Solved Random clicking sound and heavy HD use at time's

indynick · 2016/10/26

Just heard the click sound right after posting this. However for right now my HDD is running very little and i lost about 30 processes off the task manager, plus dllhost.exe isn't hiding anymore.

broni · 2016/10/26

Good

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

indynick · 2016/10/26

LastRegBack: 2016-10-15 07:05

==================== End of FRST.txt ============================

indynick · 2016/10/26

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Nick (26-10-2016 23:13:42)
Running from C:\Users\Nick\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-17 19:08:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1981132641-2656067623-3716702972-500 - Administrator - Disabled)
DanM (S-1-5-21-1981132641-2656067623-3716702972-1007 - Administrator - Enabled) => C:\Users\DanM
Emily (S-1-5-21-1981132641-2656067623-3716702972-1004 - Limited - Enabled) => C:\Users\Emily
Guest (S-1-5-21-1981132641-2656067623-3716702972-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1981132641-2656067623-3716702972-1009 - Limited - Enabled)
Katie (S-1-5-21-1981132641-2656067623-3716702972-1003 - Limited - Enabled) => C:\Users\Katie
Kelsey (S-1-5-21-1981132641-2656067623-3716702972-1005 - Administrator - Enabled) => C:\Users\Kelsey
Nick (S-1-5-21-1981132641-2656067623-3716702972-1006 - Administrator - Enabled) => C:\Users\Nick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Sigerous Mod v2.1» (HKLM-x32\...\«Sigerous Mod äëÿ ÇÏ»_is1) (Version: - GeJorge)
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Ad-Aware (HKLM-x32\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (x32 Version: 8.2.0 - Lavasoft) Hidden
Ad-Aware Email Scanner for Outlook (HKLM-x32\...\{338F08AB-C262-42C7-B000-34DE1A475273}) (Version: 1.0.0 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Alien Swarm (HKLM\...\Steam App 630) (Version: - Valve)
AMX Mod X Installer 1.8.1 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.1 - AMX Mod X Dev Team)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\SOE-C:/Users/Nick/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version: - Arkane Studios)
AtmosFear 2.1 for S.T.A.L.K.E.R - Call Of Pripyat (HKLM-x32\...\AtmosFear 2_is1) (Version: - )
Attribute Changer 6.20 (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 6.20 - Romain Petges)
Autumn Aurora 2 for S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM-x32\...\Autumn Aurora 2.05_is1) (Version: - )
Avery Wizard 3.1 (HKLM-x32\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.1.46 - )
BioShock (HKLM-x32\...\BioShock) (Version: 1.0.0.0 - 2K Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version: - 2K Australia)
BrainBread v1.2 (HKLM-x32\...\BrainBread_is1) (Version: 1.2 - )
Call of Pripyat Complete v1.0 (HKLM-x32\...\{Call of Pripyat v1.0}}_is1) (Version: - )
Call of Pripyat: Redux (HKLM-x32\...\Call of Pripyat: Redux1.0) (Version: 1.0 - Beacon)
Chaos Daemons mod version 1.6 (HKLM-x32\...\{3FA5CB57-8900-47BF-9202-3303A16C2ED8}_is1) (Version: 1.6 - Ultimate Apocalypse mod team)
Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version: - Dark Byte)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Chivalry: Medieval Warfare Dedicated Server (HKLM-x32\...\Steam App 220070) (Version: - )
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Clear Sky Complete (HKLM-x32\...\{Clear Sky Complete v1.1.2}}_is1) (Version: - )
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome, Inc)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}) (Version: 1.00.0000 - Electronic Arts)
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version: - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
Crysis(R) SP Demo (HKLM-x32\...\{92AF2F5A-4407-4A03-A80A-5A2582264746}) (Version: 1.00.0000 - Electronic Arts)
CryTools (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\CryTools) (Version: - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Dark Parables: The Exiled Prince (HKLM-x32\...\BFG-Dark Parables - The Exiled Prince) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.0.450 - DivX, Inc. )
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version: - Streum On Studio)
eMule (HKLM-x32\...\eMule) (Version: - )
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios)
Fallout 2 Unofficial Patch 1.02.27.3 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version: - killap)
Fallout Mod Manager 0.11.9 (HKLM-x32\...\Fallout Mod Manager_is1) (Version: - Timeslip, Q)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
FO2 Restoration Project 2.3.3 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version: - killap)
FOOK2 (HKLM-x32\...\FOOK2 v1.0) (Version: v1.0 - FOOK Team)
gamelauncher-ps2-live (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\SOE-) (Version: - Sony Online Entertainment) <==== ATTENTION
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gothic II - Gold Edition (HKLM-x32\...\Gothic II - Gold Edition) (Version: 2.7.0.1 - Nordic Games)
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Granny Crowd Scene 2.7.0.9 (HKLM-x32\...\Granny Crowd Scene_is1) (Version: 2.7.0.9 - RAD Game Tools, Inc.)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version: - Valve)
Happy Cloud Client (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\HappyCloud) (Version: 1.374 - Happy Cloud, Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HELLDIVERS™ (HKLM-x32\...\Steam App 394510) (Version: - Arrowhead Game Studios)
Heroes of Might and Magic V (HKLM-x32\...\Heroes of Might and Magic V) (Version: 1.6 - Ubisoft)
How to Survive 2 (HKLM\...\Steam App 360170) (Version: - EKO Software)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
IJC WeaponPack White V1 (HKLM-x32\...\IJC WeaponPack White V1) (Version: - )
Inquisition Daemonhunt mod version 2.01 (HKLM-x32\...\{977DC62F-3A09-487C-BFED-E9585BB37178}_is1) (Version: 2.01 - Compiler/Thudmeizer's team)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 (HKLM\...\Steam App 204100) (Version: - Rockstar Studios)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.179 - McAfee, Inc.)

