Jump to content

Recommended Posts

Hello, I ran malwarbytes as a free premium trial and it found 303(with five previously quarantined pieces of a P.U.P) and when the scan was finished, when I attempted to quarantine the items, my computer completely hung. From other's posts I'm going to assume this is something far more malicious than pups. Help would be appreciated as well as patience as like most I have a daily grind that can get in the way,thanks, Computer. 

Edited by Computer_idiot
Link to post
Share on other sites

Hello Ron, as requested here are the Farbar logs. (additional note before using farbar i ran one final MBAM scan and i actually got a BSOD this time instead of a freeze.) 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2017
Ran by taran_000 (ATTENTION: The user is not administrator) on TARES-LAPTOP (20-04-2017 20:02:03)
Running from C:\Users\taran_000\Desktop
Loaded Profiles: taran_000 (Available Profiles: Scott & taran_000 & nmacd_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FBAgent.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AGSService.exe
Failed to access process -> avp.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> HiPatchService.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> MBAMService.exe
Failed to access process -> SDWSCSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
Failed to access process -> ICCProxy.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [148601744 2017-04-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-06-01] (NCSOFT Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [*WerKernelReporting] => C:\WINDOWS\SYSTEM32\WerFault.exe [465320 2014-10-28] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [9369216 2016-12-16] (PC Drivers Headquarters LP)
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\Run: [5EB4A6697A39DEDC106F8EE17B233C3BC4AFD314._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll [2017-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll [2017-04-14] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1577685660-3506437172-1987996859-1004\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B398C346-9C42-47D3-BE13-BBC90CAC0480}: [DhcpNameServer] 40.52.1.201 40.52.1.203
Tcpip\..\Interfaces\{BE91B70F-4A0C-4692-B02C-BF9510DBB81F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131184624394031239&GUID=D938EF67-AD44-43AA-92AF-4452520D8811
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131184624394376549&GUID=D938EF67-AD44-43AA-92AF-4452520D8811
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByE0E0BtA0D0F0AyBzyzztN0D0Tzu0SzzyEtBtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtBtAtB0AtAyCzytG0CyDtC0EtG0E0A0AtDtGtBzzzz0FtGyEtA0B0FyEtBtCyBzztAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByByB0DyByCyD0AtGtBtB0AyEtG0A0FyDtAtG0ByEtAtDtGtC0F0CtCtCtDyBzz0E0EtCyC2Q&cr=603667403&ir=
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-22] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-03-25] (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24] (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-22] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-22] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-03-25] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-22] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-30] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-13] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1577685660-3506437172-1987996859-1004: @nsroblox.roblox.com/launcher -> C:\Users\taran_000\AppData\Local\Roblox\Versions\version-6675f84c75f246df\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1577685660-3506437172-1987996859-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\taran_000\AppData\Local\Roblox\Versions\version-6675f84c75f246df\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1577685660-3506437172-1987996859-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\taran_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1577685660-3506437172-1987996859-1004: SkypePlugin -> C:\Users\taran_000\AppData\Local\SkypePlugin\7.16.0.22\npGatewayNpapi.dll [2016-03-04] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1577685660-3506437172-1987996859-1004: SkypePlugin64 -> C:\Users\taran_000\AppData\Local\SkypePlugin\7.16.0.22\npGatewayNpapi-x64.dll [2016-03-04] (Skype Technologies S.A.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
CHR Extension: (Google Docs) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Skype Calling) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-21]
CHR Extension: (Kaspersky Protection) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-05-18]
CHR Extension: (YouTube) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-05]
CHR Extension: (Google Docs Offline) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (AdBlock) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14]
CHR Extension: (Safe Money) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-05]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-05]
CHR Extension: (Virtual Keyboard) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR Extension: (Anti-Banner) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-14]
CHR Profile: C:\Users\taran_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-19]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-17] (Echobit LLC)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [File not signed]
S3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\WINDOWS\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [File not signed]
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2015-07-17] (Echobit, LLC)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [458336 2013-12-22] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29792 2013-12-22] (Kaspersky Lab)
S4 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [30304 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [178272 2013-12-22] (Kaspersky Lab ZAO)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-20] (Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 20:02 - 2017-04-20 20:02 - 00028237 _____ C:\Users\taran_000\Desktop\FRST.txt
2017-04-20 20:01 - 2017-04-20 20:02 - 00000000 ____D C:\FRST
2017-04-20 20:00 - 2017-04-20 20:00 - 02424832 _____ (Farbar) C:\Users\taran_000\Desktop\FRST64.exe
2017-04-19 14:15 - 2017-04-20 19:12 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-19 14:15 - 2017-04-20 19:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-19 14:15 - 2017-04-20 19:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-19 14:15 - 2017-04-19 14:15 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-19 14:15 - 2017-04-19 14:15 - 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-19 14:15 - 2017-04-19 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-19 14:15 - 2017-04-19 14:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-19 14:15 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-19 14:13 - 2017-04-19 14:14 - 60107896 _____ (Malwarebytes ) C:\Users\taran_000\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-19 13:54 - 2017-04-19 13:54 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-04-15 12:31 - 2017-04-15 12:31 - 00741779 _____ C:\Users\nmacd_000\Downloads\wendys fishing liscense.pdf
2017-04-15 12:26 - 2017-04-15 12:26 - 00741774 _____ C:\Users\nmacd_000\Downloads\nates fishing liscense.pdf
