1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Random clicking sound and heavy HD use at time's

Discussion in 'Malware and Virus Removal' started by indynick, 2016/10/25.

  1. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Howdy ho guys,this issue happened when i just started hearing a random clicking sound like that of windows explorer,and my HDD lighting up like a christmas tree at times.I also watched the taskmanger for any strange .exe's, and everytime i heard the clicking sound dll.exe would pop up just for a second,i don't know whats going on but i'm sure we'll figure it out. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
    Ran by Nick (administrator) on UPSTAIRSBED (25-10-2016 15:54:21)
    Running from C:\Users\Nick\Desktop
    Loaded Profiles: Nick (Available Profiles: Katie & Emily & Kelsey & Nick & DanM)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\nst.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Windows\SysWOW64\PnkBstrB.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\nst.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    (Napster) C:\Program Files (x86)\Napster\napster.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MHN\AlertHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
    HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe "
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1571696 2015-06-03] (NVIDIA Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
    HKLM-x32\...\Run: [NapsterShell] => C:\Program Files (x86)\Napster\napster.exe [323280 2010-01-19] (Napster)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-03-05] ()
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\Run: [RGSC] => C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\MountPoints2: {d86dfddc-1697-11df-9e9e-806e6f6e6963} - E:\SETUP.EXE
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2010-05-22]
    ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
    Startup: C:\Users\DanM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-10-24]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-10-27]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
    Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2014-07-26]
    ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Nick\AppData\Local\Apps\2.0\RG3E95OJ.LNB\EP8CGKKX.5YG\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (No File)
    BootExecute: autocheck autochk * lsdelete

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{AA778544-256C-431F-A16F-EF7E13BC0FEB}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{D1FA2BDC-3F12-40D6-A86B-8D6E7CB87D57}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
    URLSearchHook: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {D4B45EAA-4147-471B-B2C3-86663FDDE85A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {E2ACB976-467C-4E39-B952-1DA200A8D487} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {D4B45EAA-4147-471B-B2C3-86663FDDE85A} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {E2ACB976-467C-4E39-B952-1DA200A8D487} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> DefaultScope {E2ACB976-467C-4E39-B952-1DA200A8D487} URL =
    SearchScopes: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> {D4B45EAA-4147-471B-B2C3-86663FDDE85A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-27] (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-27] (Sun Microsystems, Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
    Toolbar: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
    DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-09-23] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-09-23] (McAfee, Inc.)

    FireFox:
    ========
    FF DefaultProfile: mudgm60c.default-1350819548716
    FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716 [2016-10-25]
    FF Homepage: Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716 -> hxxp://facepunch.com
    FF Extension: (uBlock Origin) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716\Extensions\uBlock0@raymondhill.net.xpi [2016-10-02]
    FF Extension: (NoScript) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-08]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-10-20] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
    FF Extension: (Norton Identity Safe Toolbar) - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2016-10-21]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-03-09] (DivX,Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-27] (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-27] (Sun Microsystems, Inc.)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-06] (Nexon)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1981132641-2656067623-3716702972-1006: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-1981132641-2656067623-3716702972-1006: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-08] (The Happy Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]
    CHR Extension: (Google Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
    CHR Extension: (Norton Identity Safe) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-09-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-08]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2016-09-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-11] (Echobit LLC)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1355968 2015-03-04] (Lavasoft)
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
    R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
    R2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-10] ()
    R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2016-05-21] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-09-06] (Echobit, LLC)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-06] (Lavasoft AB)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
    S2 X4HSX32; C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [24576 2010-03-23] (Exent Technologies Ltd.) [File not signed]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-25 15:54 - 2016-10-25 15:55 - 00028748 _____ C:\Users\Nick\Desktop\FRST.txt
    2016-10-25 15:50 - 2016-10-25 15:51 - 00023054 _____ C:\Users\Nick\Downloads\FRST.txt
    2016-10-25 15:49 - 2016-10-25 15:50 - 00000000 ____D C:\FRST
    2016-10-25 15:49 - 2016-10-25 15:49 - 02407424 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
    2016-10-25 15:48 - 2016-10-25 15:48 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
    2016-10-25 15:48 - 2016-10-25 15:48 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
    2016-10-20 16:42 - 2016-10-20 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-25 15:55 - 2010-03-26 21:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-25 15:45 - 2010-03-28 07:14 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-25 15:45 - 2010-03-28 07:14 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-10-25 15:45 - 2010-03-26 21:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-25 15:42 - 2012-04-02 16:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-23 03:39 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-10-23 03:11 - 2014-10-02 16:13 - 00007669 _____ C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
    2016-10-22 07:56 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-22 07:56 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-21 18:39 - 2016-09-01 22:25 - 00000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
    2016-10-21 18:39 - 2014-11-08 19:02 - 00000000 ____D C:\Users\Nick\AppData\Roaming\SpinTires
    2016-10-21 16:02 - 2012-05-06 15:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-21 16:00 - 2015-07-03 23:16 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Skype
    2016-10-21 15:56 - 2016-09-14 17:50 - 00000394 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2016-10-21 15:55 - 2009-11-12 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-10-21 15:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-19 02:12 - 2015-02-01 14:27 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2016-10-19 02:10 - 2015-09-17 12:50 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
    2016-10-14 19:36 - 2015-04-14 12:43 - 00000000 ____D C:\Program Files\Rockstar Games
    2016-10-14 19:36 - 2012-06-02 17:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2016-10-11 18:01 - 2012-04-02 16:21 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-11 18:01 - 2012-04-02 16:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-11 18:01 - 2011-11-19 17:16 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-11 18:01 - 2011-05-18 16:27 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-11 18:01 - 2009-11-12 17:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-09-30 22:43 - 2010-03-17 18:26 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

    ==================== Files in the root of some directories =======

    2012-02-26 21:00 - 2012-02-26 21:00 - 0091868 _____ () C:\Users\Nick\AppData\Roaming\icarus-dxdiag.xml
    2014-10-02 16:13 - 2016-10-23 03:11 - 0007669 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
    2010-11-16 21:23 - 2010-11-16 21:23 - 0228294 _____ () C:\Users\Nick\AppData\Local\tmpKELSEY ID 001.JPG
    2011-06-15 18:54 - 2011-04-16 18:54 - 0000032 ____R () C:\ProgramData\hash.dat

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\Nick\DSETUP.dll
    C:\Users\Nick\dsetup32.dll
    C:\Users\Nick\DXSETUP.exe
    C:\Users\Nick\Gibbed.Volition.dll
    C:\Users\Nick\ModManager.exe


    Some files in TEMP:
    ====================
    C:\Users\Kelsey\AppData\Local\Temp\rootsupd.exe
    C:\Users\Nick\AppData\Local\Temp\msvcp71.dll
    C:\Users\Nick\AppData\Local\Temp\msvcr71.dll
    C:\Users\Nick\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Nick\AppData\Local\Temp\nvStInst.exe
    C:\Users\Nick\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-15 07:05

    ==================== End of FRST.txt ============================
     
  2. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Ran by Nick (25-10-2016 15:56:19)
    Running from C:\Users\Nick\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2010-03-17 19:08:03)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1981132641-2656067623-3716702972-500 - Administrator - Disabled)
    DanM (S-1-5-21-1981132641-2656067623-3716702972-1007 - Administrator - Enabled) => C:\Users\DanM
    Emily (S-1-5-21-1981132641-2656067623-3716702972-1004 - Limited - Enabled) => C:\Users\Emily
    Guest (S-1-5-21-1981132641-2656067623-3716702972-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1981132641-2656067623-3716702972-1009 - Limited - Enabled)
    Katie (S-1-5-21-1981132641-2656067623-3716702972-1003 - Limited - Enabled) => C:\Users\Katie
    Kelsey (S-1-5-21-1981132641-2656067623-3716702972-1005 - Administrator - Enabled) => C:\Users\Kelsey
    Nick (S-1-5-21-1981132641-2656067623-3716702972-1006 - Administrator - Enabled) => C:\Users\Nick