indynick · 2016/10/26

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files ®: 13th Skull ™ Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull Collector's Edition) (Version: - )
Mystery Case Files®: Dire Grove™ Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove Collector's Edition) (Version: - )
Mystery Case Files: Huntsville ™ (HKLM-x32\...\BFG-Mystery Case Files - Huntsville) (Version: - )
Mystery Case Files: Madame Fate ® (HKLM-x32\...\BFG-Mystery Case Files - Madame Fate) (Version: - )
Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
Mystery Chronicles: Betrayals of Love (HKLM-x32\...\BFG-Mystery Chronicles - Betrayals of Love) (Version: - )
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.3.4 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
Obsidian Conflict Beta 1.35 Full (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1) (Version: 1.35 - Obsidian Conflict Team)
OccupationCS: Source (HKLM-x32\...\OccupationCS: Source) (Version: 3.4.1 - PGR Associates)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PERRLA (HKLM-x32\...\{B21E3516-7AE3-4C9E-8B4C-B6F070783A6B}) (Version: 6.0.4 - PERRLA)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Psychonauts (HKLM-x32\...\Psychonauts) (Version: 1.1.500.0 - Double Fine)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
PuppetShow: Lost Town Collector's Edition (HKLM-x32\...\BFG-PuppetShow - Lost Town Collector's Edition) (Version: - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
S.T.A.L.K.E.R. - Call of Chernobyl version 1.2 RELEASE (HKLM-x32\...\{C120D1EF-681D-4F5B-A557-12E5F125C723}_is1) (Version: 1.2 RELEASE - Team EPIC)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version: - GSC Game World)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart Mod Manager (HKLM-x32\...\{98ED974C-09EC-4081-BF88-FA5645B41622}) (Version: 1.8.3.0 - Don Reba)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios)
Stalker Complete 2009 v1.4.3 (HKLM-x32\...\{Stalker Complete 2009 v1.4.3}}_is1) (Version: - )
Stalker Complete 2009 v1.4.4 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Starbound (HKLM\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sven Co-op (HKLM-x32\...\Steam App 225840) (Version: - Sven Co-op Team)
Sven Co-op 4.0B (HKLM-x32\...\SvenCoop) (Version: - )
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - )
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TERA (HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\teraenmasse) (Version: - )
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion (HKLM\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Nameless Mod (HKLM-x32\...\The Nameless Mod) (Version: - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.3.4 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.2.4 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.6.11 - Electronic Arts)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment)
Tom Clancys Ghost Recon Advanced Warfighter (HKLM-x32\...\Tom Clancys Ghost Recon Advanced Warfighter) (Version: 1.0 - Ubisoft)
Tom Clancy's Splinter Cell: Chaos Theory (HKLM-x32\...\Steam App 13570) (Version: - Ubisoft Montreal)
TSR Merlin (HKLM-x32\...\{773C485E-B148-45CB-BF38-84FC208D960A}) (Version: 1.0.1 - The Sims Resource)
TSR RigFix (HKLM-x32\...\{EA511D3B-D0C8-4A18-ABDA-F8AFB2694D28}) (Version: 1.0.6 - The Sims Resource)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - )
Ultimate Apocalypse - THB Patch version 1.85.5 (HKLM-x32\...\{2D2D99BC-4565-4A97-85E9-4BFCFE95965A}_is1) (Version: 1.85.5 - Ultimate Apocalypse Mod Team)
Ultimate Apocalypse - The Hunt Begins version 1.8.0 (HKLM-x32\...\{A21FAC0C-E2CD-4A79-A88F-4174EA62451A}_is1) (Version: 1.8.0 - Ultimate Apocalypse Mod Team)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Viscera Cleanup Detail - ALPHA (HKLM\...\UDK-627b23de-7ffe-418f-9692-4fe8baf6e888) (Version: - RuneStorm)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version: - Relic Entertainment)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0079CF55-1EC9-4C51-8958-6E9F3DDA40C5} - System32\Tasks\{C83F2B23-60CF-46F9-8D5D-C90B13C3D170} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {03577B17-93F4-432C-A076-B82DC8353112} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {409A71F6-6533-46C3-8A56-5E14F578D7F2} - System32\Tasks\{B140E1BD-4059-481B-8AB1-C1F682357A62} => pcalua.exe -a "C:\Users\Kelsey\Downloads\crowd_scene_setup (2).exe" -d C:\Users\Kelsey\Desktop
Task: {45CC41EB-3BE5-44CB-90AA-E58E1340B254} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {47764789-2E44-4546-BDAD-0FCDEA169CE8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {82517EBF-EB53-45F7-833E-C369607C8674} - System32\Tasks\{ED0A020A-274B-4D70-98E7-EBE9B07FC7D6} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {914D4537-8D64-444D-8994-4A8BD84B1223} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {91B6B500-4251-4325-9D24-BE751A9E88AF} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe
Task: {987EC6AB-0943-4C5E-BA9F-3E7A41E611EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9B283C63-5427-4832-890E-6987A21FDB90} - System32\Tasks\{01C3DF33-577D-4A34-8374-2214AD1ED432} => C:\Users\Nick\fallout 3\Fallout3.exe
Task: {9FED4ACB-90DE-45EF-8277-CABD257D7CD4} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {A36B1D97-74EF-4046-A1C8-585462E109F2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {A4318D64-D449-4827-BE5D-0B6ACB2465E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
Task: {B51341AF-6B04-44E5-BBA6-80BD35233D52} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {BB55DFF4-A582-4294-B5F2-7574CB10455B} - System32\Tasks\{68FFB1E9-01BA-4F55-805E-AF1270FF0740} => pcalua.exe -a "C:\Users\Kelsey\Downloads\crowd_scene_setup (1).exe" -d C:\Users\Kelsey\Desktop
Task: {C057F990-BFF6-4FF7-9FEE-051386CEF8A9} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {C4A90ACB-745F-4358-BAAA-A9532B1EAF21} - System32\Tasks\{2FA9B3B9-A935-4515-9735-74BD4BEDD346} => pcalua.exe -a C:\Users\Nick\Downloads\svencoop48.exe -d C:\Users\Nick\Downloads
Task: {DCA78A04-5298-43D5-A19F-644BCDA19DAC} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe
Task: {E255C19C-102F-491D-BEFC-13322820B6FC} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {ED41EAF8-9190-4CB2-8414-8C6B4F571E02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EF90A250-8BEA-4FF9-A6F9-3C458D5C9B73} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {F5FFBEBD-9D69-45C8-8F3F-D355852E0D61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {F78F18E9-FFCF-4C0E-8B55-5D0004737337} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-15] (Lavasoft )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Nameless Mod v1.0.4\TNM Website.lnk -> hxxp://thenamelessmod.com/

==================== Loaded Modules (Whitelisted) ==============

2010-05-02 06:44 - 2015-02-10 18:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-05-02 06:44 - 2016-05-21 22:36 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-02-04 11:53 - 2011-06-15 07:15 - 00429984 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
2012-01-02 10:48 - 2015-04-08 17:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-02-04 11:53 - 2011-06-15 07:15 - 00271856 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2009-11-12 17:42 - 2009-10-02 17:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [424]
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA [198]
AlternateDataStreams: C:\ProgramData\Temp:54380FEC [233]
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72 [193]
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F [233]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [300]
AlternateDataStreams: C:\ProgramData\Temp31BE97C [212]
AlternateDataStreams: C:\ProgramData\Temp6D084A5 [225]
AlternateDataStreams: C:\ProgramData\Temp:FAFEC4B9 [166]
AlternateDataStreams: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OccupationCS: Source Uninstaller.lnk [453]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => " "=" "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => " "= "Driver "