2017-04-14 22:52 - 2017-04-16 18:10 - 00000000 ____D C:\Users\taran_000\AppData\Local\FalloutShelter
2017-04-14 22:51 - 2017-04-14 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-04-14 22:28 - 2017-04-14 22:28 - 00000222 _____ C:\Users\taran_000\Desktop\Fallout Shelter.url
2017-04-14 14:17 - 2017-04-14 14:17 - 00000222 _____ C:\Users\taran_000\Desktop\Deathstate.url
2017-04-14 14:04 - 2017-03-31 20:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-14 14:04 - 2017-03-31 20:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-13 21:34 - 2017-03-21 08:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-04-13 21:34 - 2017-03-21 08:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-04-13 21:34 - 2017-03-21 08:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-04-13 21:34 - 2017-03-21 08:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-04-13 18:50 - 2017-03-25 14:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-13 18:50 - 2017-03-25 14:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-13 18:50 - 2017-03-25 14:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-13 18:50 - 2017-03-25 13:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-13 18:50 - 2017-03-25 13:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-13 18:50 - 2017-03-25 13:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-13 18:50 - 2017-03-25 12:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-13 18:50 - 2017-03-25 11:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-13 18:50 - 2017-03-25 11:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-13 18:50 - 2017-03-14 09:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-13 18:50 - 2017-03-09 16:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-13 18:50 - 2017-03-07 18:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-13 18:50 - 2017-01-14 15:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-13 18:50 - 2017-01-10 15:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-04-13 18:50 - 2017-01-10 14:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-04-13 18:50 - 2017-01-06 12:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-04-13 18:50 - 2017-01-06 12:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-04-13 18:49 - 2017-03-25 13:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-13 18:49 - 2017-03-25 13:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-13 18:49 - 2017-03-25 13:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-13 18:49 - 2017-03-25 13:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-13 18:49 - 2017-03-25 13:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-13 18:49 - 2017-03-25 13:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-13 18:49 - 2017-03-25 13:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-13 18:49 - 2017-03-25 13:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-04-13 18:49 - 2017-03-25 13:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-13 18:49 - 2017-03-25 13:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-13 18:49 - 2017-03-25 12:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-13 18:49 - 2017-03-25 12:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-13 18:49 - 2017-03-25 12:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-04-13 18:49 - 2017-03-25 12:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-13 18:49 - 2017-03-25 12:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-13 18:49 - 2017-03-25 12:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-13 18:49 - 2017-03-25 11:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-13 18:49 - 2017-03-25 11:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-13 18:49 - 2017-03-25 11:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-13 18:49 - 2017-03-25 11:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-13 18:49 - 2017-03-24 23:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-13 18:49 - 2017-03-24 13:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-13 18:49 - 2017-03-14 14:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-13 18:49 - 2017-03-14 09:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-13 18:49 - 2017-03-14 09:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-13 18:49 - 2017-03-14 09:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-13 18:49 - 2017-03-13 11:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-13 18:49 - 2017-03-13 11:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-13 18:49 - 2017-03-13 11:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-04-13 18:49 - 2017-03-13 11:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-13 18:49 - 2017-03-13 10:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-13 18:49 - 2017-03-13 10:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-13 18:49 - 2017-03-13 10:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-13 18:49 - 2017-03-12 10:04 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-13 18:49 - 2017-03-10 22:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-13 18:49 - 2017-03-10 22:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-13 18:49 - 2017-03-10 22:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-13 18:49 - 2017-03-10 22:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-13 18:49 - 2017-03-10 22:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-13 18:49 - 2017-03-10 22:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-13 18:49 - 2017-03-09 16:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-13 18:49 - 2017-03-09 14:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-13 18:49 - 2017-03-07 18:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-13 18:49 - 2017-03-04 14:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-13 18:49 - 2017-03-04 14:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-13 18:49 - 2017-03-04 13:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-13 18:49 - 2017-03-04 11:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-13 18:49 - 2017-03-03 10:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-13 18:49 - 2017-03-03 10:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-13 18:49 - 2017-03-03 10:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-13 18:49 - 2017-03-03 10:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-13 18:49 - 2017-02-11 13:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-13 18:49 - 2017-02-11 12:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-13 18:49 - 2017-02-11 11:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-04-13 18:49 - 2017-02-11 11:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-04-13 18:49 - 2017-02-10 14:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-13 18:49 - 2017-02-10 09:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-04-13 18:49 - 2017-02-04 12:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-13 18:49 - 2017-02-04 12:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-13 18:49 - 2017-02-04 12:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-13 18:49 - 2017-02-01 14:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-13 18:49 - 2017-02-01 14:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-13 18:49 - 2017-01-18 21:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-13 18:49 - 2017-01-18 09:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-13 18:49 - 2017-01-18 09:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-13 18:49 - 2017-01-14 14:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-13 18:49 - 2017-01-14 09:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-13 18:49 - 2017-01-12 11:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-04-13 18:49 - 2017-01-12 11:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-04-13 18:49 - 2017-01-12 01:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-04-13 18:49 - 2017-01-11 14:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-04-13 18:49 - 2017-01-11 12:28 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-04-13 18:49 - 2017-01-11 10:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-04-13 18:49 - 2017-01-10 17:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-04-13 18:49 - 2017-01-10 16:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-04-13 18:49 - 2017-01-10 14:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-04-13 18:49 - 2016-12-24 20:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-04-13 18:49 - 2016-12-24 20:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-04-13 18:49 - 2016-12-24 19:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-04-13 18:49 - 2016-12-24 19:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-04-13 18:49 - 2016-12-24 18:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-04-13 18:49 - 2016-12-09 03:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-04-06 18:31 - 2017-04-06 18:31 - 00000222 _____ C:\Users\taran_000\Desktop\Realm of the Mad God.url
2017-04-05 22:11 - 2017-04-05 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-04-05 22:10 - 2017-04-05 22:11 - 00000000 ____D C:\Program Files (x86)\Deluge

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 20:02 - 2016-07-22 18:02 - 00000296 _____ C:\WINDOWS\Tasks\{47B51777-8CCE-B9D1-4D5E-5E96E17D4A56}.job
2017-04-20 20:01 - 2016-07-22 18:01 - 00001004 _____ C:\WINDOWS\Tasks\Yahoo! Powered tocer.job
2017-04-20 19:56 - 2014-12-30 12:23 - 00000000 ___RD C:\Users\taran_000\OneDrive
2017-04-20 19:56 - 2014-12-30 11:15 - 00000000 ____D C:\Users\taran_000
2017-04-20 19:56 - 2013-12-22 07:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-04-20 19:42 - 2014-04-21 21:42 - 00000318 _____ C:\WINDOWS\Tasks\MySearchDial.job
2017-04-20 19:17 - 2014-09-24 02:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 19:17 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-04-20 19:10 - 2014-05-01 18:27 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-20 19:09 - 2016-09-05 17:08 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-04-20 19:09 - 2015-01-17 01:28 - 544558103 _____ C:\WINDOWS\MEMORY.DMP
2017-04-20 19:09 - 2015-01-17 01:28 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-20 19:09 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-19 18:50 - 2013-12-21 18:34 - 00000062 _____ C:\Users\taran_000\AppData\Roaming\sp_data.sys
2017-04-19 18:20 - 2016-07-22 18:01 - 00000000 ____D C:\Program Files\ByteFence
2017-04-19 18:20 - 2014-12-30 11:15 - 00000000 ____D C:\Users\Scott
2017-04-19 15:44 - 2016-12-16 18:00 - 00000000 ____D C:\Users\nmacd_000
2017-04-19 14:15 - 2014-05-01 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-18 20:48 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 19:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-18 18:37 - 2013-12-21 18:31 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-17 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-17 20:31 - 2014-07-23 18:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-15 12:13 - 2016-12-16 18:10 - 00000000 ____D C:\Users\nmacd_000\OneDrive
2017-04-14 23:01 - 2017-02-10 17:22 - 00000000 ____D C:\Users\taran_000\Desktop\Mods and mod tools
2017-04-14 21:11 - 2014-11-01 20:32 - 00000000 ____D C:\Users\taran_000\AppData\Local\nuclearthrone
2017-04-14 14:12 - 2016-12-27 22:25 - 00002360 _____ C:\Users\taran_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-04-14 14:02 - 2013-08-22 09:44 - 00486816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-14 01:29 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-04-14 01:29 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-14 01:29 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-13 21:43 - 2013-12-22 12:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-13 21:38 - 2013-12-22 12:35 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-13 21:38 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-13 18:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-13 18:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-06 18:00 - 2015-11-23 12:26 - 00000222 _____ C:\Users\taran_000\Desktop\Nuclear Throne.url
2017-04-05 20:58 - 2014-01-05 07:13 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 20:58 - 2014-01-05 07:13 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-23 17:22 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-23 13:12 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-23 13:07 - 2013-12-22 05:16 - 00000062 _____ C:\Users\Scott\AppData\Roaming\sp_data.sys
2017-03-23 13:04 - 2016-12-16 17:30 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Skype
2017-03-23 13:02 - 2014-12-30 12:11 - 00000000 ___RD C:\Users\Scott\OneDrive

==================== Files in the root of some directories =======

2015-05-17 01:03 - 2015-05-17 01:03 - 6420480 _____ () C:\Program Files (x86)\GUTE85D.tmp
2013-12-21 18:34 - 2017-04-19 18:50 - 0000062 _____ () C:\Users\taran_000\AppData\Roaming\sp_data.sys
2015-10-13 20:19 - 2015-10-13 20:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-26 07:42 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 07:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 07:42 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Windows\Tasks\{47B51777-8CCE-B9D1-4D5E-5E96E17D4A56}.job


Some files in TEMP:
====================
2016-05-27 23:26 - 2016-05-27 23:26 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Scott\AppData\Local\Temp\BSvcProcessor.exe
2016-05-27 23:26 - 2016-05-27 23:26 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Scott\AppData\Local\Temp\BSvcUpdater.exe
2015-09-09 22:29 - 2015-09-09 22:29 - 5311104 _____ () C:\Users\Scott\AppData\Local\Temp\npp.6.8.3.Installer.exe
2015-08-02 18:58 - 2015-08-02 18:58 - 0118784 _____ () C:\Users\Scott\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Link to post
Share on other sites

in the case its needed here is the addition.txt as well

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by taran_000 (20-04-2017 20:03:54)
Running from C:\Users\taran_000\Desktop
Windows 8.1 (Update) (X64) (2014-12-30 17:05:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1577685660-3506437172-1987996859-500 - Administrator - Disabled)
Guest (S-1-5-21-1577685660-3506437172-1987996859-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1577685660-3506437172-1987996859-1006 - Limited - Enabled)
nmacd_000 (S-1-5-21-1577685660-3506437172-1987996859-1009 - Administrator - Enabled) => C:\Users\nmacd_000
Scott (S-1-5-21-1577685660-3506437172-1987996859-1001 - Administrator - Enabled) => C:\Users\Scott
taran_000 (S-1-5-21-1577685660-3506437172-1987996859-1004 - Limited - Enabled) => C:\Users\taran_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Antichamber (HKLM\...\UDK-d708ea32-eac7-4992-b7b5-59c0df39e1a7) (Version:  - Epic Games, Inc.)
ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - )
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - )
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.3.0.23 - Byte Technologies LLC) <==== ATTENTION
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Cheat Engine 5.6.1 (HKLM-x32\...\Cheat Engine 5.6.1_is1) (Version:  - Dark Byte)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deathstate (HKLM\...\Steam App 402120) (Version:  - Bread Machine Games)
Deluge 1.3.14 (HKLM-x32\...\Deluge) (Version:  - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Mod Tools (HKLM-x32\...\Steam App 245850) (Version:  - )
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support) <==== ATTENTION
Duck Game (HKLM\...\Steam App 312530) (Version:  - Landon Podbielski)
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
Dungeon of the Endless (HKLM\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GitHub (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\5f7eb300e2ea4ebf) (Version: 2.2.0.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4919.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Nuclear Throne (HKLM\...\Steam App 242680) (Version:  - Vlambeer)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4919.1002 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc)
Pandora (x32 Version: 2.0.10 - Pandora Media, Inc) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{0A1F8721-8B7C-4100-9E9E-30A2CC597996}) (Version: 2.38.0 - The Pokémon Company International)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
ROBLOX Player for taran_000 (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for taran_000 (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Web Plugin (HKLM-x32\...\{95DC2B0B-2FE2-4574-B90D-0C3F70A1D67A}) (Version: 7.16.0.22 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.2.3908.0 - Hi-Rez Studios)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Starbound - Unstable (HKLM\...\Steam App 367540) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Basement Collection (HKLM\...\Steam App 214790) (Version:  - Edmund McMillen, Tyler Glaiel)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Town of Salem (HKLM-x32\...\Steam App 334230) (Version:  - BlankMediaGames)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unity Web Player (HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-1fa9e548-0b2d-4d37-ae94-d783a759e8e4) (Version:  - Epic Games, Inc.)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Wickland (HKLM\...\UDK-88e76af9-542e-44e6-b32b-7b018e5a8a56) (Version:  - Epic Games, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\taran_000\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\taran_000\AppData\Local\SkypePlugin\7.16.0.22\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004_Classes\CLSID\{DAE9308A-E672-4D4C-B8D9-996CDF4D30E9}\InprocServer32 -> C:\Users\taran_000\AppData\Local\SkypePlugin\7.16.0.22\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\taran_000\AppData\Local\Roblox\Versions\version-6675f84c75f246df\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004_Classes\CLSID\{FE953B23-7D14-4905-9A67-B77389FBA857}\localserver32 -> C:\Users\taran_000\AppData\Local\SkypePlugin\7.16.0.22\GatewayVersion-x64.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MySearchDial.job => 
Task: C:\WINDOWS\Tasks\Yahoo! Powered tocer.job => 
Task: C:\WINDOWS\Tasks\{47B51777-8CCE-B9D1-4D5E-5E96E17D4A56}.job => 

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-27 16:38 - 2017-01-31 07:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-24 18:09 - 2013-04-24 18:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-24 18:07 - 2013-04-24 18:07 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-24 18:12 - 2013-04-24 18:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2017-04-19 15:39 - 00451909 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15495 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\taran_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\Run: => "MRT"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\StartupApproved\Run: => "Driver Support"
HKU\S-1-5-21-1577685660-3506437172-1987996859-1004\...\StartupApproved\Run: => "5EB4A6697A39DEDC106F8EE17B233C3BC4AFD314._service_run"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3F2D0589-EC87-4B24-856C-0B3E89E4FAA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{D03C74E9-969F-4675-B3C8-987662AEB3F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{32C5972B-3960-46D0-9989-ECF51B90AC92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{88DBF8C2-EC84-48BF-815A-B51C93D1B7EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{2239EAC7-50CD-44B5-8647-2B0B7F941C55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D0AD3295-464E-4B00-90B6-BC9A34729D25}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B9F82890-5A1E-4300-B4DB-CC421021D550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{47E02207-A930-40A8-A57D-034BB15FD3DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{A9647761-C19B-4875-89F8-131A69A99143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{535C9A3F-F2CA-4524-A8BE-265A7484FAA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{3F45E18C-1213-47AF-A76C-7198BE7099E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\ModUploader.exe
FirewallRules: [{01B99523-F1A0-4541-BBE9-F7D026A2BA50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\ModUploader.exe