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    «Sigerous Mod v2.1» (HKLM-x32\...\«Sigerous Mod äëÿ ÇÏ»_is1) (Version: - GeJorge)
    7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
    Ad-Aware (HKLM-x32\...\Ad-Aware) (Version: - Lavasoft)
    Ad-Aware (x32 Version: 8.2.0 - Lavasoft) Hidden
    Ad-Aware Email Scanner for Outlook (HKLM-x32\...\{338F08AB-C262-42C7-B000-34DE1A475273}) (Version: 1.0.0 - Lavasoft)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
    Alien Swarm (HKLM\...\Steam App 630) (Version: - Valve)
    AMX Mod X Installer 1.8.1 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.1 - AMX Mod X Dev Team)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    applicationupdater (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\SOE-C:/Users/Nick/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
    Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version: - Arkane Studios)
    AtmosFear 2.1 for S.T.A.L.K.E.R - Call Of Pripyat (HKLM-x32\...\AtmosFear 2_is1) (Version: - )
    Attribute Changer 6.20 (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 6.20 - Romain Petges)
    Autumn Aurora 2 for S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM-x32\...\Autumn Aurora 2.05_is1) (Version: - )
    Avery Wizard 3.1 (HKLM-x32\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
    Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
    BioShock (HKLM-x32\...\BioShock) (Version: 1.0.0.0 - 2K Games)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version: - 2K Australia)
    BrainBread v1.2 (HKLM-x32\...\BrainBread_is1) (Version: 1.2 - )
    Call of Pripyat Complete v1.0 (HKLM-x32\...\{Call of Pripyat v1.0}}_is1) (Version: - )
    Call of Pripyat: Redux (HKLM-x32\...\Call of Pripyat: Redux1.0) (Version: 1.0 - Beacon)
    Chaos Daemons mod version 1.6 (HKLM-x32\...\{3FA5CB57-8900-47BF-9202-3303A16C2ED8}_is1) (Version: 1.6 - Ultimate Apocalypse mod team)
    Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version: - Dark Byte)
    Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Chivalry: Medieval Warfare Dedicated Server (HKLM-x32\...\Steam App 220070) (Version: - )
    Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
    Clear Sky Complete (HKLM-x32\...\{Clear Sky Complete v1.1.2}}_is1) (Version: - )
    Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome, Inc)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
    CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}) (Version: 1.00.0000 - Electronic Arts)
    Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version: - Electronic Arts)
    Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
    Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
    Crysis(R) SP Demo (HKLM-x32\...\{92AF2F5A-4407-4A03-A80A-5A2582264746}) (Version: 1.00.0000 - Electronic Arts)
    CryTools (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\CryTools) (Version: - )
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
    Dark Parables: The Exiled Prince (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince) (Version: - )
    Diablo II (HKLM-x32\...\Diablo II) (Version: - )
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.0.450 - DivX, Inc. )
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
    E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version: - Streum On Studio)
    eMule (HKLM-x32\...\eMule) (Version: - )
    EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
    Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios)
    Fallout 2 Unofficial Patch 1.02.27.3 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version: - killap)
    Fallout Mod Manager 0.11.9 (HKLM-x32\...\Fallout Mod Manager_is1) (Version: - Timeslip, Q)
    Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
    FO2 Restoration Project 2.3.3 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version: - killap)
    FOOK2 (HKLM-x32\...\FOOK2 v1.0) (Version: v1.0 - FOOK Team)
    GameFly Download Manager (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\7998bdbe8c95db7f) (Version: 1.0.0.96 - GameFly)
    gamelauncher-ps2-live (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\SOE-) (Version: - Sony Online Entertainment) <==== ATTENTION
    GameTap Web Player (HKLM-x32\...\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1) (Version: - Metaboli)
    Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Gothic II - Gold Edition (HKLM-x32\...\Gothic II - Gold Edition) (Version: 2.7.0.1 - Nordic Games)
    Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
    Granny Crowd Scene 2.7.0.9 (HKLM-x32\...\Granny Crowd Scene_is1) (Version: 2.7.0.9 - RAD Game Tools, Inc.)
    Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
    Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
    Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
    Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
    Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
    Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
    Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
    Happy Cloud Client (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\HappyCloud) (Version: 1.374 - Happy Cloud, Inc.)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
    HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version: - Arrowhead Game Studios)
    Heroes of Might and Magic V (HKLM-x32\...\Heroes of Might and Magic V) (Version: 1.6 - Ubisoft)
    How to Survive 2 (HKLM\...\Steam App 360170) (Version: - EKO Software)
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
    Hulu Desktop (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
    IJC WeaponPack White V1 (HKLM-x32\...\IJC WeaponPack White V1) (Version: - )
    Inquisition Daemonhunt mod version 2.01 (HKLM-x32\...\{977DC62F-3A09-487C-BFED-E9585BB37178}_is1) (Version: 2.01 - Compiler/Thudmeizer's team)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation)
    Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
    iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
    Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    jZip (HKLM-x32\...\jZip) (Version: - Bandoo Media Inc.) <==== ATTENTION
    Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
    Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
    Max Payne 3 (HKLM\...\Steam App 204100) (Version: - Rockstar Studios)
    McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.179 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery Case Files &reg;: 13th Skull ™ Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull Collector's Edition) (Version: - )
    Mystery Case Files&reg;: Dire Grove™ Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove Collector's Edition) (Version: - )
    Mystery Case Files: Huntsville ™ (HKLM-x32\...\BFG-Mystery Case Files - Huntsville) (Version: - )
    Mystery Case Files: Madame Fate &reg; (HKLM-x32\...\BFG-Mystery Case Files - Madame Fate) (Version: - )
    Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
    Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
    Mystery Chronicles: Betrayals of Love (HKLM-x32\...\BFG-Mystery Chronicles - Betrayals of Love) (Version: - )
    Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.3.4 - Napster)
    Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
    Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
    NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
    NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
    Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
    Obsidian Conflict Beta 1.35 Full (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1) (Version: 1.35 - Obsidian Conflict Team)
    OccupationCS: Source (HKLM-x32\...\OccupationCS: Source) (Version: 3.4.1 - PGR Associates)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    PERRLA (HKLM-x32\...\{B21E3516-7AE3-4C9E-8B4C-B6F070783A6B}) (Version: 6.0.4 - PERRLA)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
    Psychonauts (HKLM-x32\...\Psychonauts) (Version: 1.1.500.0 - Double Fine)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
    PuppetShow: Lost Town Collector's Edition (HKLM-x32\...\BFG-PuppetShow - Lost Town Collector's Edition) (Version: - )
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)
    Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
    Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
    Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
    S.T.A.L.K.E.R. - Call of Chernobyl version 1.2 RELEASE (HKLM-x32\...\{C120D1EF-681D-4F5B-A557-12E5F125C723}_is1) (Version: 1.2 RELEASE - Team EPIC)
    S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
    S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
    S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version: - GSC Game World)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
    SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
    Smart Mod Manager (HKLM-x32\...\{98ED974C-09EC-4081-BF88-FA5645B41622}) (Version: 1.8.3.0 - Don Reba)
    Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
    Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios)
    Stalker Complete 2009 v1.4.3 (HKLM-x32\...\{Stalker Complete 2009 v1.4.3}}_is1) (Version: - )
    Stalker Complete 2009 v1.4.4 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Starbound (HKLM\...\Steam App 211820) (Version: - )
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Sven Co-op (HKLM-x32\...\Steam App 225840) (Version: - Sven Co-op Team)
    Sven Co-op 4.0B (HKLM-x32\...\SvenCoop) (Version: - )
    System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
    System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - )
    Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TERA (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\teraenmasse) (Version: - )
    The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)
    The Elder Scrolls IV: Oblivion (HKLM\...\Steam App 22330) (Version: - Bethesda Game Studios)
    The Nameless Mod (HKLM-x32\...\The Nameless Mod) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.3.4 - Electronic Arts)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
    The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.2.4 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.6.11 - Electronic Arts)
    Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment)
    Tom Clancys Ghost Recon Advanced Warfighter (HKLM-x32\...\Tom Clancys Ghost Recon Advanced Warfighter) (Version: 1.0 - Ubisoft)
    Tom Clancy's Splinter Cell: Chaos Theory (HKLM-x32\...\Steam App 13570) (Version: - Ubisoft Montreal)
    TSR Merlin (HKLM-x32\...\{773C485E-B148-45CB-BF38-84FC208D960A}) (Version: 1.0.1 - The Sims Resource)
    TSR RigFix (HKLM-x32\...\{EA511D3B-D0C8-4A18-ABDA-F8AFB2694D28}) (Version: 1.0.6 - The Sims Resource)
    Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - )
    Ultimate Apocalypse - THB Patch version 1.85.5 (HKLM-x32\...\{2D2D99BC-4565-4A97-85E9-4BFCFE95965A}_is1) (Version: 1.85.5 - Ultimate Apocalypse Mod Team)
    Ultimate Apocalypse - The Hunt Begins version 1.8.0 (HKLM-x32\...\{A21FAC0C-E2CD-4A79-A88F-4174EA62451A}_is1) (Version: 1.8.0 - Ultimate Apocalypse Mod Team)
    VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
    Viscera Cleanup Detail - ALPHA (HKLM\...\UDK-627b23de-7ffe-418f-9692-4fe8baf6e888) (Version: - RuneStorm)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)
    Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version: - Relic Entertainment)
    Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version: - Relic Entertainment)
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
    Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
    Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0079CF55-1EC9-4C51-8958-6E9F3DDA40C5} - System32\Tasks\{C83F2B23-60CF-46F9-8D5D-C90B13C3D170} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
    Task: {409A71F6-6533-46C3-8A56-5E14F578D7F2} - System32\Tasks\{B140E1BD-4059-481B-8AB1-C1F682357A62} => pcalua.exe -a "C:\Users\Kelsey\Downloads\crowd_scene_setup (2).exe" -d C:\Users\Kelsey\Desktop
    Task: {47764789-2E44-4546-BDAD-0FCDEA169CE8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
    Task: {82517EBF-EB53-45F7-833E-C369607C8674} - System32\Tasks\{ED0A020A-274B-4D70-98E7-EBE9B07FC7D6} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
    Task: {85B3628C-3925-4A69-AF3C-0B5033953FD7} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
    Task: {914D4537-8D64-444D-8994-4A8BD84B1223} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
    Task: {91B6B500-4251-4325-9D24-BE751A9E88AF} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {987EC6AB-0943-4C5E-BA9F-3E7A41E611EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {9B283C63-5427-4832-890E-6987A21FDB90} - System32\Tasks\{01C3DF33-577D-4A34-8374-2214AD1ED432} => C:\Users\Nick\fallout 3\Fallout3.exe
    Task: {9FED4ACB-90DE-45EF-8277-CABD257D7CD4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
    Task: {A13F95F5-C201-43FC-84AD-14FC756AC07A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-15] (Lavasoft )
    Task: {A36B1D97-74EF-4046-A1C8-585462E109F2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
    Task: {A4318D64-D449-4827-BE5D-0B6ACB2465E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
    Task: {B51341AF-6B04-44E5-BBA6-80BD35233D52} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {BB55DFF4-A582-4294-B5F2-7574CB10455B} - System32\Tasks\{68FFB1E9-01BA-4F55-805E-AF1270FF0740} => pcalua.exe -a "C:\Users\Kelsey\Downloads\crowd_scene_setup (1).exe" -d C:\Users\Kelsey\Desktop
    Task: {C057F990-BFF6-4FF7-9FEE-051386CEF8A9} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    Task: {C4A90ACB-745F-4358-BAAA-A9532B1EAF21} - System32\Tasks\{2FA9B3B9-A935-4515-9735-74BD4BEDD346} => pcalua.exe -a C:\Users\Nick\Downloads\svencoop48.exe -d C:\Users\Nick\Downloads
    Task: {DCA78A04-5298-43D5-A19F-644BCDA19DAC} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {E255C19C-102F-491D-BEFC-13322820B6FC} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
    Task: {ED41EAF8-9190-4CB2-8414-8C6B4F571E02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {EF90A250-8BEA-4FF9-A6F9-3C458D5C9B73} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
    Task: {F5FFBEBD-9D69-45C8-8F3F-D355852E0D61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
    Task: {F704933F-CB91-4B1F-B317-2CB5AE05FEA0} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
     

  3. to hide this advert.