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.scr: => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.bat: batfile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.com: ComFile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.cmd: cmdfile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.reg: => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-10-26 22:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

indynick · 2016/10/26

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D0DB1ACB-91B9-469D-9F8E-5C99E0E80923}] => (Allow) C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
FirewallRules: [{4ED9A4A9-904C-450E-82E6-E6450AF519AC}] => (Allow) C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe
FirewallRules: [{F05E758A-C433-4FCD-9633-A9F8D076D5E3}] => (Allow) LPort=3724
FirewallRules: [{A65B1140-DE49-48B5-8A5C-D6AD969B8800}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{280CF673-B35B-46B9-AFA7-34DA97F7DCC7}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{3908F5DF-BF5D-4F10-B23C-03DA709941E9}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{33F5D442-A4B5-44F1-B37E-3F66BFFC9071}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{BEE793B5-4A34-428C-B8DE-48688533B08B}] => (Allow) C:\Program Files (x86)\CrossMediaExperience\xmx.exe
FirewallRules: [{18816C15-8F8F-4165-855D-202278A249C2}] => (Allow) C:\Program Files (x86)\CrossMediaExperience\xmx.exe
FirewallRules: [{9F1A34DC-8616-43C1-93E1-71E37DABA01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\help.htm
FirewallRules: [{12085A7E-8E9D-4BE7-B975-80DC5AAA3CBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\help.htm
FirewallRules: [{D750DD89-506C-48E5-824D-8A1CE76A8625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe
FirewallRules: [{5E8A3117-8143-4AE1-805F-C5E45764F60F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent demo\Launcher.exe
FirewallRules: [{70AFB4B0-3F2F-44DA-81CB-C748AA0F6641}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{556F3104-051C-403A-8634-4C6AD1491D4D}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{480BB5F4-B0D1-488A-9AAC-9571CC390510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{2622C301-C8AF-4D95-B0FF-60F8202E0510}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{BF5D6499-2454-49BD-AB10-7ACCFE97D445}C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{05C62D13-222F-4D07-92D4-F930CB5068F9}C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\indynick\team fortress 2\hl2.exe
FirewallRules: [{3CD57521-8FAD-49A7-A000-7E0A28DD9069}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\half-life\hl.exe
FirewallRules: [{06E76E82-5D2A-4C06-9F41-FBF77A0E290B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\half-life\hl.exe
FirewallRules: [{AB509323-CB62-4151-8D48-AE41126B658D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{11B099FD-6225-4545-AEB6-032817C51B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{1D74B67E-B6C7-42DB-9783-1E15417C1187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{0A78DA43-FE6F-47E8-BEA3-CAD9D8683043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{72510DA8-FD5A-467F-8716-CFEE44A91AB4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{992D89A2-C864-4271-96DD-C47FEB42D626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD1B6F44-DD8A-4B23-9D83-2428E35E0C81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72CA4337-CA23-4714-A7C9-51CA283E9212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BCF93692-7EF5-4B06-887E-922C0010A4CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4542AC27-0162-44A4-BAC4-25CEF702BBBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\garry's mod beta\hl2.exe
FirewallRules: [{7A3B1384-03EC-4DD1-8520-3AE0B67DF0C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\garry's mod beta\hl2.exe
FirewallRules: [{E2DA8230-85AC-41DA-9FB7-F3F61762A7F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\help.htm
FirewallRules: [{9B24EB9C-C7B0-4744-A303-019F22542797}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\help.htm
FirewallRules: [{4CE53AD8-D67A-41C9-9431-C4DE27ABAFCC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{1119BF90-D654-4F36-A48A-130348AABFF3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{592A5E0D-E0A0-455D-B786-A9D558A18B80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4B158443-BBAD-469E-9FA9-0C609B1B8AC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8E72C7AB-EFE1-43F2-A29D-35CA8FC23330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{E1B75177-69CF-4A75-BF62-ED3DE6DF7B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{F196E2A9-D1B7-4937-9CE8-D2826D861BCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{9EAB9AF4-0022-4149-AF9A-E99559B1D33A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{396ADC59-21F3-4639-A487-7040C2F3278A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\dark messiah might and magic single player\mm.exe
FirewallRules: [{999C58C7-5090-4819-9470-4AECDA85EE95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\indynick\dark messiah might and magic single player\mm.exe
FirewallRules: [{C833E4DB-5D2C-4B92-BBC7-32FF2B591369}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\Titan Quest.exe
FirewallRules: [{6A4EC89C-2FC7-4285-A0AE-347AB603CE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest\Titan Quest.exe
FirewallRules: [{03A04B64-EF69-4ED1-A1DA-6E0DA323C7D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\Tqit.exe
FirewallRules: [{22FFA2B1-70A2-4900-A501-52CCF2FF205E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\titan quest immortal throne\Tqit.exe
FirewallRules: [{FC592804-0E8B-4048-A442-89881B6BE575}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage.exe
FirewallRules: [{42D47821-ED51-4CB5-B225-90C96AEEFD38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage.exe
FirewallRules: [{B3910BD4-FD0B-4A34-B61C-C9CBB45811C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage64.exe
FirewallRules: [{F8093180-470E-4A28-8EF0-0AAA73DBC7BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rage\Rage64.exe
FirewallRules: [{04EA16EB-BBC9-4BE0-A43D-0E06F4897D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe
FirewallRules: [{61C01E23-C252-405D-B2C2-A9E52BF0B0F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe
FirewallRules: [{FA2EA71E-A7C7-4581-B9E9-313A1CB1BD42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne\maxpayne.exe
FirewallRules: [{F5A6635D-42C1-484C-BF55-FADB8037FF37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne\maxpayne.exe
FirewallRules: [{EA3FD777-5708-4AFA-AFC5-30A4105A67F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{1E976B12-3607-481C-9495-37B87EC585DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{114B9860-451B-4993-89E4-931B1EC25812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe
FirewallRules: [{C9A86280-2DB6-4848-B236-E74393D1FBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe
FirewallRules: [{82E9BCA4-86AD-436C-9B2E-755E7AA2ECB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\morrowind\Morrowind Launcher.exe
FirewallRules: [{5BC94C6D-4D6A-4626-8ACC-1F55E0FD711C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\morrowind\Morrowind Launcher.exe
FirewallRules: [{896039BC-1BD7-4789-970E-1D4CB2199D2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{254C38CD-E265-4AA0-9AAA-803A8FF5867E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2\arma2.exe
FirewallRules: [{D70A02D3-CAD5-4BA9-AE6D-120CD7120AE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
FirewallRules: [{6C4209AA-03F5-457A-B77F-30136758F6B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout\falloutw.exe
FirewallRules: [{E7E9CCA1-25C7-4AB7-83EF-EFC2D44FB36A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
FirewallRules: [{21C1D6C0-E1A6-4425-89F3-94AB9E116DD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\BOS.exe
FirewallRules: [{12A66391-05EA-4232-921D-013C19DA81D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
FirewallRules: [{D4D79072-712D-45E4-8F1E-123C0925D1C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallout tactics\FT Tools.exe
FirewallRules: [{2D9908F9-1DF4-4A0F-9D5A-E5B09D73B297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{9259A4AD-A68E-46EE-AD86-1AF284BB3E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{95202FD9-ED75-493D-94B1-FBF11CB7AE22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mafia ii - public demo\launcher.exe
FirewallRules: [{96150067-9E87-457B-84E1-4E9820EA42EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mafia ii - public demo\launcher.exe