FirewallRules: [{5976EE28-E212-423D-871F-2065984F10C0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AF03328-41C0-4E96-99D8-62E330D7F738}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CE011F32-2706-4886-B03F-42392DAAAE95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{637B89C6-CF17-4F42-82AA-0A7699957E63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BB54A3CD-CE88-46A4-966A-73B0BDE93B68}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{61E47CB4-4C22-401E-8FF9-38511D66AE03}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{5BDF8339-7EC9-4560-B6EB-059758E91EAF}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{FB4CE4E5-4DBD-44C8-AB8B-EBF4887F2836}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{70A04E84-372A-4D3D-B31F-D4BDC453CCEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{5D91721A-63BA-49D4-B479-4E3279839599}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FB0F585A-F37C-4D64-B147-21FD3C55A8F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{377AFDC3-5925-4826-B90F-9DC345BA77A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{40B0C0FD-6639-4632-9844-A16EA884D2C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{62B2E250-C25A-4A90-8DE6-67C793305D3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{9E99DB14-F133-4F98-AC5D-1DEC9FE08CEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{C7EE2BBE-1AA0-4132-ACD1-A2AF5672E536}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58C820B8-5DBD-4CB9-914D-AF7F25F10229}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9E835905-E224-44C0-A818-B972D817FB78}] => (Allow) LPort=1900
FirewallRules: [{DB976C7D-0F91-4268-89D9-93C9888B22BF}] => (Allow) LPort=2869
FirewallRules: [{7DDB678C-AD17-4EE6-8C24-64C1BF85C773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5B3A2EE7-A6CE-48D8-985B-9CDE8AF4A184}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{09C12370-254A-4B4F-AA62-A85F2E1F5175}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [TCP Query User{7804EAD6-0E9C-4501-86B0-E8CBB820730C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1C5119F6-2CC7-4CFB-A04E-D84E92FC5974}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{23CFA587-5C54-4CCD-A63D-34C3091C8DBB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D511FD5C-EAB9-45F5-918F-3294FD6E6CB3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{742E60B0-8AC6-47D1-A7DD-C6787DEE5768}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{A600C8F3-4EAA-42C3-B462-39C06D8441F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{F2067AE1-8B3A-4791-84F9-8E245B86C6CB}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{5D10B16C-546D-4FCE-A39E-5A8444847896}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{921AF82F-680E-4D03-8036-4A6B4EAB7C84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{62DC6D57-E507-4D3D-86CA-479301685D81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{EEB71479-D35B-4578-8DF3-3E35F44D72AC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9F72328F-8443-49CE-B547-B5D1DF4BA169}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{6300A2DA-683B-4CC8-BE93-8DA15F46B93C}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E5A9A20E-2036-48EB-92F5-3327232F2699}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FE989BAA-3628-446E-987B-C4BC21E7B296}C:\users\taran_000\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\taran_000\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{841375A4-314C-4DFA-9345-3790FEE4ED60}C:\users\taran_000\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\taran_000\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{74A65E85-5E51-4B26-9462-2F23EBAD1865}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{20350D1A-55B7-4FCA-B051-C8142BF24E5A}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{A8AC957D-7650-4799-9288-DBAACC998B1B}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Block) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{AEAB053E-9D15-40A0-9357-730EC08BE93E}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Block) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{1473EBA3-221D-4784-AF6F-874BEB978D24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{590C0BFB-3E2E-49D1-AAA7-DE5C9246719E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{2A8D8E2A-AD08-4182-A8B8-181AF1BB0D24}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6B7EB636-04F9-4CEB-90EA-6327E5C4A440}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{B7BAAC01-D744-42ED-BEEE-2C08B84F6CBB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7AB1C542-4E1F-4524-8404-F6B78546C543}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{769949F1-B98D-4AF2-B73C-95DDCFEEBA94}C:\users\taran_000\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe
FirewallRules: [UDP Query User{0BAC9A81-C149-4912-858E-F26049AC4F2A}C:\users\taran_000\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe
FirewallRules: [TCP Query User{5BC768B4-F4BA-4393-A328-2A9B180B539D}C:\users\taran_000\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\taran_000\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [UDP Query User{4500E354-E947-4508-A00B-33004A66A52F}C:\users\taran_000\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe] => (Allow) C:\users\taran_000\appdata\local\skypeplugin\7.5.0.127\pluginhost.exe
FirewallRules: [{12F10CC1-5E08-4076-9B53-5CDB2C21270E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wickland\Binaries\Win32\Wickland.exe
FirewallRules: [{19A7F631-FD01-4EE9-B961-A8DB88C105C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wickland\Binaries\Win32\Wickland.exe
FirewallRules: [{DCE0EC8F-39F5-4FDC-9EEA-D41FD23E851C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAFCFD66-6F97-493A-8791-0782EB0F44CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F913CA0A-4CAB-4E82-90E1-723F57DA7141}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{B339EE1D-0B68-4BD8-80BC-5D1C2ADC943D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [TCP Query User{EFD2B087-69AD-43CC-9687-67BC60D8736B}C:\users\taran_000\appdata\local\skypeplugin\7.6.0.295\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.6.0.295\pluginhost.exe
FirewallRules: [UDP Query User{5246FE8F-0CD8-41F7-8DEE-1ECBB9254539}C:\users\taran_000\appdata\local\skypeplugin\7.6.0.295\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.6.0.295\pluginhost.exe
FirewallRules: [{640B23CF-4000-453B-8C33-29D21561658B}] => (Allow) C:\Users\taran_000\AppData\Local\Temp\7zS63BE\HP.EasyStart.exe