  4. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Nameless Mod v1.0.4\TNM Website.lnk -> hxxp://thenamelessmod.com/

    ==================== Loaded Modules (Whitelisted) ==============

    2010-05-02 06:44 - 2015-02-10 18:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2010-05-02 06:44 - 2016-05-21 22:36 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
    2012-01-02 10:48 - 2015-04-08 17:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-02-04 11:53 - 2011-06-15 07:15 - 00429984 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
    2009-09-14 20:17 - 2009-09-14 20:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2010-02-04 11:53 - 2011-06-15 07:15 - 00271856 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
    2009-11-12 17:42 - 2009-10-02 17:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-04-13 19:56 - 2015-06-03 17:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [424]
    AlternateDataStreams: C:\ProgramData\Temp:4673E9EA [198]
    AlternateDataStreams: C:\ProgramData\Temp:54380FEC [233]
    AlternateDataStreams: C:\ProgramData\Temp:78E0DF72 [193]
    AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F [233]
    AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [300]
    AlternateDataStreams: C:\ProgramData\Temp:D31BE97C [212]
    AlternateDataStreams: C:\ProgramData\Temp:D6D084A5 [225]
    AlternateDataStreams: C:\ProgramData\Temp:FAFEC4B9 [166]
    AlternateDataStreams: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OccupationCS: Source Uninstaller.lnk [453]
    AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => " "= "Service "