FirewallRules: [{A3BFF055-CAE8-4A95-B5E6-51AC3926C014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
FirewallRules: [{796FB56A-1635-43F3-950F-C129EEDAF890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
FirewallRules: [{17E85436-BFA4-4BB4-A35D-375E6C6440F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
FirewallRules: [{619AD320-D3EA-4BB0-AF23-1AA1E5014758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe
FirewallRules: [{ADFDB24A-D3EA-4F48-A506-3309AE320B04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
FirewallRules: [{75173467-8586-4612-B635-635488A0CF2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\fallen earth f2p\FEUpdater.exe
FirewallRules: [{2DAB5032-E88E-4B8D-8EEB-BD75C445E551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper elite v2 demo\bin\SniperEliteV2Demo.exe
FirewallRules: [{13D1D7D9-F497-4CFF-AF89-A58BDB81EA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sniper elite v2 demo\bin\SniperEliteV2Demo.exe
FirewallRules: [{EF1157BD-6916-45C8-89C2-F393A26E0E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{78B94FFF-86B1-483F-88F3-AEC040E5BDE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{91EA458A-37D2-4D4C-8CB6-CF347BA6B81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{EEED9777-EC50-4459-9666-94303A77742C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{6F490CF7-D6A9-4E9A-8EEC-22A509549D38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{5841A5AA-DEF5-4AB3-84C8-5A8C7AB574C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{CDCDFE5A-6162-4669-816D-D647CA26AE58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{671A2058-5558-4C83-943E-4887E18D5EFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{C0F6C734-E337-4D8B-8400-017637E34F0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{E67885C0-38F0-4C82-AE6E-F9CD55758B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{769AAEB3-2E53-4E42-AEE6-E508F727E73B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{344A2CBE-FA4D-4DDC-8B2F-238279B7FA54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{94BA1B22-F80B-4F9F-87FA-3F9AD3460B60}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{2818812A-8803-43CE-9726-350FFAA70594}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{4B131FAB-E1C8-4023-BAD4-0A061566E481}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{923D8E7E-2DD9-4A79-B154-057E3131E627}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EB9829A8-C56C-4AD4-B941-B988F632C8EF}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{068934EF-CB50-41D1-8442-F15D41073E47}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C7F091E8-F644-4D0C-8C66-4B60A2E715E0}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{7EC7C795-46FF-41BF-820F-D3CA301DCB51}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{F201C344-6219-4525-B3DC-B4A832EA315D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{46B066E5-DE15-4D2B-A947-F289A4BB37DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{7D2508A7-3F53-4FC6-B208-30E0DAC6EFCF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{14FE4FEF-231A-43FE-87A3-616FCC2EA037}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{58B1EC66-B155-40A4-A69F-D6FC79817696}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C4361EBF-660C-4328-A267-A9A9B35C0FE5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{06026B6A-0E3B-4E65-BBCA-E753F222597B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{91C14A22-DDD9-4612-93DC-9567A74403AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{7243D927-71B0-49AD-89DC-594A28BC0CC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{2DC534DB-A958-4BEF-BA03-4CA4A9DD8E6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{76E72076-45BE-49CC-8621-12EA034797D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{FC96C6F4-71B6-45CD-A303-337837FEE9B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{E231CE0F-292A-499C-BE8E-D66F9B7C5DB9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2872B452-FF2C-4F30-A960-41A74D8DF84C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\indynick\source sdk base 2007\hl2.exe
FirewallRules: [{6DA4A325-0D65-40CD-BDC1-C70F35E2ABF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\indynick\source sdk base 2007\hl2.exe
FirewallRules: [{A727D236-38C1-4B06-8CEC-792C935F7E3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{2241CF69-0B2A-43B0-AFD2-CA6AE3AD9A04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{4A1DE0B1-8C49-410A-ADB2-9BD157DC0F01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{2F0914BB-C392-4922-B8D6-FFD3001FB54F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{A84C9386-1C06-4AC9-A04B-322A44938592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{683B8A73-E3AC-4FDC-B2CC-485C3994348D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{27DA74F5-DD3A-44B6-852F-F00592DEAF92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AD9EBC0F-FA4D-417B-AB5A-492047090CFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3E231BF3-35D6-486B-BC70-7BCDA7721E41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{F89FED1F-EF89-4628-B6DC-9A62D2E845D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{CCD2F109-14AB-4D7D-9280-8BB65052B96E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{753B361E-672A-4A3D-BB82-3415270919AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2659C925-67AB-4A5A-83B6-706311F796CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5B073507-8482-4526-8955-61F704FF85CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7874504F-72CF-46AB-9279-DADC04303CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{88BE10B9-5F74-415F-948A-5534E1554A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3797168-0816-40F1-9406-727E3B412610}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1A033BEF-928A-4924-908E-22CD7B968226}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C317D880-EB32-4D2C-BC6D-882BDA1B8BEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{938FA492-BA09-4E37-8CC6-8A6E92E5A567}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CDB3BC0A-0669-4077-BB96-B7C3D10D1112}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0A73DE5F-5A52-413F-9254-9AE5183CE341}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{9FBB2E5D-F3D7-4327-A575-C7582B7BA5EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{835A73AD-6877-47CC-B5E7-1B1E0C1CA574}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{135B01A8-83E9-42DD-9774-6E73631CDD47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8A1C52C4-A9FE-4CCB-8F06-E14C0FB0098E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{58044381-B7DC-4B85-A056-3D79162F0850}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{723E2B1A-1CE2-4D34-B439-1649C26A50C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{D8EDE52E-B599-423F-BD07-6B3EA8AE35DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{BE8106E1-20DF-4D6A-8471-E14E7E40B848}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E08A604E-7F4D-4B0E-B8EA-1EE9E13101EE}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{96D1EC55-549C-4512-B846-C3513D4AA15D}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{DFA90102-FBFC-475E-BB1A-F592E089C380}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{57005762-A4D6-4E81-902B-1F2A786C5E74}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{F4A7CA9C-CEC5-487B-B4BF-2C93D4E449C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{E38BD450-ED8F-4406-BEFC-B1F0E30A3EFE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{A6A24E94-D145-4C90-A02D-0A039E2B52E2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DBCB2C3D-B5D0-44FF-90F3-23C59A2FB12C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D04578BE-9E93-4FBF-85E4-ED16875608C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{AED4041E-6E4E-4F47-994F-9F8178E57E25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{0719385E-CD95-40EA-B232-FD35D5E7F059}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{DD24DD91-E6E7-45E3-94F6-4F6E0D020673}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1F478E8F-6A63-4032-9C9D-C6DE92799B42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0280C693-1B08-4104-BF9D-A5DCB4A717C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CCE3592E-8BEA-4D9F-B0B8-BE190392BB2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{28924BA2-D29F-47F9-AD97-358036FF6180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{72789B45-1901-49FF-BB17-CA0076CA1A81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{5A738D57-4F27-4EB6-9679-3498AC5E40B