FirewallRules: [{38B33E18-9AF5-45C9-96B4-6D99FB736260}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{09C5F68B-D430-42CA-9C27-AFEDD708D2F5}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{E73B6E14-2F80-4219-BE32-B98511E8C129}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{0F747822-8DEA-4C4E-A53E-E0239C230822}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{602E21D6-088F-42B2-A2FD-35B8B1AE5F11}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{10241706-F73A-4D3F-B004-F1519D8EF3C8}] => (Allow) LPort=5357
FirewallRules: [{6D26393A-D0D1-42A9-92A4-0527F0109350}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6D4246C6-C84D-42C3-8C19-EA875716DD7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{8AF58F9B-CCEA-4AC5-AFBC-952E7BAD0620}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{4CBCA2E1-5F3A-4F9B-875C-7A7D4EDE0C14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{FB8E6DC0-B233-4AEF-BB6D-BD742CB5401B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{EBA91D34-5A51-41A1-BA39-882E36B8A749}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{2F9CCB13-761E-4813-943C-5CB0A0F317EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{3342E6D1-3FF2-4D36-8A77-03E66D887D0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{41C5E79B-DEE2-4A22-843A-0F761123A8DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{1C450590-3844-4F29-A639-36B2D2CD5518}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{B4A31814-7542-41A8-BD5F-8AF44230E1AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{978047A5-35CF-4AD8-B382-0DC4DD05510E}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Block) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [UDP Query User{91E1DF6D-A909-449F-A68D-57DDE449BEDC}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Block) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [{BEA8A7BF-EB03-428E-8CB5-FB981C9DBE62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{AC8821C2-41CD-4E64-B36F-9795F3039079}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{40A1EC88-51F1-4436-B509-23378327CDBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{B778C9C6-CED3-40E6-A0C3-E90E15EBD5D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{0350E655-B890-4FFD-AF4D-DAC5D0051172}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{7BE8BBA6-E133-47A6-A702-84BA31009C55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [TCP Query User{411D5B84-B978-4DDC-AF64-3935F73EB07B}C:\users\taran_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [UDP Query User{003A8B4B-533E-4F82-B3BE-831D80D94AE6}C:\users\taran_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [{E8061158-1B44-42A3-B419-3DB01C0F4BE2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{EEFEE06F-E996-4343-B0AE-8B5212C53FB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{8407105C-4767-4792-9CAC-55454F549139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{7E2AF0EA-052F-4F1A-9AD6-5DA1CCAABA25}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5B7A0075-0A49-409D-8ABE-C685CEF63D19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{2DD5C7FF-1B0E-4A01-8A6D-809E9DB5382A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0887BA6D-4BD7-4F82-9E5C-C425729EEA69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{F3A92F90-FE41-40FD-BFA7-7D30EDFE67FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{239A7780-2D27-4424-A3C4-411DF8A7259A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E7AB1618-E431-4A91-88D3-F48553319A4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{96CC1B59-252E-4614-B086-34ED64FD8ED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{E06F2B17-703F-4058-9329-C6DBC314A507}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [TCP Query User{A73D0BC4-C9E5-4958-9D1B-65B75CA4A4DA}C:\users\taran_000\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe
FirewallRules: [UDP Query User{AFA73679-0F2C-460C-BC45-ECEDA0992E16}C:\users\taran_000\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe
FirewallRules: [TCP Query User{7D529BF9-AEBA-4617-B7B9-2A16CD548D1B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{90389962-3309-472B-8BFC-1664989C0AFA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8E0B3AE1-8999-49EE-9765-8D18E74299DE}C:\users\taran_000\appdata\local\skypeplugin\7.16.0.22\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.16.0.22\pluginhost.exe
FirewallRules: [UDP Query User{AE286715-8B93-4709-AE2B-866E17EDB2D9}C:\users\taran_000\appdata\local\skypeplugin\7.16.0.22\pluginhost.exe] => (Block) C:\users\taran_000\appdata\local\skypeplugin\7.16.0.22\pluginhost.exe
FirewallRules: [{7191AAD3-41CA-497E-8C51-4FB9CD77E38D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{DEA5C73E-D8FB-4F81-9C9F-36F090A745B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{943630F5-544A-45E6-8098-A9D079D4EA5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{41CA8D78-AFC4-4877-AEFE-00A924DF6610}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{BAF48D24-7B95-4AEC-961D-DEB908E5919F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{AAE84AEE-D72B-468F-B1A5-70290247388F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{3B594A7D-AA5B-4E7C-B143-DB5BFED2472F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{E01BCB81-966C-4C2D-BB30-85DB418E1DB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{57E66A20-0902-437B-AD02-FFAE3302466D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{0D286B7C-FAD3-4941-92B0-88DE4DBCCD5A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{81D2FD3C-3BC6-4A00-97AA-FA4DD6BC404C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{165D7441-526D-4A1B-929D-A558A171F3B4}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{160633B9-953D-46DB-BA29-8461A41C6067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{D41EB2D8-C090-4D60-9F8F-41A7993890A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{BC94718E-F445-4B1C-8178-575C49D7AC6