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.exe: => <===== ATTENTION
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.scr: => <===== ATTENTION
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.bat: => <===== ATTENTION
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.com: => <===== ATTENTION
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.cmd: => <===== ATTENTION
    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.reg: => <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\sony.com -> sony.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
  5. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D0DB1ACB-91B9-469D-9F8E-5C99E0E80923}] => (Allow) C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
    FirewallRules: [{4ED9A4A9-904C-450E-82E6-E6450AF519AC}] => (Allow) C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
    FirewallRules: [{F05E758A-C433-4FCD-9633-A9F8D076D5E3}] => (Allow) LPort=3724
    FirewallRules: [{A65B1140-DE49-48B5-8A5C-D6AD969B8800}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
    FirewallRules: [{280CF673-B35B-46B9-AFA7-34DA97F7DCC7}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
    FirewallRules: [{3908F5DF-BF5D-4F10-B23C-03DA709941E9}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
    FirewallRules: [{33F5D442-A4B5-44F1-B37E-3F66BFFC9071}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
    FirewallRules: [{BEE793B5-4A34-428C-B8DE-48688533B08B}] => (Allow) C:\Program Files (x86)\CrossMediaExperience\xmx.exe
    FirewallRules: [{18816C15-8F8F-4165-855D-202278A249C2}] => (Allow) C:\Program Files (x86)\CrossMediaExperience\xmx.exe
    FirewallRules: [{9F1A34DC-8616-43C1-93E1-71E37DABA01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\help.htm
    FirewallRules: [{12085A7E-8E9D-4BE7-B975-80DC5AAA3CBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\help.htm
    FirewallRules: [{D750DD89-506C-48E5-824D-8A1CE76A8625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe
    FirewallRules: [{5E8A3117-8143-4AE1-805F-C5E45764F60F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe
    FirewallRules: [{70AFB4B0-3F2F-44DA-81CB-C748AA0F6641}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{556F3104-051C-403A-8634-4C6AD1491D4D}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{480BB5F4-B0D1-488A-9AAC-9571CC390510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [{2622C301-C8AF-4D95-B0FF-60F8202E0510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [TCP Query User{BF5D6499-2454-49BD-AB10-7ACCFE97D445}C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{05C62D13-222F-4D07-92D4-F930CB5068F9}C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe
    FirewallRules: [{3CD57521-8FAD-49A7-A000-7E0A28DD9069}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\half-life\hl.exe
    FirewallRules: [{06E76E82-5D2A-4C06-9F41-FBF77A0E290B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\half-life\hl.exe
    FirewallRules: [{AB509323-CB62-4151-8D48-AE41126B658D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
    FirewallRules: [{11B099FD-6225-4545-AEB6-032817C51B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
    FirewallRules: [{1D74B67E-B6C7-42DB-9783-1E15417C1187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{0A78DA43-FE6F-47E8-BEA3-CAD9D8683043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{72510DA8-FD5A-467F-8716-CFEE44A91AB4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{992D89A2-C864-4271-96DD-C47FEB42D626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BD1B6F44-DD8A-4B23-9D83-2428E35E0C81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{72CA4337-CA23-4714-A7C9-51CA283E9212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BCF93692-7EF5-4B06-887E-922C0010A4CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4542AC27-0162-44A4-BAC4-25CEF702BBBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\garry's mod beta\hl2.exe
    FirewallRules: [{7A3B1384-03EC-4DD1-8520-3AE0B67DF0C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\garry's mod beta\hl2.exe
    FirewallRules: [{E2DA8230-85AC-41DA-9FB7-F3F61762A7F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\help.htm
    FirewallRules: [{9B24EB9C-C7B0-4744-A303-019F22542797}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\help.htm
    FirewallRules: [{4CE53AD8-D67A-41C9-9431-C4DE27ABAFCC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{1119BF90-D654-4F36-A48A-130348AABFF3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{592A5E0D-E0A0-455D-B786-A9D558A18B80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{4B158443-BBAD-469E-9FA9-0C609B1B8AC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{8E72C7AB-EFE1-43F2-A29D-35CA8FC23330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
    FirewallRules: [{E1B75177-69CF-4A75-BF62-ED3DE6DF7B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
    FirewallRules: [{F196E2A9-D1B7-4937-9CE8-D2826D861BCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
    FirewallRules: [{9EAB9AF4-0022-4149-AF9A-E99559B1D33A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
    FirewallRules: [{396ADC59-21F3-4639-A487-7040C2F3278A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\dark messiah might and magic single player\mm.exe
    FirewallRules: [{999C58C7-5090-4819-9470-4AECDA85EE95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\dark messiah might and magic single player\mm.exe
    FirewallRules: [{C833E4DB-5D2C-4B92-BBC7-32FF2B591369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\Titan Quest.exe
    FirewallRules: [{6A4EC89C-2FC7-4285-A0AE-347AB603CE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\Titan Quest.exe
    FirewallRules: [{03A04B64-EF69-4ED1-A1DA-6E0DA323C7D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\Tqit.exe
    FirewallRules: [{22FFA2B1-70A2-4900-A501-52CCF2FF205E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\Tqit.exe
    FirewallRules: [{FC592804-0E8B-4048-A442-89881B6BE575}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage.exe
    FirewallRules: [{42D47821-ED51-4CB5-B225-90C96AEEFD38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage.exe
    FirewallRules: [{B3910BD4-FD0B-4A34-B61C-C9CBB45811C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage64.exe
    FirewallRules: [{F8093180-470E-4A28-8EF0-0AAA73DBC7BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage64.exe
    FirewallRules: [{04EA16EB-BBC9-4BE0-A43D-0E06F4897D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe
    FirewallRules: [{61C01E23-C252-405D-B2C2-A9E52BF0B0F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe
    FirewallRules: [{FA2EA71E-A7C7-4581-B9E9-313A1CB1BD42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne\maxpayne.exe
    FirewallRules: [{F5A6635D-42C1-484C-BF55-FADB8037FF37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne\maxpayne.exe
    FirewallRules: [{EA3FD777-5708-4AFA-AFC5-30A4105A67F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
    FirewallRules: [{1E976B12-3607-481C-9495-37B87EC585DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
    FirewallRules: [{114B9860-451B-4993-89E4-931B1EC25812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe
    FirewallRules: [{C9A86280-2DB6-4848-B236-E74393D1FBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe
    FirewallRules: [{82E9BCA4-86AD-436C-9B2E-755E7AA2ECB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\morrowind\Morrowind Launcher.exe
    FirewallRules: [{5BC94C6D-4D6A-4626-8ACC-1F55E0FD711C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\morrowind\Morrowind Launcher.exe
    FirewallRules: [{896039BC-1BD7-4789-970E-1D4CB2199D2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
    FirewallRules: [{254C38CD-E265-4AA0-9AAA-803A8FF5867E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
    FirewallRules: [{D70A02D3-CAD5-4BA9-AE6D-120CD7120AE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
    FirewallRules: [{6C4209AA-03F5-457A-B77F-30136758F6B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
    FirewallRules: [{E7E9CCA1-25C7-4AB7-83EF-EFC2D44FB36A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
    FirewallRules: [{21C1D6C0-E1A6-4425-89F3-94AB9E116DD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
    FirewallRules: [{12A66391-05EA-4232-921D-013C19DA81D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
    FirewallRules: [{D4D79072-712D-45E4-8F1E-123C0925D1C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
    FirewallRules: [{2D9908F9-1DF4-4A0F-9D5A-E5B09D73B297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe
    FirewallRules: [{9259A4AD-A68E-46EE-AD86-1AF284BB3E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe
    FirewallRules: [{95202FD9-ED75-493D-94B1-FBF11CB7AE22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mafia ii - public demo\launcher.exe
    FirewallRules: [{96150067-9E87-457B-84E1-4E9820EA42EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mafia ii - public demo\launcher.exe
    FirewallRules: [{A3BFF055-CAE8-4A95-B5E6-51AC3926C014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
    FirewallRules: [{796FB56A-1635-43F3-950F-C129EEDAF890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
    FirewallRules: [{17E85436-BFA4-4BB4-A35D-375E6C6440F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{619AD320-D3EA-4BB0-AF23-1AA1E5014758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
    FirewallRules: [{ADFDB24A-D3EA-4F48-A506-3309AE320B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
    FirewallRules: [{75173467-8586-4612-B635-635488A0CF2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
    FirewallRules: [{2DAB5032-E88E-4B8D-8EEB-BD75C445E551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper elite v2 demo\bin\SniperEliteV2Demo.exe
    FirewallRules: [{13D1D7D9-F497-4CFF-AF89-A58BDB81EA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper elite v2 demo\bin\SniperEliteV2Demo.exe
    FirewallRules: [{EF1157BD-6916-45C8-89C2-F393A26E0E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{78B94FFF-86B1-483F-88F3-AEC040E5BDE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
    FirewallRules: [{91EA458A-37D2-4D4C-8CB6-CF347BA6B81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
    FirewallRules: [{EEED9777-EC50-4459-9666-94303A77742C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
    FirewallRules: [{6F490CF7-D6A9-4E9A-8EEC-22A509549D38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
    FirewallRules: [{5841A5AA-DEF5-4AB3-84C8-5A8C7AB574C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
    FirewallRules: [{CDCDFE5A-6162-4669-816D-D647CA26AE58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [{671A2058-5558-4C83-943E-4887E18D5EFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [{C0F6C734-E337-4D8B-8400-017637E34F0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
    FirewallRules: [{E67885C0-38F0-4C82-AE6E-F9CD55758B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
    FirewallRules: [{769AAEB3-2E53-4E42-AEE6-E508F727E73B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{344A2CBE-FA4D-4DDC-8B2F-238279B7FA54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{94BA1B22-F80B-4F9F-87FA-3F9AD3460B60}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [UDP Query User{2818812A-8803-43CE-9726-350FFAA70594}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
    FirewallRules: [{4B131FAB-E1C8-4023-BAD4-0A061566E481}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
    FirewallRules: [{923D8E7E-2DD9-4A79-B154-057E3131E627}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
    FirewallRules: [{EB9829A8-C56C-4AD4-B941-B988F632C8EF}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
    FirewallRules: [{068934EF-CB50-41D1-8442-F15D41073E47}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
    FirewallRules: [{C7F091E8-F644-4D0C-8C66-4B60A2E715E0}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
    FirewallRules: [{7EC7C795-46FF-41BF-820F-D3CA301DCB51}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
    FirewallRules: [{F201C344-6219-4525-B3DC-B4A832EA315D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
    FirewallRules: [{46B066E5-DE15-4D2B-A947-F289A4BB37DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
    FirewallRules: [{7D2508A7-3F53-4FC6-B208-30E0DAC6EFCF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
    FirewallRules: [{14FE4FEF-231A-43FE-87A3-616FCC2EA037}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
    FirewallRules: [{58B1EC66-B155-40A4-A69F-D6FC79817696}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{C4361EBF-660C-4328-A267-A9A9B35C0FE5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{06026B6A-0E3B-4E65-BBCA-E753F222597B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\STALKER Clear Sky\bin\xrEngine.exe
    FirewallRules: [{91C14A22-DDD9-4612-93DC-9567A74403AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\STALKER Clear Sky\bin\xrEngine.exe
    FirewallRules: [{7243D927-71B0-49AD-89DC-594A28BC0CC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{2DC534DB-A958-4BEF-BA03-4CA4A9DD8E6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{76E72076-45BE-49CC-8621-12EA034797D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{FC96C6F4-71B6-45CD-A303-337837FEE9B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{E231CE0F-292A-499C-BE8E-D66F9B7C5DB9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{2872B452-FF2C-4F30-A960-41A74D8DF84C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\indynick\source sdk base 2007\hl2.exe
    FirewallRules: [{6DA4A325-0D65-40CD-BDC1-C70F35E2ABF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\indynick\source sdk base 2007\hl2.exe
    FirewallRules: [{A727D236-38C1-4B06-8CEC-792C935F7E3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
    FirewallRules: [{2241CF69-0B2A-43B0-AFD2-CA6AE3AD9A04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
    FirewallRules: [{4A1DE0B1-8C49-410A-ADB2-9BD157DC0F01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
    FirewallRules: [{2F0914BB-C392-4922-B8D6-FFD3001FB54F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
    FirewallRules: [{A84C9386-1C06-4AC9-A04B-322A44938592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
    FirewallRules: [{683B8A73-E3AC-4FDC-B2CC-485C3994348D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
    FirewallRules: [{27DA74F5-DD3A-44B6-852F-F00592DEAF92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{AD9EBC0F-FA4D-417B-AB5A-492047090CFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{3E231BF3-35D6-486B-BC70-7BCDA7721E41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SS2\Shock2.exe
    FirewallRules: [{F89FED1F-EF89-4628-B6DC-9A62D2E845D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SS2\Shock2.exe
    FirewallRules: [{CCD2F109-14AB-4D7D-9280-8BB65052B96E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{753B361E-672A-4A3D-BB82-3415270919AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{2659C925-67AB-4A5A-83B6-706311F796CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{5B073507-8482-4526-8955-61F704FF85CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{7874504F-72CF-46AB-9279-DADC04303CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{88BE10B9-5F74-415F-948A-5534E1554A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E3797168-0816-40F1-9406-727E3B412610}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{1A033BEF-928A-4924-908E-22CD7B968226}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{C317D880-EB32-4D2C-BC6D-882BDA1B8BEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{938FA492-BA09-4E37-8CC6-8A6E92E5A567}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{CDB3BC0A-0669-4077-BB96-B7C3D10D1112}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{0A73DE5F-5A52-413F-9254-9AE5183CE341}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{9FBB2E5D-F3D7-4327-A575-C7582B7BA5EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{835A73AD-6877-47CC-B5E7-1B1E0C1CA574}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{135B01A8-83E9-42DD-9774-6E73631CDD47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{8A1C52C4-A9FE-4CCB-8F06-E14C0FB0098E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{58044381-B7DC-4B85-A056-3D79162F0850}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{723E2B1A-1CE2-4D34-B439-1649C26A50C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
    FirewallRules: [{D8EDE52E-B599-423F-BD07-6B3EA8AE35DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{BE8106E1-20DF-4D6A-8471-E14E7E40B848}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{E08A604E-7F4D-4B0E-B8EA-1EE9E13101EE}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
    FirewallRules: [{96D1EC55-549C-4512-B846-C3513D4AA15D}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
    FirewallRules: [{DFA90102-FBFC-475E-BB1A-F592E089C380}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
    FirewallRules: [{57005762-A4D6-4E81-902B-1F2A786C5E74}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
    FirewallRules: [{F4A7CA9C-CEC5-487B-B4BF-2C93D4E449C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
    FirewallRules: [{E38BD450-ED8F-4406-BEFC-B1F0E30A3EFE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
    FirewallRules: [{A6A24E94-D145-4C90-A02D-0A039E2B52E2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{DBCB2C3D-B5D0-44FF-90F3-23C59A2FB12C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{D04578BE-9E93-4FBF-85E4-ED16875608C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{AED4041E-6E4E-4F47-994F-9F8178E57E25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{0719385E-CD95-40EA-B232-FD35D5E7F059}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{DD24DD91-E6E7-45E3-94F6-4F6E0D020673}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{1F478E8F-6A63-4032-9C9D-C6DE92799B42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{0280C693-1B08-4104-BF9D-A5DCB4A717C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{CCE3592E-8BEA-4D9F-B0B8-BE190392BB2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
    FirewallRules: [{28924BA2-D29F-47F9-AD97-358036FF6180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
    FirewallRules: [{72789B45-1901-49FF-BB17-CA0076CA1A81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{5A738D57-4F27-4EB6-9679-3498AC5E40B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{7B3608D3-8548-4DBD-9CA9-DE3F74C423AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
    FirewallRules: [{549CE913-B781-4E0E-A75F-B27754D369F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