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{7B3608D3-8548-4DBD-9CA9-DE3F74C423AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{549CE913-B781-4E0E-A75F-B27754D369F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{4A505EE5-76EE-46B0-915A-9B9D2854B180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{5FF06BD9-D798-4CD9-BF0A-E1A03EA999FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{48E20251-0DBC-4A39-BBE3-E766B6BA2E0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{44E59DD0-80BC-4FC9-A377-05DE772C8F4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{0A0F17E3-B53C-4F0C-9B4C-674ECAC3DD4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{59ADE5BF-35BF-4816-917E-87F7C6B21DD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{34611671-ACA0-4581-959D-B9D0D5DC4ECF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{04225DA4-09E4-4826-AF70-1530533961ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5CF2FFFF-56D0-4944-B3E2-2201C2109AA5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1CDBD86E-378D-4359-A0B5-9B4E78D4A2DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{477E5422-D610-441C-8350-317A8303EAE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7EA9744E-E046-4A10-A3B6-F0DADC26B746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5180504C-A65E-4522-BAB1-619781AB32FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{678D2603-B16B-49BF-A4FE-000C2A04E11B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{34988798-7645-4CBD-9FB0-33FE00FEED55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{438B48A7-18A4-489C-8966-47BC2C3D2AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{6B5C5A8C-3EA3-4436-A736-6B3BED3869C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{1796D6D2-91D3-4A36-9C52-6393B2E765A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{29509BBC-6720-4559-8356-101127874D94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{7DBAE5DE-E0A9-4095-BE5F-F25AA3D5DE34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{8BAC2804-5E69-4D66-8630-2BA7DAEEA182}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{982C5F10-4A1A-491E-A866-3FD65705C329}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A5ADD35F-FC47-46D4-91A3-832A0916F3BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{6D83D3AC-FF94-4A54-80F7-063E1575DEFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{99DA135C-325F-4D62-9DF2-8A3A8DD334A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{B9AC2BBD-9AE0-4525-8C59-829392CD45E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{FE48ADCE-ECA3-4BB2-A84A-FA994F8123F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{71D297B9-6DF4-4900-963B-9415336E10CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{E9BDE7AD-952A-4AEB-8618-F726AD40F52B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1258948F-7A29-429B-A148-50F4EB569CC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CF6B0422-1976-4E84-84AE-CA1606743253}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4598A85-CB1D-48E8-B758-1ED0233A01BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A3C2A650-0C70-4F59-A27F-597760DE6C90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{7F0E2C18-3FB1-45EF-B026-717CA35F8BDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{B6CAEF80-BA10-410E-A809-8D028949E233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{736E20A1-171B-410B-A702-43944D523104}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{15A479F2-5240-44CD-B6FE-53DB6EAB0E5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{CC248D5F-5767-4E05-8B96-EA9AD0517293}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{C923A691-15F8-44D8-AB0C-F1AB1F5CC393}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{618583C9-C390-4FCE-A219-7CE886CBFF13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{9108CC62-2643-4723-AADB-D696F2D64715}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{7B955261-848D-4314-B9DB-971AAECDEC38}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{C994F1B1-7C63-4E5D-B118-C336F764C5B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{EE711485-FDD6-428B-8282-95217DBA0961}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{652BE74B-BBF0-4BCC-858F-41C285092ED2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Receiver\Receiver.exe
FirewallRules: [{F7483B27-6432-4B8F-B93F-2CA69C009D67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Receiver\Receiver.exe
FirewallRules: [{D9F9508B-DD0A-417C-9B62-BBFCBFBC3E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EYE\EYE.exe
FirewallRules: [{3E38DC58-9DF5-48AC-BB7E-2A8C260EE7A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EYE\EYE.exe
FirewallRules: [{8CC1E0CA-87E4-4953-9BFF-E44BED796C6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{39FE26A9-28F4-47A8-BFDF-9942B7C0B08A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{6EE9F6CB-D2AD-427D-8B59-D56211B2F250}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{CCD49311-B21E-4B49-A509-ACF0088BA4D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{97EC4E83-3217-4B6A-B6D7-E3B9497B37D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B121AF6A-1173-4EB9-AA04-13F75A03910D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{4C928DBA-2A46-4A1F-A037-C2C626D442C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{CEE8AD3F-7CDB-485D-928D-3BD6860495F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{F88134F5-539B-4EE4-AB8A-66640100AD19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{5A1715A1-2D78-4FC8-B248-BADFDF657C04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{ADEE540D-A113-4FE4-B739-927887EA394E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{07BD04ED-B9E3-41F9-9514-0071A1A60893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{999F8B30-6CF1-4389-9FC3-6FA5B148E1EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{66BBED6B-C6FB-44B0-BA53-76A16DA9A62C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{6ABA22A9-C32E-427A-813C-25C5C6706C47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB5198A4-C943-477A-8F7F-8CC5AF9C08DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7FA8DFB-5FA4-4FE6-A7A6-866CFC9BA19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{9CDF7A98-FFDB-49EC-B462-4AF90A164A15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{B4980948-144B-4E01-A9E7-88FE9FAEEC39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arx Fatalis\arx.exe
FirewallRules: [{5FA38A1C-3696-4B83-8E58-A1C63AE910E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arx Fatalis\arx.exe
FirewallRules: [{98E9112E-C2F4-4D83-A22E-A243F759D11D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7694C803-0B79-448C-AB2B-35F55472ED94}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{43B57911-39C0-4E35-8F50-6CA3021A519D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{A5BB2283-F756-417E-9EF7-157641FE2BC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{56788751-2485-4A07-A6A8-C004E227674D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{8AB5CD24-43FF-4F4A-8F89-D2890620AA81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{C9350A76-14F3-4963-91A5-76484604A026}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{6B220CA3-ADF4-4EDD-9517-7891E8E6FCB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{E192DCF3-B7ED-4D41-9011-4D2D084B4E94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{D66906F5-9955-4E07-9366-75961C9D6393}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{EA300849-4ED5-4233-97A7-CD497441C5CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{A9043AF8-DA23-41F6-B088-CD17668C0291}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{7FC2CC04-51EC-48B6-B3E5-A3EEEF9F811A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{72A0BC58-CE44-4629-AACF-E2BF3CF5DD05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{E43BA507-D4FC-4BBA-A019-CC909EB775E0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39AF5924-0005-491D-A874-7AE51B7E0039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{CBFD6C4D-5514-476A-A161-8D7D40DCE08D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{D89D361D-D5A6-40EC-898A-89575488BDA4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{649FD969-7FEA-42DB-B7D2-89DE2BCB1762}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{EB7948EA-D1AB-46E3-96E4-7191C3B2A9AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Splintercell Chaos Theory\System\splintercell3.exe
FirewallRules: [{5C2272AB-FC78-4A78-9348-0AA0405CEC72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Splintercell Chaos Theory\System\splintercell3.exe