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{420DF211-AC5C-4605-84FF-D59BBD006F9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{E15999F2-6BEE-477C-B17D-7A3EBF055D62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{2658AC0F-C08D-4AD8-A776-008D64F73A0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{6603E3AE-40F1-4A04-BBEF-31EEABF5CD32}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{EFC3D66F-A849-46A2-B6FF-AD18C56A7DD6}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{3C7336FB-FE64-4335-8BFF-619C72252F40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{68C3DCD3-1441-4026-B431-FCB8F8107DA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{D849F190-EBDD-4376-8331-5642935CCE0F}] => (Allow) C:\Users\Scott\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EA418F38-0B7D-419D-A9D9-434EF489ABF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{8C9AF599-AF34-42BE-9612-512EB47AFDFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{DCAE404F-31FC-433B-A5F4-D27389D8EBAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\basement\The Basement Collection.exe
FirewallRules: [{3D4357EF-25FE-47F4-9C55-99C4B43F2915}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\basement\The Basement Collection.exe
FirewallRules: [{E31D2D22-D72D-42F0-A5B9-527F6BDB1765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{C53140D5-7B61-4D3C-840E-82E121B939AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [TCP Query User{D03CA493-DF37-446B-99D1-B908DB129F43}C:\program files (x86)\steam\steamapps\common\nuclear throne\nuclearthroneultramod0.09.exe] => (Block) C:\program files (x86)\steam\steamapps\common\nuclear throne\nuclearthroneultramod0.09.exe
FirewallRules: [UDP Query User{E7E6BEE1-FC8A-47E7-9CAE-0C58DEE44825}C:\program files (x86)\steam\steamapps\common\nuclear throne\nuclearthroneultramod0.09.exe] => (Block) C:\program files (x86)\steam\steamapps\common\nuclear throne\nuclearthroneultramod0.09.exe
FirewallRules: [{A4834142-6FCA-46E2-A4BF-F05F97B3573E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{FD7E6C41-943B-45B4-A489-7AF0025F1DD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{F8D945BE-8F4E-425C-9EBA-FE86C277784F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F0484F0-11B3-41D4-A5A1-B0FEDC3E074D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A906A7F-F3FC-451C-926E-BE7089BEB733}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6998914A-5F78-4789-8C29-398A53B5CA63}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D5C795A3-2F06-4899-9AE3-03C3FB12D5E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D833CAC-AF09-4A0B-81F8-59B75F0C2199}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{028A0414-9714-4DD2-9660-A1B8E27C0671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A7BF8013-2196-4514-B2C8-CB760DD8BD4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D68D0B71-0107-4912-9881-B00FAB82DE7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D655C36E-6EA8-47D0-A45D-92E184245654}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB2BF75F-D9D8-4297-B93C-BDC64A64AF45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{AD46BA08-92B9-4718-A39D-651A87B4591B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{4BE9FBBA-D405-4378-8461-866126E90C6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F66984E-35A6-46E1-8FB8-E92E5FB60F7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A9A40D8B-6A46-42F5-9E96-AAA8EBC080EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5B219BC5-93E0-4E50-8FCD-6CAF70C2AEED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F614283-8C70-47D0-A4C6-1FB77B4393A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{BF588F1C-71F3-46BA-B6BA-B81DDC50FFBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EDDCD139-D887-4E7B-9C9B-B9E9B09A7EB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3818046E-DDAA-4350-A797-A5B1FA9E753E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE03197B-7C27-4BC4-8C8C-3BF70E6B125F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59DD4373-DE44-4AFA-AA07-DA93650D9A0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9842FF16-4A7F-4C15-8E22-8DADF12E4C96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEF832B9-55E8-40A2-80DA-A0DDE701E8EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDD0B010-E7A0-4D14-8241-92DBCF9CD97E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{6E756D93-5B6C-461E-94CD-B21B1935FACD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{FEA8EFCC-23D7-405A-A236-0BC23932D668}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EAB31409-3E12-4F16-A38D-CC64651AF9B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E1C8CE00-04E9-4C3D-96D5-010A0241BF5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{9ABEDEC3-0C47-490F-9FEC-BCDBCE20692B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{349442B9-BA17-4582-A1B0-8279A30D19B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{269E389B-D002-48BC-9EDE-7251FA57C7BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{0DDF0D03-6BB4-47CC-82AC-1A092ADAA7DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{71D2DB0F-6B1F-41A1-8C6D-00A159D2C9E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{C84DC4F6-95CA-44F7-93FE-96179A5B60AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{23494AD8-2688-4D43-9A8F-886327342494}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{176451F6-C831-42E4-A3FD-B2B0B4F48B22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{F9D29989-89C1-48F0-86E1-770E18F958A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{988F4AA8-BDF0-47E2-BE2D-FD84550EB9CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{D509D3B1-96B2-4BFB-99C9-B7A299A48E7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{8DD7972E-C2F0-41B8-AF9F-64643806A86A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{28144964-4DDA-468D-A011-68FA5929A142}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{F88ED68D-6D31-4C54-8B43-01EFD8386C07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{8B8961C9-76B2-4B2B-8014-D711F949B74B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{D4436BC5-7D26-45BF-B31C-1E011CFAC4AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{13226AC9-750D-40B1-B719-96164DB3188D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Spriter\Spriter.exe