    FirewallRules: [{4A505EE5-76EE-46B0-915A-9B9D2854B180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{5FF06BD9-D798-4CD9-BF0A-E1A03EA999FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{48E20251-0DBC-4A39-BBE3-E766B6BA2E0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
    FirewallRules: [{44E59DD0-80BC-4FC9-A377-05DE772C8F4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
    FirewallRules: [{0A0F17E3-B53C-4F0C-9B4C-674ECAC3DD4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{59ADE5BF-35BF-4816-917E-87F7C6B21DD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{34611671-ACA0-4581-959D-B9D0D5DC4ECF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
    FirewallRules: [{04225DA4-09E4-4826-AF70-1530533961ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
    FirewallRules: [{5CF2FFFF-56D0-4944-B3E2-2201C2109AA5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{1CDBD86E-378D-4359-A0B5-9B4E78D4A2DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{477E5422-D610-441C-8350-317A8303EAE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{7EA9744E-E046-4A10-A3B6-F0DADC26B746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{5180504C-A65E-4522-BAB1-619781AB32FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{678D2603-B16B-49BF-A4FE-000C2A04E11B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{34988798-7645-4CBD-9FB0-33FE00FEED55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
    FirewallRules: [{438B48A7-18A4-489C-8966-47BC2C3D2AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
    FirewallRules: [{6B5C5A8C-3EA3-4436-A736-6B3BED3869C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{1796D6D2-91D3-4A36-9C52-6393B2E765A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{29509BBC-6720-4559-8356-101127874D94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{7DBAE5DE-E0A9-4095-BE5F-F25AA3D5DE34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{8BAC2804-5E69-4D66-8630-2BA7DAEEA182}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [{982C5F10-4A1A-491E-A866-3FD65705C329}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [{A5ADD35F-FC47-46D4-91A3-832A0916F3BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{6D83D3AC-FF94-4A54-80F7-063E1575DEFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{99DA135C-325F-4D62-9DF2-8A3A8DD334A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{B9AC2BBD-9AE0-4525-8C59-829392CD45E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
    FirewallRules: [{FE48ADCE-ECA3-4BB2-A84A-FA994F8123F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{71D297B9-6DF4-4900-963B-9415336E10CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{E9BDE7AD-952A-4AEB-8618-F726AD40F52B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{1258948F-7A29-429B-A148-50F4EB569CC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{CF6B0422-1976-4E84-84AE-CA1606743253}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B4598A85-CB1D-48E8-B758-1ED0233A01BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A3C2A650-0C70-4F59-A27F-597760DE6C90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
    FirewallRules: [{7F0E2C18-3FB1-45EF-B026-717CA35F8BDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
    FirewallRules: [{B6CAEF80-BA10-410E-A809-8D028949E233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{736E20A1-171B-410B-A702-43944D523104}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{15A479F2-5240-44CD-B6FE-53DB6EAB0E5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{CC248D5F-5767-4E05-8B96-EA9AD0517293}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{C923A691-15F8-44D8-AB0C-F1AB1F5CC393}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{618583C9-C390-4FCE-A219-7CE886CBFF13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{9108CC62-2643-4723-AADB-D696F2D64715}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{7B955261-848D-4314-B9DB-971AAECDEC38}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [{C994F1B1-7C63-4E5D-B118-C336F764C5B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{EE711485-FDD6-428B-8282-95217DBA0961}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{652BE74B-BBF0-4BCC-858F-41C285092ED2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Receiver\Receiver.exe
    FirewallRules: [{F7483B27-6432-4B8F-B93F-2CA69C009D67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Receiver\Receiver.exe
    FirewallRules: [{D9F9508B-DD0A-417C-9B62-BBFCBFBC3E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EYE\EYE.exe
    FirewallRules: [{3E38DC58-9DF5-48AC-BB7E-2A8C260EE7A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EYE\EYE.exe
    FirewallRules: [{8CC1E0CA-87E4-4953-9BFF-E44BED796C6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{39FE26A9-28F4-47A8-BFDF-9942B7C0B08A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{6EE9F6CB-D2AD-427D-8B59-D56211B2F250}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{CCD49311-B21E-4B49-A509-ACF0088BA4D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{97EC4E83-3217-4B6A-B6D7-E3B9497B37D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{B121AF6A-1173-4EB9-AA04-13F75A03910D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{4C928DBA-2A46-4A1F-A037-C2C626D442C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
    FirewallRules: [{CEE8AD3F-7CDB-485D-928D-3BD6860495F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
    FirewallRules: [{F88134F5-539B-4EE4-AB8A-66640100AD19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
    FirewallRules: [{5A1715A1-2D78-4FC8-B248-BADFDF657C04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
    FirewallRules: [{ADEE540D-A113-4FE4-B739-927887EA394E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
    FirewallRules: [{07BD04ED-B9E3-41F9-9514-0071A1A60893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
    FirewallRules: [{999F8B30-6CF1-4389-9FC3-6FA5B148E1EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{66BBED6B-C6FB-44B0-BA53-76A16DA9A62C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{6ABA22A9-C32E-427A-813C-25C5C6706C47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{AB5198A4-C943-477A-8F7F-8CC5AF9C08DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A7FA8DFB-5FA4-4FE6-A7A6-866CFC9BA19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{9CDF7A98-FFDB-49EC-B462-4AF90A164A15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{B4980948-144B-4E01-A9E7-88FE9FAEEC39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arx Fatalis\arx.exe
    FirewallRules: [{5FA38A1C-3696-4B83-8E58-A1C63AE910E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arx Fatalis\arx.exe
    FirewallRules: [{98E9112E-C2F4-4D83-A22E-A243F759D11D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{7694C803-0B79-448C-AB2B-35F55472ED94}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{43B57911-39C0-4E35-8F50-6CA3021A519D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
    FirewallRules: [{A5BB2283-F756-417E-9EF7-157641FE2BC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
    FirewallRules: [{56788751-2485-4A07-A6A8-C004E227674D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
    FirewallRules: [{8AB5CD24-43FF-4F4A-8F89-D2890620AA81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
    FirewallRules: [{C9350A76-14F3-4963-91A5-76484604A026}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
    FirewallRules: [{6B220CA3-ADF4-4EDD-9517-7891E8E6FCB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
    FirewallRules: [{E192DCF3-B7ED-4D41-9011-4D2D084B4E94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
    FirewallRules: [{D66906F5-9955-4E07-9366-75961C9D6393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
    FirewallRules: [{EA300849-4ED5-4233-97A7-CD497441C5CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{A9043AF8-DA23-41F6-B088-CD17668C0291}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{7FC2CC04-51EC-48B6-B3E5-A3EEEF9F811A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
    FirewallRules: [{72A0BC58-CE44-4629-AACF-E2BF3CF5DD05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
    FirewallRules: [{E43BA507-D4FC-4BBA-A019-CC909EB775E0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{39AF5924-0005-491D-A874-7AE51B7E0039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{CBFD6C4D-5514-476A-A161-8D7D40DCE08D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{D89D361D-D5A6-40EC-898A-89575488BDA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
    FirewallRules: [{649FD969-7FEA-42DB-B7D2-89DE2BCB1762}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
    FirewallRules: [{EB7948EA-D1AB-46E3-96E4-7191C3B2A9AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Splintercell Chaos Theory\System\splintercell3.exe
    FirewallRules: [{5C2272AB-FC78-4A78-9348-0AA0405CEC72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Splintercell Chaos Theory\System\splintercell3.exe
    FirewallRules: [{E0303CAD-6FC6-4C02-BBFD-67592E73B948}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E31A4EF0-180B-43B7-AA10-D0A31C74EE05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{56717916-FF97-4121-80BF-3D1D890870D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{454A3148-1CEF-4B96-949A-CACB0135C153}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{8CAD6081-3161-41C2-92E8-E6E3F8108D29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{71860B79-E6E5-4EC4-BD2A-D400FBEF57AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [TCP Query User{C594469D-EF13-4C4E-9095-778177AD5C2D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{6D133457-AEB6-464D-93F0-685EDDA6010D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [{2BC61FC1-97C4-4FD5-BD27-1909D66C13CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{98B96759-EB5E-4892-8155-D57816EFEB1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{B92F3765-87F2-4E03-BE9F-E1D3F0E8180A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{B7AD2015-2DB6-46B2-9212-B04B686855B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{FEC571DA-1492-4C5F-97CE-3810F4983776}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{8F6F6781-B5BD-492E-AE6A-250A601FECE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{D7549441-7718-43A5-94C6-AC324C829FA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x64\helldivers.exe
    FirewallRules: [{E1F79413-1A60-4052-BC5F-E4924E1FFBA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x64\helldivers.exe
    FirewallRules: [{05383E63-7AB6-4190-B9D0-0D3D4F3E29B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x86\helldivers.exe
    FirewallRules: [{2F398DCE-9872-464A-B73C-D556E2CD8E4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x86\helldivers.exe
    FirewallRules: [{71785C9F-3FDB-409D-BB4D-2920776BE622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
    FirewallRules: [{5231ED78-A73B-4639-8F47-7BDF526AAC21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
    FirewallRules: [{60835F99-D8C3-4ECD-A054-45CCC86031B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe
    FirewallRules: [{0947E7A1-74D1-4E07-BCE5-B5085E70E6C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe
    FirewallRules: [{81E081F5-3C79-4549-B986-E69A0762CA95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe
    FirewallRules: [{BDD5FDFB-EEDA-4062-8A12-2EF151955BA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe
    FirewallRules: [{BC2A64A9-EB30-45E7-98D7-CD95E521A850}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
    FirewallRules: [{1B5F29D1-81D3-469C-900C-8F95492902AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
    FirewallRules: [{CC2B2B9D-CB49-40B6-9410-4A3BB12729A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svencoop.exe
    FirewallRules: [{6255ABC5-2BDE-4580-A413-BB050D2C7A01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svencoop.exe
    FirewallRules: [{C7AE28D5-D20B-481B-87C1-F44831912D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
    FirewallRules: [{4B41AD48-8CFC-4B49-8ACA-7C49A880BB78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
    FirewallRules: [{08F96370-8DFC-466A-BC2C-67BFEC6A1DD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
    FirewallRules: [{7742B2C0-08F2-4D4C-BEE0-A791002227BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
    FirewallRules: [{7181AE6C-F678-41E0-BBAC-C18E50F39590}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
    FirewallRules: [{8F0DD4C9-3A8F-4E2C-BBF1-43CD8628E1CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
    FirewallRules: [{C51C98E6-8398-4825-B4F6-49B7202289BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{7D6AEBED-C956-44F0-A03F-C55C76DCAC05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{4E31E773-5608-4CA8-B03F-ADC1DDD782FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{3488D9FF-DDEE-4730-B75B-064B4FAE290D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{8F908467-79EC-4B71-8A31-05F1B9234C8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{AF81D881-2180-4F55-9127-937C8CD21758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
    FirewallRules: [{46225646-98DB-4E7F-904A-F54BC302A940}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{281E72A2-097A-4034-9545-A60E33E273F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{F93EA77F-457A-4FA2-B8B1-90C06A428AB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
    FirewallRules: [{CEB02A61-39D0-4C5C-BAAC-8FC25F7E38EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
    FirewallRules: [{F55332FC-CB3B-414E-8EAD-CCC32D52EE39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{F6C47697-7FF9-419D-8B71-C883FF153D87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
    FirewallRules: [{D29FFE9B-2C0E-40C8-A06D-838F01976B28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{DC1E7AAD-6ADD-4EE4-A0BE-C5359274D8A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{DA546CD4-93BF-44A0-9377-3AED7A5B418B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{EEBA6E4A-4F48-4027-B4D7-0BB1624A9AD6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{98615DBE-7F38-4F97-8116-8FD9B36A0EE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{AB0380D0-C9DD-43E7-87C8-7D53C8F0B897}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{D639E4CF-6279-41A1-B1EE-D803AA36B77A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [{78AC3A49-03E3-49B4-90BD-EF185C977C14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [{F43735FD-E3D6-4728-9536-F8E5A220FDAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
    FirewallRules: [{A1AB2205-5A64-4498-AC66-649D427B95CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
    FirewallRules: [{6A370936-4481-4E18-9F95-CEBC428E52B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{B4765CA0-F441-4862-B9BB-E43047DEDF31}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{D01D58C2-FFD5-49E6-BECB-4E0486A523C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{F3F028E0-8F59-45E7-A7EE-2AC9ED6C4FBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{456FC887-B4A7-44C2-82A0-48DD31031328}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{6AE64140-A83C-4F17-B286-21E72422E5ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{D56855DF-85B7-45DA-82FE-4AB362ACE38C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
    FirewallRules: [{93D53BB5-FEC0-4176-AB44-E37627B8DB3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
    FirewallRules: [{31E8961A-BC78-40B2-AB30-20149A01604E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
    FirewallRules: [{32BD30FB-AFD4-427A-BF24-BD64F1ED2CBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
    FirewallRules: [{DF17E2DB-5346-4D54-A5E7-27AFF338FA65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svends.exe
    FirewallRules: [{EC6C3FF4-3E50-42C9-BB53-97F2AB96DF4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svends.exe
    FirewallRules: [{C75ADB3B-AD0D-43BC-8583-1AD248E44FED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
    FirewallRules: [{EA8A453C-E404-4174-A4EC-49D03E4B4448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
    FirewallRules: [{3212F0DE-5A3E-4430-A7ED-5E717CF153DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{A9CC57C2-DAE0-4AAA-9B83-BA2D7B8D3156}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{C1E0C3B5-436F-426F-B863-2F04DE73369B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{9E02F605-5DC2-4856-B5A7-0C52DF1AFC2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{30A11FDC-422D-44B0-BA1D-3429A7BC154C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
    FirewallRules: [{174EB87D-F048-4443-9A1A-65CC5E230199}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
    FirewallRules: [{1B63D3FA-CA48-4AB5-AFA7-AE1EE333721B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\HowToSurvive2.exe
    FirewallRules: [{ED48E666-ECE7-4070-87BC-04E2CD012DE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\HowToSurvive2.exe
    FirewallRules: [{9C91AEA7-5C2F-4B5E-B1D7-7506DD59D204}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\Detect.exe
    FirewallRules: [{B66E4F94-3617-4248-A3DF-F828BE70A606}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\Detect.exe
    FirewallRules: [{4A79F363-3F1C-4492-BC07-FFF435093A5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
    FirewallRules: [{E550AADD-CD34-4440-8FE1-DAAE0DCD1F1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
    FirewallRules: [{3963080B-AE60-43A8-86E5-6BD0A675999B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
    FirewallRules: [{6211A0F1-E1B7-4A69-A9E9-53A88962B813}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
    FirewallRules: [{B62D6EEC-2EE4-425E-A8AD-4C41B2154F22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
    FirewallRules: [{8A59C96C-E714-470B-8B15-49B0C11CAF07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
    FirewallRules: [{85847CA7-3F72-4EC0-80AB-5882FF051024}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalry_ded_server\Binaries\Win32\UDK.exe
    FirewallRules: [{2188FC28-1D26-4830-8E1E-4CC2FB3C6342}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalry_ded_server\Binaries\Win32\UDK.exe
    FirewallRules: [{895BD0CE-A7F5-4022-9648-718090D1AC19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
    FirewallRules: [{3C3E7780-D4CD-406C-A455-1A7EC9393B29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
    FirewallRules: [{C4728D3B-4EF4-49D3-BFF3-D235992D277F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
  6. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    ==================== Restore Points =========================