FirewallRules: [{E0303CAD-6FC6-4C02-BBFD-67592E73B948}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E31A4EF0-180B-43B7-AA10-D0A31C74EE05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56717916-FF97-4121-80BF-3D1D890870D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{454A3148-1CEF-4B96-949A-CACB0135C153}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{8CAD6081-3161-41C2-92E8-E6E3F8108D29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{71860B79-E6E5-4EC4-BD2A-D400FBEF57AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [TCP Query User{C594469D-EF13-4C4E-9095-778177AD5C2D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{6D133457-AEB6-464D-93F0-685EDDA6010D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{2BC61FC1-97C4-4FD5-BD27-1909D66C13CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{98B96759-EB5E-4892-8155-D57816EFEB1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{B92F3765-87F2-4E03-BE9F-E1D3F0E8180A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{B7AD2015-2DB6-46B2-9212-B04B686855B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{FEC571DA-1492-4C5F-97CE-3810F4983776}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{8F6F6781-B5BD-492E-AE6A-250A601FECE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{D7549441-7718-43A5-94C6-AC324C829FA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{E1F79413-1A60-4052-BC5F-E4924E1FFBA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{05383E63-7AB6-4190-B9D0-0D3D4F3E29B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{2F398DCE-9872-464A-B73C-D556E2CD8E4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{71785C9F-3FDB-409D-BB4D-2920776BE622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{5231ED78-A73B-4639-8F47-7BDF526AAC21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{60835F99-D8C3-4ECD-A054-45CCC86031B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{0947E7A1-74D1-4E07-BCE5-B5085E70E6C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{81E081F5-3C79-4549-B986-E69A0762CA95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{BDD5FDFB-EEDA-4062-8A12-2EF151955BA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{BC2A64A9-EB30-45E7-98D7-CD95E521A850}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{1B5F29D1-81D3-469C-900C-8F95492902AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{CC2B2B9D-CB49-40B6-9410-4A3BB12729A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svencoop.exe
FirewallRules: [{6255ABC5-2BDE-4580-A413-BB050D2C7A01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svencoop.exe
FirewallRules: [{C7AE28D5-D20B-481B-87C1-F44831912D02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{4B41AD48-8CFC-4B49-8ACA-7C49A880BB78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{08F96370-8DFC-466A-BC2C-67BFEC6A1DD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{7742B2C0-08F2-4D4C-BEE0-A791002227BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{7181AE6C-F678-41E0-BBAC-C18E50F39590}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{8F0DD4C9-3A8F-4E2C-BBF1-43CD8628E1CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{C51C98E6-8398-4825-B4F6-49B7202289BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7D6AEBED-C956-44F0-A03F-C55C76DCAC05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4E31E773-5608-4CA8-B03F-ADC1DDD782FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3488D9FF-DDEE-4730-B75B-064B4FAE290D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8F908467-79EC-4B71-8A31-05F1B9234C8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AF81D881-2180-4F55-9127-937C8CD21758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{46225646-98DB-4E7F-904A-F54BC302A940}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{281E72A2-097A-4034-9545-A60E33E273F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F93EA77F-457A-4FA2-B8B1-90C06A428AB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CEB02A61-39D0-4C5C-BAAC-8FC25F7E38EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F55332FC-CB3B-414E-8EAD-CCC32D52EE39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F6C47697-7FF9-419D-8B71-C883FF153D87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D29FFE9B-2C0E-40C8-A06D-838F01976B28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{DC1E7AAD-6ADD-4EE4-A0BE-C5359274D8A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{DA546CD4-93BF-44A0-9377-3AED7A5B418B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EEBA6E4A-4F48-4027-B4D7-0BB1624A9AD6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{98615DBE-7F38-4F97-8116-8FD9B36A0EE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AB0380D0-C9DD-43E7-87C8-7D53C8F0B897}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D639E4CF-6279-41A1-B1EE-D803AA36B77A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{78AC3A49-03E3-49B4-90BD-EF185C977C14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{F43735FD-E3D6-4728-9536-F8E5A220FDAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{A1AB2205-5A64-4498-AC66-649D427B95CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{6A370936-4481-4E18-9F95-CEBC428E52B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{B4765CA0-F441-4862-B9BB-E43047DEDF31}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{D01D58C2-FFD5-49E6-BECB-4E0486A523C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{F3F028E0-8F59-45E7-A7EE-2AC9ED6C4FBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{456FC887-B4A7-44C2-82A0-48DD31031328}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6AE64140-A83C-4F17-B286-21E72422E5ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{D56855DF-85B7-45DA-82FE-4AB362ACE38C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{93D53BB5-FEC0-4176-AB44-E37627B8DB3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{31E8961A-BC78-40B2-AB30-20149A01604E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{32BD30FB-AFD4-427A-BF24-BD64F1ED2CBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{DF17E2DB-5346-4D54-A5E7-27AFF338FA65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svends.exe
FirewallRules: [{EC6C3FF4-3E50-42C9-BB53-97F2AB96DF4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sven Co-op\svends.exe
FirewallRules: [{C75ADB3B-AD0D-43BC-8583-1AD248E44FED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{EA8A453C-E404-4174-A4EC-49D03E4B4448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{3212F0DE-5A3E-4430-A7ED-5E717CF153DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{A9CC57C2-DAE0-4AAA-9B83-BA2D7B8D3156}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{C1E0C3B5-436F-426F-B863-2F04DE73369B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{9E02F605-5DC2-4856-B5A7-0C52DF1AFC2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{30A11FDC-422D-44B0-BA1D-3429A7BC154C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{174EB87D-F048-4443-9A1A-65CC5E230199}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{1B63D3FA-CA48-4AB5-AFA7-AE1EE333721B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{ED48E666-ECE7-4070-87BC-04E2CD012DE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\HowToSurvive2.exe
FirewallRules: [{9C91AEA7-5C2F-4B5E-B1D7-7506DD59D204}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{B66E4F94-3617-4248-A3DF-F828BE70A606}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive 2\Exe\Detect.exe
FirewallRules: [{4A79F363-3F1C-4492-BC07-FFF435093A5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{E550AADD-CD34-4440-8FE1-DAAE0DCD1F1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{3963080B-AE60-43A8-86E5-6BD0A675999B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{6211A0F1-E1B7-4A69-A9E9-53A88962B813}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{B62D6EEC-2EE4-425E-A8AD-4C41B2154F22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{8A59C96C-E714-470B-8B15-49B0C11CAF07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{85847CA7-3F72-4EC0-80AB-5882FF051024}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalry_ded_server\Binaries\Win32\UDK.exe
FirewallRules: [{2188FC28-1D26-4830-8E1E-4CC2FB3C6342}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalry_ded_server\Binaries\Win32\UDK.exe
FirewallRules: [{895BD0CE-A7F5-4022-9648-718090D1AC19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{3C3E7780-D4CD-406C-A455-1A7EC9393B29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{C4728D3B-4EF4-49D3-BFF3-D235992D277F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