FirewallRules: [{11A68FF0-76CB-40E8-AD22-71B5A78D91E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{020361C0-8952-4FE7-B080-01A8FBD44E0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\FMOD_Designer\fmod_designer.exe
FirewallRules: [{0EB57152-ECC3-4A46-BBDC-CB4B152D038E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{C45C6E84-8EF4-4787-8322-D90C89174B78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Tiled\tiled.exe
FirewallRules: [{EEFBF414-1B99-4725-B3B1-109074F33998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{060BBEBC-A86F-4113-8591-236F5989E5F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Mod Tools\mod_tools\Sublime\sublime_text.exe
FirewallRules: [{79E2EE56-2C45-4203-ACA9-2765449936F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{D89856EA-BC63-4C8D-AA62-3E2520DF8C3C}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{CDA312A4-97A4-4DED-AAE4-D8301D64A670}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{9A8B501E-9A2C-4818-90B4-5CE103438543}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{AD6D32D8-F567-459D-9BAA-30BCF8B4BE41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{0026CDD9-818A-4895-BCD7-DA4E30382A45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deathstate\Deathstate.exe
FirewallRules: [{4583E720-E007-4339-86E1-695E1EA48FD0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deathstate\Deathstate.exe
FirewallRules: [{B002F0BE-DEB1-497A-BD9C-7C93BB525976}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C3399513-82AA-4E3B-8818-1D8A45686E70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5660C167-7E30-41D2-893A-851A3C4A94A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{FF517284-960E-4B30-A50C-3E639D3B89B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Shelter\FalloutShelter.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Bluetooth module
Description: Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2017 07:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9
Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6ee3
Exception code: 0xc0000005
Fault offset: 0x000000000003a02f
Faulting process id: 0x1030
Faulting application start time: 0x01d2ba350f673e5e
Faulting application path: C:\WINDOWS\system32\MRT.exe
Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll
Report Id: c52c5770-2628-11e7-bf63-bcee7b4eb3df
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/20/2017 09:12:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (04/19/2017 03:45:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ath_CoexAgent.exe, version: 8.0.0.270, time stamp: 0x50af28a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x42cad2c0
Faulting process id: 0x188c
Faulting application start time: 0x01d2b94dd4c0cb84
Faulting application path: C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
Faulting module path: unknown
Report Id: 131dc7b8-2541-11e7-bf60-bcee7b4eb3df
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/19/2017 02:38:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (04/19/2017 01:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x748
Faulting application start time: 0x01d2b93e1bf6f0f5
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: 6312cb2d-2531-11e7-bf5f-bcee7b4eb3df
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/18/2017 06:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Realm of the Mad God.exe, version: 0.0.0.0, time stamp: 0x4eb75f49
Faulting module name: SteamANE.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f443168
Exception code: 0xc0000005
Fault offset: 0x00001537
Faulting process id: 0x2a38
Faulting application start time: 0x01d2b8866b5db963
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
Faulting module path: SteamANE.dll
Report Id: ef78b0cb-248f-11e7-bf5e-bcee7b4eb3df
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/17/2017 08:34:34 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (04/17/2017 08:34:33 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (04/17/2017 08:34:17 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (04/17/2017 08:25:39 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {216982BF-EAE0-43E4-8DA1-BAAF5B8B3F1E}


System errors:
=============
Error: (04/20/2017 07:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rtop service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/20/2017 07:09:36 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffe00138400a10, 0xfffff80145e8ca60, 0xffffe00137dbcc10). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 042017-47375-01.

Error: (04/20/2017 07:09:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:56:49 AM on ‎4/‎20/‎2017 was unexpected.

Error: (04/20/2017 09:15:37 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/20/2017 09:13:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (04/20/2017 09:13:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/20/2017 09:13:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (04/19/2017 07:21:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2017 06:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rtop service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/19/2017 06:13:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:46:00 PM on ‎4/‎19/‎2017 was unexpected.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 53%
Total physical RAM: 3981.74 MB
Available physical RAM: 1846.77 MB
Total Virtual: 8077.74 MB
Available Virtual: 5835.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:146.64 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Edited by Computer_idiot
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.