 000329715 _____ C:\Users\JohnTheMan\Downloads\Profiles_without_User_accts.xlsx
2017-10-10 10:16 - 2017-09-17 19:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-10 10:16 - 2017-09-17 19:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-10 10:16 - 2017-09-17 19:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-10 10:16 - 2017-09-17 19:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-10 10:16 - 2017-09-17 19:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 10:16 - 2017-09-17 19:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 10:16 - 2017-09-17 19:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 10:16 - 2017-09-17 19:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 10:16 - 2017-09-17 19:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 10:16 - 2017-09-17 19:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 10:16 - 2017-09-17 19:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 10:16 - 2017-09-17 19:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 10:16 - 2017-09-17 19:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 10:16 - 2017-09-17 19:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-10 10:16 - 2017-09-17 19:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 10:16 - 2017-09-17 19:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 10:16 - 2017-09-17 19:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 10:16 - 2017-09-17 19:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 10:16 - 2017-09-17 19:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 10:16 - 2017-09-17 19:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-10 10:16 - 2017-09-17 19:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-10 10:16 - 2017-09-17 19:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 10:16 - 2017-09-17 19:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-10 10:16 - 2017-09-17 19:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 10:16 - 2017-09-17 19:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 10:16 - 2017-09-17 18:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-10 10:16 - 2017-09-17 18:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-10 10:16 - 2017-09-17 18:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 10:16 - 2017-09-17 18:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 10:16 - 2017-09-17 18:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 10:16 - 2017-09-17 18:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 10:16 - 2017-09-17 18:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 10:16 - 2017-09-17 18:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 10:16 - 2017-09-17 18:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-10 10:16 - 2017-09-17 18:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-10 10:16 - 2017-09-17 18:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-10 10:16 - 2017-09-17 18:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 10:16 - 2017-09-17 18:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 10:16 - 2017-09-17 18:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 10:16 - 2017-09-17 18:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 10:16 - 2017-09-17 18:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 10:16 - 2017-09-17 18:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 10:16 - 2017-09-17 18:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-10 10:16 - 2017-09-17 18:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-10 10:16 - 2017-09-17 18:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 10:16 - 2017-09-17 18:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-10 10:16 - 2017-09-17 18:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-10 10:16 - 2017-09-17 18:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-10 10:16 - 2017-09-17 18:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-10 10:16 - 2017-09-17 18:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 10:16 - 2017-09-17 18:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 10:16 - 2017-09-17 18:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-10 10:16 - 2017-09-17 18:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-10 10:16 - 2017-09-17 18:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 10:16 - 2017-09-17 18:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-10 10:16 - 2017-09-17 18:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 10:16 - 2017-09-17 18:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-10 10:16 - 2017-09-17 18:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-10 10:16 - 2017-09-17 18:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 10:16 - 2017-09-17 18:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-10 10:16 - 2017-09-17 18:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-10 10:16 - 2017-09-17 18:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-10 10:16 - 2017-09-17 18:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-10 10:16 - 2017-09-17 18:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 10:16 - 2017-09-17 18:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-10 10:16 - 2017-09-17 18:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-10 10:16 - 2017-09-17 18:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-10 10:16 - 2017-09-17 18:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 10:16 - 2017-09-17 18:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 10:16 - 2017-09-17 18:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-10 10:16 - 2017-09-17 18:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 10:16 - 2017-09-17 18:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 10:16 - 2017-09-17 18:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-10 10:16 - 2017-09-17 18:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-10 10:16 - 2017-09-17 18:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-10 10:16 - 2017-09-17 18:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-10 10:16 - 2017-09-17 18:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-10 10:16 - 2017-09-17 18:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 10:16 - 2017-09-17 18:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-10 10:16 - 2017-09-17 18:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 10:16 - 2017-09-17 18:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 10:16 - 2017-09-17 18:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-10 10:16 - 2017-09-17 18:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-10 10:16 - 2017-09-17 18:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-10 10:16 - 2017-09-17 18:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 10:16 - 2017-09-17 18:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 10:16 - 2017-09-17 18:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-10 10:16 - 2017-09-17 18:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-10 10:16 - 2017-09-17 18:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 10:16 - 2017-09-17 18:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 10:16 - 2017-09-17 18:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 10:16 - 2017-09-17 18:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-10 10:16 - 2017-09-17 18:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 10:16 - 2017-09-17 18:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-10 10:16 - 2017-09-17 18:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-10 10:16 - 2017-09-17 18:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 10:16 - 2017-09-17 18:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-10 10:16 - 2017-09-17 18:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 10:16 - 2017-09-17 18:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 10:16 - 2017-09-17 18:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 10:16 - 2017-09-17 18:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-10 10:16 - 2017-09-17 18:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-10 10:16 - 2017-09-17 18:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-10 10:16 - 2017-09-17 18:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-10 10:16 - 2017-09-17 18:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-10 10:16 - 2017-09-17 18:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-10 10:16 - 2017-09-17 18:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 10:16 - 2017-09-17 18:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-10 10:16 - 2017-09-17 18:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-10 10:16 - 2017-09-17 18:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 10:16 - 2017-09-17 18:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-10 10:16 - 2017-09-17 18:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-10 10:16 - 2017-09-17 18:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-10 10:16 - 2017-09-14 15:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-10 10:16 - 2017-09-14 15:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-10 10:16 - 2017-09-14 14:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-10 10:16 - 2017-09-14 14:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-10 10:16 - 2017-09-14 14:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-10 10:16 - 2017-09-14 14:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-10 10:16 - 2017-09-14 14:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-10 10:16 - 2017-09-14 14:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-10 10:16 - 2017-09-14 14:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-10 10:16 - 2017-09-14 14:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 10:16 - 2017-09-14 14:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 10:16 - 2017-09-14 14:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-10 10:16 - 2017-09-14 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 10:16 - 2017-09-14 14:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-10 10:16 - 2017-09-14 14:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-10 10:16 - 2017-09-14 14:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-10 10:16 - 2017-09-14 14:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-10 10:16 - 2017-09-14 14:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-10 10:16 - 2017-09-14 14:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-10 10:16 - 2017-09-14 14:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-10 10:16 - 2017-09-14 14:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-10 10:16 - 2017-09-14 14:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-10 10:16 - 2017-09-14 14:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-10 10:16 - 2017-09-14 14:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 10:16 - 2017-09-14 14:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-10 10:16 - 2017-09-14 14:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-10 10:16 - 2017-09-14 14:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-10 10:16 - 2017-09-14 14:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-10 10:16 - 2017-09-14 14:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-10 10:16 - 2017-09-14 14:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 10:16 - 2017-09-14 14:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-10 10:16 - 2017-09-14 14:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-10 10:16 - 2017-09-14 14:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 10:16 - 2017-09-13 18:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 10:16 - 2017-09-13 18:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 10:16 - 2017-09-13 18:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 10:16 - 2017-03-03 23:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-10 10:16 - 2017-03-03 22:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-10 10:16 - 2017-03-03 22:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-10 10:16 - 2017-03-03 22:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-10 10:16 - 2017-03-03 22:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-10 10:16 - 2017-03-03 22:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-10 10:16 - 2017-03-03 22:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-10 10:16 - 2017-03-03 22:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-10 10:16 - 2017-03-03 22:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-10 10:16 - 2017-03-03 22:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-10 10:16 - 2017-03-03 22:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-10 10:16 - 2017-03-03 22:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-10 10:16 - 2016-08-26 21:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-10 10:16 - 2016-08-05 20:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-10 10:16 - 2016-08-02 00:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-10 10:15 - 2017-09-17 18:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 10:15 - 2017-09-17 18:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-10 10:15 - 2017-09-17 18:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 10:15 - 2017-09-17 18:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-10 10:15 - 2017-09-17 18:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 10:15 - 2017-09-17 18:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-10 10:15 - 2017-09-17 18:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-10 10:15 - 2017-09-17 18:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-10 10:15 - 2017-09-17 18:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-10 10:15 - 2017-09-14 14:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-10 10:15 - 2017-09-14 14:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-10 10:15 - 2017-09-14 14:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-10 10:15 - 2017-09-14 14:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-09 09:42 - 2017-10-09 09:42 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignf360dda0c4fe3987
2017-10-09 09:41 - 2017-10-09 09:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigne9ae417f5c949dcf
2017-10-09 09:41 - 2017-10-09 09:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsigncac2451a79163427
2017-10-09 09:41 - 2017-10-09 09:41 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignc7511beba46b77f1
2017-10-09 09:37 - 2017-10-09 09:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsignc3b3b44caf77b39c
2017-10-09 09:37 - 2017-10-09 09:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign9f3cbbc829c11eef
2017-10-09 09:37 - 2017-10-09 09:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign99d4ebad1b2bc1d4
2017-10-09 09:37 - 2017-10-09 09:37 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Tempzxpsign04a569dd9cb2aae5
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-06 09:46 - 2016-06-09 11:48 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-06 09:39 - 2016-08-14 07:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-06 09:01 - 2016-06-09 12:15 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Adobe
2017-11-06 09:01 - 2015-11-03 11:28 - 006783414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-06 08:58 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-04 13:57 - 2016-07-11 08:09 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\uTorrent
2017-11-04 05:32 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-03 08:33 - 2016-08-14 07:51 - 000000000 ____D C:\Users\JohnTheMan
2017-11-03 08:32 - 2016-08-14 07:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-03 08:32 - 2016-08-14 07:50 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-03 08:31 - 2016-07-15 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-03 08:20 - 2015-10-29 23:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-03 06:12 - 2016-06-09 11:20 - 000000000 __SHD C:\Users\JohnTheMan\IntelGraphicsProfiles
2017-11-02 17:26 - 2017-09-29 09:03 - 000000000 ____D C:\Program Files\rempl
2017-11-02 08:18 - 2016-06-09 12:24 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\CrashDumps
2017-11-02 08:13 - 2016-07-15 22:04 - 023592960 _____ C:\WINDOWS\system32\config\HARDWARE
2017-11-01 12:49 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-01 12:30 - 2016-06-09 11:50 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-01 10:04 - 2016-07-16 03:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-10-31 06:24 - 2016-06-09 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-25 17:57 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-25 17:48 - 2016-12-16 10:20 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:48 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:48 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 14:43 - 2017-03-01 15:23 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-10-25 14:43 - 2017-03-01 15:23 - 000000000 ____D C:\ProgramData\Oracle
2017-10-25 14:43 - 2017-03-01 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-25 14:43 - 2017-03-01 15:23 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-25 07:39 - 2016-12-05 16:14 - 000000000 ____D C:\Users\JohnTheMan\Desktop\Prints
2017-10-25 07:39 - 2016-08-15 14:13 - 000000000 ____D C:\Users\JohnTheMan\Desktop\wordpress-plugins
2017-10-24 07:31 - 2017-03-07 09:16 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\brave
2017-10-24 06:02 - 2016-12-12 09:29 - 000292088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-23 18:54 - 2017-10-03 23:58 - 000000000 ____D C:\Program Files (x86)\Icecream Screen Recorder
2017-10-23 18:35 - 2016-06-09 11:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Local\Packages
2017-10-20 15:55 - 2016-06-09 12:42 - 000000000 ____D C:\Users\JohnTheMan\Documents\Adobe
2017-10-20 15:55 - 2016-06-09 11:20 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\Adobe
2017-10-20 14:11 - 2016-07-12 09:32 - 165195776 _____ C:\WINDOWS\TEMPdebug_kit.sqlite
2017-10-20 09:28 - 2016-06-23 09:23 - 000000000 ____D C:\WINDOWS\TEMPcache
2017-10-19 16:12 - 2017-02-22 16:10 - 000000000 ____D C:\Users\JohnTheMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-10-17 11:42 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 14:27 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 14:27 - 2016-07-16 03:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 14:27 - 2016-07-16 03:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 13:19 - 2015-11-03 11:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 13:17 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-12 13:17 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-12 13:17 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-09 09:45 - 2017-08-15 13:20 - 000002353 _____ C:\Users\JohnTheMan\Desktop\SourceTree.lnk
2017-10-09 09:45 - 2017-03-07 09:16 - 000002275 _____ C:\Users\JohnTheMan\Desktop\Brave.lnk
2017-10-09 09:45 - 2017-03-01 15:24 - 000001149 _____ C:\Users\JohnTheMan\Desktop\Yawcam.lnk
2017-10-09 09:45 - 2016-07-19 15:54 - 000001112 _____ C:\Users\JohnTheMan\Desktop\Duplicate File Finder v1.5.2.55 Portable.exe.lnk
2017-10-09 09:45 - 2016-06-09 12:48 - 000001111 _____ C:\Users\JohnTheMan\Desktop\RocketDock.exe - Shortcut.lnk
 
==================== Files in the root of some directories =======
 
2016-07-19 10:25 - 2016-07-19 10:25 - 001608575 ____R () C:\Program Files (x86)\Duplicate File Finder v1.5.2.55 Portable.exe
2017-06-15 08:15 - 2017-06-15 08:17 - 059779783 ____R (PopCapGames                                                 ) C:\Program Files (x86)\Plants vs Zombies[A4].exe
2017-01-09 10:46 - 2017-01-09 10:46 - 000000112 _____ () C:\Users\JohnTheMan\AppData\Roaming\JP2K CS6 Prefs
2016-06-22 11:13 - 2016-08-02 10:16 - 000001456 _____ () C:\Users\JohnTheMan\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-23 18:29 - 2017-10-23 18:29 - 000140800 _____ () C:\Users\JohnTheMan\AppData\Local\installer.dat
2016-06-24 09:33 - 2017-10-04 08:53 - 000000600 _____ () C:\Users\JohnTheMan\AppData\Local\PUTTY.RND
2016-07-25 15:59 - 2016-07-26 09:21 - 000000183 _____ () C:\Users\JohnTheMan\AppData\Local\uts.ini
2016-08-14 07:49 - 2016-08-14 07:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-26 07:57 - 2017-05-23 09:57 - 000000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-08-14 07:49 - 2016-08-14 07:49 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
2017-11-03 07:40 - 2017-09-06 22:03 - 001887408 _____ (Microsoft Corporation) C:\Users\JohnTheMan\AppData\Local\Temp\dllnt_dump.dll
2017-10-25 14:42 - 2017-10-25 14:42 - 001856576 _____ (Oracle Corporation) C:\Users\JohnTheMan\AppData\Local\Temp\jre-8u151-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-02 10:35
 
==================== End of FRST.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users