indynick · 2016/10/26

==================== Restore Points =========================

09-10-2016 21:32:25 Scheduled Checkpoint
26-10-2016 15:52:27 JRT Pre-Junkware Removal
26-10-2016 15:53:20 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 02:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11045

Error: (10/26/2016 02:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11045

Error: (10/26/2016 02:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2016 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (10/26/2016 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (10/26/2016 02:20:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2016 02:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9032

Error: (10/26/2016 02:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9032

Error: (10/26/2016 02:20:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2016 02:20:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8034

System errors:
=============
Error: (10/26/2016 10:13:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 10:12:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/26/2016 10:06:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 03:57:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Identity Safe service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/26/2016 03:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/26/2016 03:55:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/26/2016 03:55:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/26/2016 01:47:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Module Core Service service hung on starting.

Error: (10/26/2016 01:42:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.

Error: (10/26/2016 01:38:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2016-10-26 22:12:53.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-26 22:12:53.515
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-21 15:59:49.324
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-21 15:59:49.230
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-21 11:33:52.842
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-21 11:33:52.748
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-14 17:47:04.808
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-14 17:47:04.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-06 19:36:18.145
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-06 19:36:18.051
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 8151.08 MB
Available physical RAM: 3802.19 MB
Total Virtual: 16300.36 MB
Available Virtual: 12253.54 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.31 GB) (Free:71.97 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.1 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Expansion) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

broni · 2016/10/26

I still need FRST.txt log.

indynick · 2016/10/26

thats all it had. but let me re-run farbar

indynick · 2016/10/26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Nick (administrator) on UPSTAIRSBED (27-10-2016 00:21:19)
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Katie & Emily & Kelsey & Nick & DanM)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe "
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1571696 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [NapsterShell] => C:\Program Files (x86)\Napster\napster.exe [323280 2010-01-19] (Napster)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-03-05] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\DanM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-10-24]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2014-07-26]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Nick\AppData\Local\Apps\2.0\RG3E95OJ.LNB\EP8CGKKX.5YG\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (No File)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AA778544-256C-431F-A16F-EF7E13BC0FEB}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D1FA2BDC-3F12-40D6-A86B-8D6E7CB87D57}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E2ACB976-467C-4E39-B952-1DA200A8D487} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E2ACB976-467C-4E39-B952-1DA200A8D487} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> DefaultScope {E2ACB976-467C-4E39-B952-1DA200A8D487} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-27] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-27] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-09-23] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-09-23] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: mudgm60c.default-1350819548716
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716 [2016-10-27]
FF Homepage: Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716 -> hxxp://facepunch.com
FF Extension: (uBlock Origin) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716\Extensions\uBlock0@raymondhill.net.xpi [2016-10-25]
FF Extension: (NoScript) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\mudgm60c.default-1350819548716\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-08]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: (Norton Identity Safe Toolbar) - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2016-10-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-03-09] (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-06] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1981132641-2656067623-3716702972-1006: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1981132641-2656067623-3716702972-1006: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-08] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Google Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\Exts\Chrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-11] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1355968 2015-03-04] (Lavasoft)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-10] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2016-05-21] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NCO; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\diMaster.dll" /prefetch:1

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-09-06] (Echobit, LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-06] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-25] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 00:21 - 2016-10-27 00:21 - 00026797 _____ C:\Users\Nick\Desktop\FRST.txt
2016-10-26 22:17 - 2016-10-26 22:17 - 00024308 _____ C:\ComboFix.txt
2016-10-26 21:55 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-26 21:55 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-26 21:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-26 21:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-26 21:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-26 21:55 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-26 21:55 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-26 21:55 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-26 21:54 - 2016-10-26 22:17 - 00000000 ____D C:\Qoobox
2016-10-26 21:53 - 2016-10-26 22:15 - 00000000 ____D C:\Windows\erdnt
2016-10-26 21:52 - 2016-10-26 21:52 - 05658651 ____R (Swearware) C:\Users\Nick\Desktop\ComboFix.exe
2016-10-26 19:04 - 2016-10-26 19:04 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-10-26 15:58 - 2016-10-26 15:58 - 00029196 _____ C:\Users\Nick\Desktop\JRT.txt
2016-10-26 15:50 - 2016-10-26 15:51 - 01631928 _____ (Malwarebytes) C:\Users\Nick\Desktop\JRT.exe
2016-10-26 01:30 - 2016-10-26 01:36 - 00000000 ____D C:\AdwCleaner
2016-10-26 01:30 - 2016-10-26 01:30 - 03910208 _____ C:\Users\Nick\Desktop\AdwCleaner.exe
2016-10-26 00:37 - 2016-10-26 21:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 00:37 - 2016-10-26 00:37 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-26 00:37 - 2016-10-26 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 00:37 - 2016-10-26 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 00:37 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-26 00:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-26 00:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-26 00:36 - 2016-10-26 00:36 - 22851472 _____ (Malwarebytes ) C:\Users\Nick\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-10-25 23:28 - 2016-10-25 23:28 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-25 23:28 - 2016-10-25 23:28 - 00000897 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-25 23:28 - 2016-10-25 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-25 23:27 - 2016-10-25 23:28 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-25 23:27 - 2016-10-25 23:27 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-25 23:26 - 2016-10-25 23:27 - 33630368 _____ (Adlice Software ) C:\Users\Nick\Downloads\setup.exe
2016-10-25 15:50 - 2016-10-25 15:51 - 00023054 _____ C:\Users\Nick\Downloads\FRST.txt
2016-10-25 15:49 - 2016-10-27 00:21 - 00000000 ____D C:\FRST
2016-10-25 15:49 - 2016-10-25 15:49 - 02407424 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2016-10-25 15:48 - 2016-10-26 22:44 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-10-20 16:42 - 2016-10-26 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