    09-10-2016 21:32:25 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
    Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros Communications Inc.
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Name: Cisco Systems VPN Adapter for 64-bit Windows
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: CVirtA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/25/2016 03:54:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 19bc

    Start Time: 01d22ef8f4ac92d4

    Termination Time: 0

    Application Path: C:\Users\Nick\Downloads\FRST64.exe

    Report Id: add42d5b-9aec-11e6-8834-40618693bc3c

    Error: (10/23/2016 05:14:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7987

    Error: (10/23/2016 05:14:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7987

    Error: (10/23/2016 05:14:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/23/2016 05:14:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6989

    Error: (10/23/2016 05:14:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6989

    Error: (10/23/2016 05:14:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/23/2016 05:14:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5991

    Error: (10/23/2016 05:14:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5991

    Error: (10/23/2016 05:14:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (10/22/2016 04:56:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (10/22/2016 04:56:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (10/21/2016 04:06:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (10/21/2016 04:06:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (10/21/2016 03:59:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X4HSX32 service failed to start due to the following error:
    This driver has been blocked from loading

    Error: (10/21/2016 03:59:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (10/21/2016 03:58:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (10/21/2016 03:55:46 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:58:30 PM on ‎10/‎20/‎2016 was unexpected.

    Error: (10/19/2016 02:13:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Platform Services service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (10/19/2016 02:13:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-10-21 15:59:49.324
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-10-21 15:59:49.230
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-21 11:33:52.842
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-21 11:33:52.748
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-14 17:47:04.808
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-14 17:47:04.683
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-06 19:36:18.145
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-06 19:36:18.051
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-02 03:15:40.632
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-09-02 03:15:40.539
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
    Percentage of memory in use: 39%
    Total physical RAM: 8151.08 MB
    Available physical RAM: 4956.53 MB
    Total Virtual: 16300.36 MB
    Available Virtual: 12593.95 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:920.31 GB) (Free:64.15 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.1 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Expansion) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. 2016/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported ".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Adlice Software

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Nick [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 10/25/2016 23:28:54 (Duration : 01:00:23)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 104 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E677C7AD-2B66-4539-AA29-3771A1CFEDA9} (C:\Program Files (x86)\jZip\jZipShell64x.dll) -> Deleted
    [PUP] (X64) HKEY_CLASSES_ROOT\jZip.file -> Deleted
    [PUP] (X64) HKEY_CLASSES_ROOT\Toolbar -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\jZip -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\jZip -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\jZip -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1 -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CE53AD8-D67A-41C9-9431-C4DE27ABAFCC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1119BF90-D654-4F36-A48A-130348AABFF3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EB9829A8-C56C-4AD4-B941-B988F632C8EF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [7] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {068934EF-CB50-41D1-8442-F15D41073E47} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [7] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F201C344-6219-4525-B3DC-B4A832EA315D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe|Name=Blizzard Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {46B066E5-DE15-4D2B-A947-F289A4BB37DE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe|Name=Blizzard Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D2508A7-3F53-4FC6-B208-30E0DAC6EFCF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14FE4FEF-231A-43FE-87A3-616FCC2EA037} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7243D927-71B0-49AD-89DC-594A28BC0CC8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2DC534DB-A958-4BEF-BA03-4CA4A9DD8E6E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4A1DE0B1-8C49-410A-ADB2-9BD157DC0F01} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2F0914BB-C392-4922-B8D6-FFD3001FB54F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D8EDE52E-B599-423F-BD07-6B3EA8AE35DC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BE8106E1-20DF-4D6A-8471-E14E7E40B848} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F4A7CA9C-CEC5-487B-B4BF-2C93D4E449C3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E38BD450-ED8F-4406-BEFC-B1F0E30A3EFE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D04578BE-9E93-4FBF-85E4-ED16875608C4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AED4041E-6E4E-4F47-994F-9F8178E57E25} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7B3608D3-8548-4DBD-9CA9-DE3F74C423AD} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {549CE913-B781-4E0E-A75F-B27754D369F5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4A505EE5-76EE-46B0-915A-9B9D2854B180} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FF06BD9-D798-4CD9-BF0A-E1A03EA999FD} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0A0F17E3-B53C-4F0C-9B4C-674ECAC3DD4F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59ADE5BF-35BF-4816-917E-87F7C6B21DD4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5ADD35F-FC47-46D4-91A3-832A0916F3BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D83D3AC-FF94-4A54-80F7-063E1575DEFA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FE48ADCE-ECA3-4BB2-A84A-FA994F8123F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {71D297B9-6DF4-4900-963B-9415336E10CB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E9BDE7AD-952A-4AEB-8618-F726AD40F52B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1258948F-7A29-429B-A148-50F4EB569CC8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B6CAEF80-BA10-410E-A809-8D028949E233} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {736E20A1-171B-410B-A702-43944D523104} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15A479F2-5240-44CD-B6FE-53DB6EAB0E5D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CC248D5F-5767-4E05-8B96-EA9AD0517293} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C923A691-15F8-44D8-AB0C-F1AB1F5CC393} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {618583C9-C390-4FCE-A219-7CE886CBFF13} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C994F1B1-7C63-4E5D-B118-C336F764C5B3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE711485-FDD6-428B-8282-95217DBA0961} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8CC1E0CA-87E4-4953-9BFF-E44BED796C6C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39FE26A9-28F4-47A8-BFDF-9942B7C0B08A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EE9F6CB-D2AD-427D-8B59-D56211B2F250} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CCD49311-B21E-4B49-A509-ACF0088BA4D6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {97EC4E83-3217-4B6A-B6D7-E3B9497B37D7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B121AF6A-1173-4EB9-AA04-13F75A03910D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {999F8B30-6CF1-4389-9FC3-6FA5B148E1EB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {66BBED6B-C6FB-44B0-BA53-76A16DA9A62C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A7FA8DFB-5FA4-4FE6-A7A6-866CFC9BA19C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9CDF7A98-FFDB-49EC-B462-4AF90A164A15} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4CE53AD8-D67A-41C9-9431-C4DE27ABAFCC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1119BF90-D654-4F36-A48A-130348AABFF3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EB9829A8-C56C-4AD4-B941-B988F632C8EF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [7] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {068934EF-CB50-41D1-8442-F15D41073E47} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe|Name=TERA| [7] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F201C344-6219-4525-B3DC-B4A832EA315D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe|Name=Blizzard Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {46B066E5-DE15-4D2B-A947-F289A4BB37DE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe|Name=Blizzard Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D2508A7-3F53-4FC6-B208-30E0DAC6EFCF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14FE4FEF-231A-43FE-87A3-616FCC2EA037} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7243D927-71B0-49AD-89DC-594A28BC0CC8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2DC534DB-A958-4BEF-BA03-4CA4A9DD8E6E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4A1DE0B1-8C49-410A-ADB2-9BD157DC0F01} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2F0914BB-C392-4922-B8D6-FFD3001FB54F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D8EDE52E-B599-423F-BD07-6B3EA8AE35DC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BE8106E1-20DF-4D6A-8471-E14E7E40B848} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F4A7CA9C-CEC5-487B-B4BF-2C93D4E449C3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E38BD450-ED8F-4406-BEFC-B1F0E30A3EFE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D04578BE-9E93-4FBF-85E4-ED16875608C4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AED4041E-6E4E-4F47-994F-9F8178E57E25} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7B3608D3-8548-4DBD-9CA9-DE3F74C423AD} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {549CE913-B781-4E0E-A75F-B27754D369F5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4A505EE5-76EE-46B0-915A-9B9D2854B180} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5FF06BD9-D798-4CD9-BF0A-E1A03EA999FD} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0A0F17E3-B53C-4F0C-9B4C-674ECAC3DD4F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59ADE5BF-35BF-4816-917E-87F7C6B21DD4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5ADD35F-FC47-46D4-91A3-832A0916F3BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D83D3AC-FF94-4A54-80F7-063E1575DEFA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FE48ADCE-ECA3-4BB2-A84A-FA994F8123F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {71D297B9-6DF4-4900-963B-9415336E10CB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E9BDE7AD-952A-4AEB-8618-F726AD40F52B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1258948F-7A29-429B-A148-50F4EB569CC8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B6CAEF80-BA10-410E-A809-8D028949E233} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {736E20A1-171B-410B-A702-43944D523104} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {15A479F2-5240-44CD-B6FE-53DB6EAB0E5D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CC248D5F-5767-4E05-8B96-EA9AD0517293} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C923A691-15F8-44D8-AB0C-F1AB1F5CC393} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {618583C9-C390-4FCE-A219-7CE886CBFF13} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C994F1B1-7C63-4E5D-B118-C336F764C5B3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE711485-FDD6-428B-8282-95217DBA0961} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8CC1E0CA-87E4-4953-9BFF-E44BED796C6C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {39FE26A9-28F4-47A8-BFDF-9942B7C0B08A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EE9F6CB-D2AD-427D-8B59-D56211B2F250} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CCD49311-B21E-4B49-A509-ACF0088BA4D6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {97EC4E83-3217-4B6A-B6D7-E3B9497B37D7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B121AF6A-1173-4EB9-AA04-13F75A03910D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {999F8B30-6CF1-4389-9FC3-6FA5B148E1EB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {66BBED6B-C6FB-44B0-BA53-76A16DA9A62C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A7FA8DFB-5FA4-4FE6-A7A6-866CFC9BA19C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9CDF7A98-FFDB-49EC-B462-4AF90A164A15} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe|Name=Battle.net Update Agent| [x] -> Not selected
     
  9. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 7 ¤¤¤
    [PUP][File] C:\Users\Public\Desktop\jZip.lnk [LNK@] C:\PROGRA~2\jZip\jZip.exe -> Deleted
    [PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk -> Deleted
    [PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip\jZip.lnk -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip\License Agreement.lnk -> Deleted
    [PUP][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip\Uninstall jZip.lnk -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Coupons -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Coupons.ico -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\CouponsDotCom.url -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG1.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG2.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG3.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG4.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG5.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG6.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG7.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\IRIMG8.JPG -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\uninstall.dat -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Coupons\Uninstall -> Deleted
    [PUP][File] C:\Program Files (x86)\Coupons\uninstall.exe -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\3rdPartyLicenses.txt -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\AppLoader2K.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\audio.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\AX32.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\core.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\EEL.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\errorMessages.config -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\freetype6.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\GameTapPlayer.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\gtinst.bin -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\gtsniff.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\GTUtilPost.config -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\GT_green.ico -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\hlbusiness.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\hldatasvc.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\hlplayer.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\hwswchecker\oneSniffers.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\hwswchecker\reSniffers.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\bin\release\hwswchecker -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\icudt28l.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\icuuc28.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\ieblaster.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\issue.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\libpng.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\local.config -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\local.config.old -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\Log.config -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\msvcp71.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\msvcr71.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\NativeGamePlayer.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\RegComSrv.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\tgninput.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\VDErrorCodes.ini -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\VDL.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\VDLConfig.ini -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\X4.sys -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\xerces-c_2_5_0.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\YBroker.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\YPlayer.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\zlib.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\bin\release\zlib1.dll -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\bin\release -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\bin -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\fonts\MYSEMED.otf -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\fonts -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\forms\EmuControllerMapForm.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\forms\EmuPauseForm.xml -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\forms -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiDefaults.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiDefaults.xsd -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiImages.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiImages.xsd -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiSkins.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\GuiSkins.xsd -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\ControlsForPlayer1.png -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\ControlsForPlayer2.png -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\ControlsForPlayer3.png -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\ControlsForPlayer4.png -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\DC_SAT_Pause.png -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images\skins.png -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins\images -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core\skins -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data\core -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl\data -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local\assets_hl -> Deleted
    [PUP][Folder] C:\Program Files (x86)\GameTap Web Player\local -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\unins000.dat -> Deleted
    [PUP][File] C:\Program Files (x86)\GameTap Web Player\unins000.exe -> Deleted
    [PUP][Folder] C:\Program Files (x86)\jZip -> Removed at reboot [91]
    [PUP][File] C:\Program Files (x86)\jZip\7z.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\Archive created by free jZip.url -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\change.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\CoreArchiver.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\INSTALL.LOG -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\jZip.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\jZipShell.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\jZipShell64x.dll -> Removed at reboot [5]
    [PUP][File] C:\Program Files (x86)\jZip\license.rtf -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\ResourcesLOC.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\jZip\UNWISE.EXE -> Deleted
    [PUP][Folder] C:\Program Files (x86)\ShopAtHome -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\basis.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\ClearHist.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\HttpHandle302.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\icons.bmp -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\IE8GuardWorkaround.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\logo.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\Merchants.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\Prefs.xml -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-alert.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-clearsearch.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-comment.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-contests.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-freecoupons.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-freesamples.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-go.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-grocerycoupons.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-information.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-mysah.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-options.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\sahtb-restaurant.png -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\SAH_favicon.ico -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\ShopAtHomeUninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\TbCommonUtils.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\tbcore3U.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\tbhelper.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\TbHelper2.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\update.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\ShopAtHome\version.txt -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] mudgm60c.default-1350819548716 : user_pref( "browser.startup.homepage ", "Facepunch "); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++
    --- User ---
    [MBR] 71ef9219b7071557bfeff911f8122082
    [BSP] 2294c5431baf6e3a0e2d1e5dbd66ee23 : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 942399 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1930240000 | Size: 11368 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  10. 2016/10/25
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Working on the rest.
     
  11. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Oh and before i come to that bridge how do i exactly "Shut down your protection software now to avoid potential conflicts." for the junkware remover?
     
  12. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/26/2016
    Scan Time: 12:45 AM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.10.26.02
    Rootkit Database: v2016.09.26.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Nick

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 536985
    Time Elapsed: 41 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  13. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    # AdwCleaner v6.030 - Logfile created 26/10/2016 at 01:36:17
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-25.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Nick - UPSTAIRSBED
    # Running from : C:\Users\Nick\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Katie\Desktop\ppt
    [-] Folder deleted: C:\Users\Kelsey\AppData\Local\jZip
    [-] Folder deleted: C:\Users\Nick\AppData\Local\Temp\jZip


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Katie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [-] File deleted: C:\Users\Emily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [-] File deleted: C:\Users\Kelsey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [-] File deleted: C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [-] File deleted: C:\Users\DanM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [-] File deleted: C:\Users\Public\Desktop\eBay.lnk
    [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe
    [-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
    [-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3ED98568-A949-49CB-8ED0-3A703F6D4166}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{672B1330-7E4A-4D61-BE04-E2A132F04E1E}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{94047607-3841-4CE6-AE4D-14FF23AF9458}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\jZip
    [-] Key deleted: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\SearchScopes\{D4B45EAA-4147-471B-B2C3-86663FDDE85A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D4B45EAA-4147-471B-B2C3-86663FDDE85A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4B45EAA-4147-471B-B2C3-86663FDDE85A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D4B45EAA-4147-471B-B2C3-86663FDDE85A}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4B45EAA-4147-471B-B2C3-86663FDDE85A}
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip
    [-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [jZip]


    ***** [ Web browsers ] *****

    [-] [C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\DanM\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\DanM\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\DanM\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5306 Bytes] - [26/10/2016 01:36:17]
    C:\AdwCleaner\AdwCleaner[S0].txt - [5218 Bytes] - [26/10/2016 01:34:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5452 Bytes] ##########
     
  14. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Alright so how do i disable my protection software?
     
  15. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    also after restarting, for just a while my windows firewall and Mcafee are turned off.
     
  16. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Well i'm off for now going to bed, see you soon i hope.
     
  17. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Failed to delete: C:\Program Files (x86)\norton safe web lite (Folder)
    Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll (File)
    Successfully deleted: C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll (File)
    Successfully deleted: C:\Windows\couponprinter.ocx (File)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F9R1ARY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EUC68X1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ECLCSEX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INGL1V65 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MI7ZZ62E (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNR4IDJ6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOQMNZKE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWN7TAYL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3MW30A7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5JVSXCL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFO8CF9T (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI14DNYB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2Q50F7S (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD5UZFI5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODR2GDUS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFBRF4NZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQF4T1BB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUMYW0MW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P01QQYST (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0E7V7CS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1BRB6ZA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P25FJQ2N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P861VMI3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBNXRU03 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHV138PJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJBX3FLS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMTTJQUR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRQIUJ21 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYM8DCD5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZ935S37 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZWLII6L (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3CN54JE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLZZ7VCJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUCHFN23 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYLCJDQH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDZOX03S (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHIU2S1S (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI8WYDBQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM0FQTXA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2HBRUOW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3WNHQAQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7XGD0SQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBNDACZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWB69S41 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T24FCPLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T33FXCPR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4OZ3O6Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8F51NAM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAW7006Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLQPK5J6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ3AWQ3H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTX0516P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXIU43Q8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3GBJ9Q8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U984PEMR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDSB1NU6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHLC1CVN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJPNPFZN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7JVETAA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V89D06I8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYEGJJN7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0IFA257 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0MDA1S3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9B2TKNO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGLLXBK3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6U4HPNC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGAWE17A (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMDZX2RA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XN2738LM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOSVP3RS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPBREI1O (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQ1XGFPP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4Y6X0K8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5P1E01C (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6AUEZJ0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7STWNXE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXM3DX81 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z078V007 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7BX6P4V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPJBOUHO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU1IGH83 (Temporary Internet Files Folder)
     
  18. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F9R1ARY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EUC68X1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ECLCSEX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INGL1V65 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MI7ZZ62E (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNR4IDJ6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOQMNZKE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWN7TAYL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3MW30A7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5JVSXCL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFO8CF9T (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NI14DNYB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2Q50F7S (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD5UZFI5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODR2GDUS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFBRF4NZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQF4T1BB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUMYW0MW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P01QQYST (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0E7V7CS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1BRB6ZA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P25FJQ2N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P861VMI3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBNXRU03 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHV138PJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJBX3FLS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMTTJQUR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRQIUJ21 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYM8DCD5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZ935S37 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZWLII6L (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3CN54JE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLZZ7VCJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUCHFN23 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYLCJDQH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDZOX03S (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHIU2S1S (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RI8WYDBQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM0FQTXA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2HBRUOW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3WNHQAQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7XGD0SQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBNDACZE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWB69S41 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T24FCPLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T33FXCPR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4OZ3O6Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8F51NAM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAW7006Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLQPK5J6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ3AWQ3H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTX0516P (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXIU43Q8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3GBJ9Q8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U984PEMR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDSB1NU6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHLC1CVN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJPNPFZN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7JVETAA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V89D06I8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYEGJJN7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0IFA257 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0MDA1S3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9B2TKNO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGLLXBK3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6U4HPNC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGAWE17A (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMDZX2RA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XN2738LM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOSVP3RS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPBREI1O (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQ1XGFPP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4Y6X0K8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5P1E01C (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6AUEZJ0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7STWNXE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXM3DX81 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z078V007 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7BX6P4V (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPJBOUHO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU1IGH83 (Temporary Internet Files Folder)



    Registry: 3

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 10/26/2016 at 15:58:39.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    Still hearing the clicking now and then, also JRT failed to ping the update server.
     
  20. 2016/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: Metadefender Endpoint Management
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: Downloading RKill
    iExplore.exe (renamed rKill.exe): Downloading RKill

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  21. 2016/10/26
    indynick

    indynick Member Thread Starter

    Joined:
    2016/10/25
    Messages:
    39
    Likes Received:
    0
    ComboFix 16-10-23.01 - Nick 10/26/2016 21:59:56.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5426 [GMT -4:00]
    Running from: c:\users\Nick\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    C:\install.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\windows\msdownld.tmp
    c:\windows\SysWow64\SET8CE2.tmp
    c:\windows\SysWow64\SET91F7.tmp
    c:\windows\SysWow64\SET97D4.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-09-27 to 2016-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2016-10-27 02:13 . 2016-10-27 02:13 -------- d-----w- c:\users\Kelsey\AppData\Local\temp
    2016-10-26 05:30 . 2016-10-26 05:36 -------- d-----w- C:\AdwCleaner
    2016-10-26 04:37 . 2016-10-27 01:52 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-10-26 04:37 . 2016-10-26 04:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-10-26 04:37 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-10-26 04:37 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-10-26 04:37 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-10-26 03:28 . 2016-10-26 03:28 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-10-26 03:27 . 2016-10-26 03:28 -------- d-----w- c:\program files\RogueKiller
    2016-10-26 03:27 . 2016-10-26 03:27 -------- d-----w- c:\programdata\RogueKiller
    2016-10-25 19:49 . 2016-10-25 19:59 -------- d-----w- C:\FRST
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-10-26 20:01 . 2012-04-02 20:21 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-10-26 20:01 . 2011-05-18 20:27 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-08-02 05:03 . 2015-08-13 17:04 216704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2016-08-01 22:26 . 2016-08-01 22:26 519456 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2016-08-01 22:26 . 2016-08-01 22:26 22312 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2016-08-01 22:26 . 2016-08-01 22:26 100136 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR "= "c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    "Skype "= "c:\program files (x86)\Skype\Phone\Skype.exe" [2016-07-13 29494400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution "= "c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "IAStorIcon "= "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "NortonOnlineBackupReminder "= "c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "NapsterShell "= "c:\program files (x86)\Napster\napster.exe" [2010-01-19 323280]
    "DivXUpdate "= "c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
    "amd_dc_opt "= "c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=" "
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe [x]
    R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
    S2 McBootDelayStartSvc;McAfee Boot Delay Start Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [x]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 ModuleCoreService;McAfee Module Core Service;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe;c:\program files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 PEFService;Intel Security PEF Service;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe;c:\program files\Common Files\Intel Security\PEF\CORE\PEFService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
    S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - NVSTREAMKMS
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-10-25 19:45 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:01]
    .
    2016-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 09:31]
    .
    2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 09:31]
    .
    2016-10-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
    "PC-Doctor for Windows localizer "= "c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    "BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
    "XboxStat "= "c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "ShadowPlay "= "c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
    "NvBackend "= "c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716\
    FF - prefs.js: browser.startup.homepage - hxxp://facepunch.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    c:\users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
    AddRemove-AtmosFear 2_is1 - c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\unins000.exe
    AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
    AddRemove-Call of Pripyat: Redux1.0 - c:\program files (x86)\Steam\SteamApps\common\stalker call of pripyat\uninstall.exe
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
    AddRemove-Fallout 2 Unofficial Patch_is1 - c:\program files (x86)\steam\steamapps\common\fallout 2\unins001.exe
    AddRemove-Fallout Mod Manager_is1 - c:\users\Nick\fallout 3\fomm\uninstall\unins000.exe
    AddRemove-Granny Crowd Scene_is1 - c:\program files (x86)\Granny Crowd Scene\unins000.exe
    AddRemove-IJC WeaponPack White V1 - c:\program files (x86)\Steam\steamapps\common\killingfloor\UninstalIJCWPWhite1.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-The Nameless Mod - c:\program files (x86)\steam\steamapps\common\deus ex\Uninstall_TNM.exe
    AddRemove-{Call of Pripyat v1.0}}_is1 - c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\Call of Pripyat Complete\unins000.exe
    AddRemove-{Stalker Complete 2009 v1.4.3}}_is1 - c:\users\Public\Documents\STALKER-SHOC\Stalker Complete 2009\unins000.exe
    AddRemove-{Stalker Complete 2009 v1.4.4}}_is1 - c:\users\Public\Documents\STALKER-SHOC\Stalker Complete 2009\unins001.exe
    AddRemove-«Sigerous Mod äëÿ ÇÏ»_is1 - c:\program files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\Stalker Call of Pripyat\unins000.exe
    AddRemove-7998bdbe8c95db7f - c:\users\Nick\AppData\Local\Apps\2.0\Q1JXXO9D.6T8\Y2PCNRC2.3N5\game..tion_2b523ae39a779562_0001.0000_8a34b57eb2754e63\GameFly.Digital.Client.Driver.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
    "ImagePath "= "\ "c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe\" /s \ "NCO\" /m \ "c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1 "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
    "ImagePath "= "\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "?? "=hex:d1,20,03,64,22,54,78,5a,d4,45,5c,ec,80,f9,7d,20,df,83,d7,ee,a0,6f,85,
    13,df,19,de,e1,e6,bb,60,98,43,29,df,02,c3,1a,80,e4,21,37,4e,32,d6,a6,e3,ad,\
    "?? "=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\SecuROM\License information*]
    "datasecu "=hex:54,22,87,8f,c7,06,16,aa,71,b7,03,f3,40,fa,b9,49,4d,33,fa,0d,05,
    bb,74,4a,4b,1c,b4,fd,63,4a,2b,9a,4b,6c,0e,c3,91,f9,af,2d,fd,10,c3,6b,39,f3,\
    "rkeysecu "=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker6 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.23 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker6 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-10-26 22:17:09
    ComboFix-quarantined-files.txt 2016-10-27 02:17
    .
    Pre-Run: 72,798,486,528 bytes free
    Post-Run: 77,394,702,336 bytes free
    .
    - - End Of File - - C96A987CF065ECE319CD711FC79739C8
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.