indynick · 2016/10/26

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 00:11 - 2010-03-26 21:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-27 00:01 - 2012-04-02 16:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-26 22:26 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-26 22:26 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-26 22:17 - 2016-09-02 03:16 - 00000000 ____D C:\Users\Nick\AppData\Local\Apps\2.0
2016-10-26 22:17 - 2015-12-28 09:48 - 00003608 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2016-10-26 22:17 - 2014-04-23 09:31 - 00000000 ____D C:\Users\dub_cm_auto
2016-10-26 22:13 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-10-26 16:11 - 2010-03-26 21:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-26 16:01 - 2012-04-02 16:21 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 16:01 - 2012-04-02 16:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 16:01 - 2011-11-19 17:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 16:01 - 2011-05-18 16:27 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 16:01 - 2009-11-12 17:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 15:56 - 2012-02-03 09:05 - 00000000 ____D C:\Program Files (x86)\Norton Safe Web Lite
2016-10-26 01:49 - 2013-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-26 01:42 - 2015-07-03 23:16 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Skype
2016-10-26 01:37 - 2009-11-12 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-26 01:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-26 00:38 - 2012-05-06 15:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-25 15:45 - 2010-03-28 07:14 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-25 15:45 - 2010-03-28 07:14 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-23 03:11 - 2014-10-02 16:13 - 00007669 _____ C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2016-10-21 18:39 - 2016-09-01 22:25 - 00000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
2016-10-21 18:39 - 2014-11-08 19:02 - 00000000 ____D C:\Users\Nick\AppData\Roaming\SpinTires
2016-10-19 02:12 - 2015-02-01 14:27 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-10-19 02:10 - 2015-09-17 12:50 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-10-14 19:36 - 2015-04-14 12:43 - 00000000 ____D C:\Program Files\Rockstar Games
2016-10-14 19:36 - 2012-06-02 17:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-09-30 22:43 - 2010-03-17 18:26 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

==================== Files in the root of some directories =======

2012-02-26 21:00 - 2012-02-26 21:00 - 0091868 _____ () C:\Users\Nick\AppData\Roaming\icarus-dxdiag.xml
2014-10-02 16:13 - 2016-10-23 03:11 - 0007669 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2010-11-16 21:23 - 2010-11-16 21:23 - 0228294 _____ () C:\Users\Nick\AppData\Local\tmpKELSEY ID 001.JPG
2011-06-15 18:54 - 2011-04-16 18:54 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Nick\DSETUP.dll
C:\Users\Nick\dsetup32.dll
C:\Users\Nick\DXSETUP.exe
C:\Users\Nick\Gibbed.Volition.dll
C:\Users\Nick\ModManager.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-15 07:05

==================== End of FRST.txt ============================

indynick · 2016/10/26

Sorry about that.

broni · 2016/10/26

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

indynick · 2016/10/26

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Nick (27-10-2016 00:33:24) Run:1
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Katie & Emily & Kelsey & Nick & DanM)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [424]
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA [198]
AlternateDataStreams: C:\ProgramData\Temp:54380FEC [233]
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72 [193]
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F [233]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [300]
AlternateDataStreams: C:\ProgramData\Temp31BE97C [212]
AlternateDataStreams: C:\ProgramData\Temp6D084A5 [225]
AlternateDataStreams: C:\ProgramData\Temp:FAFEC4B9 [166]
AlternateDataStreams: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OccupationCS: Source Uninstaller.lnk [453]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.scr: => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.bat: batfile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.com: ComFile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.cmd: cmdfile => <===== ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.reg: => <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1981132641-2656067623-3716702972-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll => No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]
2012-02-26 21:00 - 2012-02-26 21:00 - 0091868 _____ () C:\Users\Nick\AppData\Roaming\icarus-dxdiag.xml
2014-10-02 16:13 - 2016-10-23 03:11 - 0007669 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2010-11-16 21:23 - 2010-11-16 21:23 - 0228294 _____ () C:\Users\Nick\AppData\Local\tmpKELSEY ID 001.JPG
2011-06-15 18:54 - 2011-04-16 18:54 - 0000032 ____R () C:\ProgramData\hash.dat
C:\ProgramData\hash.dat
C:\Users\Nick\DSETUP.dll
C:\Users\Nick\dsetup32.dll
C:\Users\Nick\DXSETUP.exe
C:\Users\Nick\Gibbed.Volition.dll
C:\Users\Nick\ModManager.exe

*****************

C:\ProgramData\Temp => ":2B9555D8" ADS removed successfully.
C:\ProgramData\Temp => ":4673E9EA" ADS removed successfully.
C:\ProgramData\Temp => ":54380FEC" ADS removed successfully.
C:\ProgramData\Temp => ":78E0DF72" ADS removed successfully.
C:\ProgramData\Temp => ":8E5EA40F" ADS removed successfully.
C:\ProgramData\Temp => ":C22674B6" ADS removed successfully.
C:\ProgramData\Temp => "31BE97C" ADS removed successfully.
C:\ProgramData\Temp => "6D084A5" ADS removed successfully.
C:\ProgramData\Temp => ":FAFEC4B9" ADS removed successfully.
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OccupationCS => ": Source Uninstaller.lnk" ADS removed successfully.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.scr" => key removed successfully
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.bat" => key removed successfully
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.com" => key removed successfully
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.cmd" => key removed successfully
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Classes\.reg" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1981132641-2656067623-3716702972-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => key removed successfully
"HKCR\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value removed successfully
"HKCR\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value removed successfully
"HKCR\Wow6432Node\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => service removed successfully
X4HSX32 => service removed successfully
C:\Users\Nick\AppData\Roaming\icarus-dxdiag.xml => moved successfully
C:\Users\Nick\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Nick\AppData\Local\tmpKELSEY ID 001.JPG => moved successfully
C:\ProgramData\hash.dat => moved successfully
"C:\ProgramData\hash.dat" => not found.
C:\Users\Nick\DSETUP.dll => moved successfully
C:\Users\Nick\dsetup32.dll => moved successfully
C:\Users\Nick\DXSETUP.exe => moved successfully
C:\Users\Nick\Gibbed.Volition.dll => moved successfully
C:\Users\Nick\ModManager.exe => moved successfully

==== End of Fixlog 00:33:24 ====

broni · 2016/10/26

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

indynick · 2016/10/27

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java(TM) 6 Update 35
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.205
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (49.0.2)
Google Chrome (53.0.2785.143)
Google Chrome (54.0.2840.71)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

indynick · 2016/10/27

Farbar Service Scanner Version: 27-01-2016
Ran by Nick (administrator) on 27-10-2016 at 01:02:00
Running from "C:\Users\Nick\Desktop "
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

indynick · 2016/10/27

Sophos first start up is quite long eh?

indynick · 2016/10/27

Well this scan might take awhile.

broni · 2016/10/27

Take your time.

Log in or Sign up

Solved Random clicking sound and heavy HD use at time's

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Random clicking sound and heavy HD use at time's

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

indynick Member Thread Starter

broni Moderator Malware Analyst

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

indynick Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches