waynejensen Posted December 12, 2017 ID:1191004 Share Posted December 12, 2017 (edited) Hello. Firstly i have searched your forums for mediaplex and disturbingly found only one obscure match in a thread that left me breathless. This is the animal that keeps popping, mediplex and is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting!". Note - I have not responded to this. Lo as i speak it returns!!. As the previous link noted the use of free malwarebytes and i have the premium, well its this or a lifetime of clicking red X,es. Thanks, Wayne. Edited December 12, 2017 by AdvancedSetup Removed linkks to unsafe sites Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191005 Share Posted December 12, 2017 Hello @waynejensen and I have removed part of your message as it contains links to potentially unsafe sites. Please run the following steps and post back the logs as an attachment when ready and we'll get you cleaned up.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191008 Share Posted December 12, 2017 As per, step 1, # AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 12 09:05:26 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-11-2017.1 # Running on Windows 7 Professional (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Ask, C:\ProgramData\Ask PUP.Optional.Ask, C:\ProgramData\Application Data\Ask PUP.Optional.Ask, C:\Users\All Users\Ask Rogue.ForcedExtension, C:\ProgramData\apn Rogue.ForcedExtension, C:\ProgramData\Application Data\apn Rogue.ForcedExtension, C:\Users\All Users\apn ***** [ Files ] ***** No malicious files found. Preparing to reboot, step 2. Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191009 Share Posted December 12, 2017 Step 2, # AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 12 09:12:12 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\Ask Deleted: C:\ProgramData\Application Data\Ask Deleted: C:\Users\All Users\Ask Deleted: C:\ProgramData\apn Deleted: C:\ProgramData\Application Data\apn Deleted: C:\Users\All Users\apn ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [2493 B] - [2017/12/12 9:5:26] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191011 Share Posted December 12, 2017 step 3a, Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2017 Ran by Wayne Jensen (administrator) on WAYNEJENSEN-PC (12-12-2017 19:20:44) Running from C:\Users\Wayne Jensen\Downloads Loaded Profiles: Wayne Jensen (Available Profiles: Wayne Jensen) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\Run: [Google Update] => C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.) HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\RunOnce: [Application Restart #0] => C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.) HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\MountPoints2: {63688df6-5e16-11e2-8b51-14dae903f6ba} - E:\win\setup.exe -phs HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\MountPoints2: {87559051-d526-11e0-b4f9-806e6f6e6963} - D:\autorun.exe HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\MountPoints2: {e2ce0723-d511-11e0-8b05-806e6f6e6963} - D:\.\Bin\ASSETUP.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{3AC50D60-7113-488B-92E9-A89AF074FFFF}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{5D712F85-535A-4080-9B6D-2FFCC28141BB}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{7B618A4E-5D0D-4709-85CC-4BA95974054B}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{B0A28EA7-0CA3-4CC4-A003-63F213DF2F4A}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{E3BE7F8B-FC75-476F-A514-D47AEA2C4B42}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3399296086-530735103-1438226696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation) DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab FireFox: ======== FF DefaultProfile: s68pb3i7.default-1402363150784-1512793198504 FF ProfilePath: C:\Users\Wayne Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\s68pb3i7.default-1402363150784-1512793198504 [2017-12-12] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-02] () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-02] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll [No File] FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll [No File] FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll [No File] FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File] FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File] FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3399296086-530735103-1438226696-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin HKU\S-1-5-21-3399296086-530735103-1438226696-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=4F3B4AF2-ECF3-42D3-A71C-7C2E77E4D395&apn_ptnrs=%5EU3&apn_sauid=25FD3715-EF7D-41B8-8E4C-8B6712DAB202&apn_dtid=%5EYYYYYY%5EYY%5EAU&q={searchTerms} CHR DefaultSearchKeyword: Default -> ask.com CHR DefaultSuggestURL: Default -> hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR Profile: C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default [2017-12-12] CHR Extension: (YouTube) - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-23] CHR Extension: (Google Search) - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-10] CHR Extension: (Gmail) - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-23] CHR Extension: (Chrome Media Router) - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-10] StartMenuInternet: Google Chrome - C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-06] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-06] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-25] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-11] () R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-11] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-12-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-12-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-12] (Malwarebytes) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [29392 2017-05-07] () [File not signed] S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2012-05-22] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [108800 2012-05-28] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [253440 2012-05-28] (Sierra Wireless Inc.) S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated) S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-12 19:20 - 2017-12-12 19:22 - 000014323 _____ C:\Users\Wayne Jensen\Downloads\FRST.txt 2017-12-12 19:20 - 2017-12-12 19:20 - 000000000 ____D C:\FRST 2017-12-12 19:19 - 2017-12-12 19:19 - 002392064 _____ (Farbar) C:\Users\Wayne Jensen\Downloads\FRST64.exe 2017-12-12 19:03 - 2017-12-12 19:12 - 000000000 ____D C:\AdwCleaner 2017-12-12 19:02 - 2017-12-12 19:03 - 008187336 _____ (Malwarebytes) C:\Users\Wayne Jensen\Downloads\adwcleaner_7.0.5.0.exe 2017-12-08 04:26 - 2017-12-08 04:26 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-11-24 13:41 - 2017-12-12 19:14 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-15 10:51 - 2017-10-18 17:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-11-15 10:51 - 2017-10-18 16:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-11-15 10:51 - 2017-10-18 12:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2017-11-15 10:51 - 2017-10-18 12:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2017-11-15 10:51 - 2017-10-17 09:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-15 10:51 - 2017-10-17 08:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-11-15 10:51 - 2017-10-17 07:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-11-15 10:51 - 2017-10-14 18:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-15 10:51 - 2017-10-14 18:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-11-15 10:51 - 2017-10-14 18:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-11-15 10:51 - 2017-10-14 18:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-11-15 10:51 - 2017-10-14 18:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-11-15 10:51 - 2017-10-14 18:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-11-15 10:51 - 2017-10-14 18:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-11-15 10:51 - 2017-10-14 18:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-11-15 10:51 - 2017-10-14 18:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-11-15 10:51 - 2017-10-14 18:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-15 10:51 - 2017-10-14 18:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-11-15 10:51 - 2017-10-14 18:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-11-15 10:51 - 2017-10-14 18:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-11-15 10:51 - 2017-10-14 18:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-15 10:51 - 2017-10-14 18:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-11-15 10:51 - 2017-10-14 18:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-11-15 10:51 - 2017-10-14 18:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-15 10:51 - 2017-10-14 17:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-11-15 10:51 - 2017-10-14 17:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-11-15 10:51 - 2017-10-14 17:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-11-15 10:51 - 2017-10-14 17:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-11-15 10:51 - 2017-10-14 17:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-11-15 10:51 - 2017-10-14 17:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-11-15 10:51 - 2017-10-14 17:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-11-15 10:51 - 2017-10-14 17:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-11-15 10:51 - 2017-10-14 17:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-11-15 10:51 - 2017-10-14 17:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-11-15 10:51 - 2017-10-14 17:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-11-15 10:51 - 2017-10-14 17:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-11-15 10:51 - 2017-10-14 17:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-11-15 10:51 - 2017-10-14 17:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-11-15 10:51 - 2017-10-14 17:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-11-15 10:51 - 2017-10-14 17:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-15 10:51 - 2017-10-14 17:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-11-15 10:51 - 2017-10-14 17:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-15 10:51 - 2017-10-14 17:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-11-15 10:51 - 2017-10-14 16:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-11-15 10:51 - 2017-10-14 16:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-11-15 10:51 - 2017-10-14 16:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-11-15 10:51 - 2017-10-14 16:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-11-15 10:51 - 2017-10-14 16:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-11-15 10:51 - 2017-10-14 16:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-11-15 10:51 - 2017-10-14 16:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-11-15 10:51 - 2017-10-14 16:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-11-15 10:51 - 2017-10-14 16:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-11-15 10:51 - 2017-10-14 16:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-11-15 10:51 - 2017-10-14 16:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-11-15 10:51 - 2017-10-14 16:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-11-15 10:51 - 2017-10-14 16:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-11-15 10:51 - 2017-10-14 16:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-11-15 10:51 - 2017-10-14 16:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-11-15 10:51 - 2017-10-14 16:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-11-15 10:51 - 2017-10-14 16:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-11-15 10:51 - 2017-10-14 16:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-11-15 10:51 - 2017-10-14 16:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-11-15 10:51 - 2017-10-14 16:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-11-15 10:51 - 2017-10-14 16:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-11-15 10:51 - 2017-10-14 16:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-11-15 10:51 - 2017-10-14 16:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-11-15 10:51 - 2017-10-14 16:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-11-15 10:51 - 2017-10-14 16:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-11-15 10:51 - 2017-10-14 16:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-11-15 10:51 - 2017-10-14 16:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-11-15 10:51 - 2017-10-14 16:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-11-15 10:51 - 2017-10-14 16:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-11-15 10:51 - 2017-10-14 16:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-11-15 10:51 - 2017-10-12 10:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2017-11-15 10:51 - 2017-10-12 10:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2017-11-15 10:51 - 2017-10-12 10:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2017-11-15 10:51 - 2017-10-12 10:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2017-11-15 10:51 - 2017-10-12 10:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-11-15 10:51 - 2017-10-12 10:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-11-15 10:51 - 2017-10-12 10:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-11-15 10:51 - 2017-10-12 10:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-11-15 10:51 - 2017-10-12 10:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2017-11-15 10:51 - 2017-10-12 10:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2017-11-15 10:51 - 2017-10-12 10:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2017-11-15 10:51 - 2017-10-12 10:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-11-15 10:51 - 2017-10-12 10:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-11-15 10:51 - 2017-10-12 10:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2017-11-15 10:51 - 2017-10-12 10:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2017-11-15 10:51 - 2017-10-12 10:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2017-11-15 10:51 - 2017-10-12 10:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2017-11-15 10:51 - 2017-10-12 10:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2017-11-15 10:51 - 2017-10-12 10:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2017-11-15 10:51 - 2017-10-12 10:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-11-15 10:51 - 2017-09-07 23:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-11-15 10:50 - 2017-10-18 12:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-11-15 10:50 - 2017-10-18 12:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-11-15 10:50 - 2017-10-16 08:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2017-11-15 10:50 - 2017-10-04 23:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-11-15 10:50 - 2017-10-04 23:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-12 19:20 - 2009-07-14 15:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-12 19:20 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf 2017-12-12 19:14 - 2017-10-11 22:18 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-12-12 19:14 - 2017-10-11 22:18 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-12-12 19:14 - 2017-09-03 14:04 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-12-12 19:14 - 2016-11-20 13:02 - 000000000 ____D C:\Users\Wayne Jensen\AppData\LocalLow\Mozilla 2017-12-12 19:13 - 2011-09-02 15:42 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-12 19:13 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-12 18:39 - 2009-07-14 14:45 - 000026208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-12 18:39 - 2009-07-14 14:45 - 000026208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-12 18:20 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\tracing 2017-12-12 18:13 - 2015-09-24 22:47 - 000000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000UA.job 2017-12-11 23:32 - 2014-08-26 22:43 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Local\Battle.net 2017-12-11 22:18 - 2015-09-24 22:47 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000Core.job 2017-12-11 22:09 - 2013-05-15 17:49 - 000000000 ____D C:\Users\Wayne Jensen\Desktop\StarCraft II 2017-12-11 22:08 - 2014-08-26 22:43 - 000000000 ____D C:\Program Files (x86)\Battle.net 2017-12-09 16:17 - 2012-11-12 07:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-09 14:20 - 2014-06-10 11:19 - 000000000 ____D C:\Users\Wayne Jensen\Desktop\Old Firefox Data 2017-12-09 14:18 - 2017-05-23 16:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-08 21:49 - 2011-10-30 18:48 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Local\CrashDumps 2017-12-08 12:34 - 2015-09-24 22:47 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Local\Dropbox 2017-12-08 12:34 - 2012-02-26 15:13 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Roaming\Dropbox 2017-12-02 02:14 - 2015-07-09 16:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-12-01 03:17 - 2009-07-14 15:08 - 000032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-11-24 20:15 - 2016-05-01 07:42 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-17 18:27 - 2016-11-28 21:49 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Local\Ubisoft Game Launcher 2017-11-17 13:56 - 2011-09-22 20:33 - 000000000 ____D C:\Users\Wayne Jensen\AppData\Roaming\Mozilla 2017-11-16 15:02 - 2015-07-06 02:59 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-11-16 04:37 - 2012-02-10 20:58 - 000003520 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000UA 2017-11-16 04:37 - 2012-02-10 20:58 - 000003248 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000Core 2017-11-15 17:17 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\rescache 2017-11-15 12:41 - 2013-07-20 10:49 - 000000000 ____D C:\Windows\system32\MRT 2017-11-15 12:33 - 2017-10-11 21:57 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-11-15 12:32 - 2011-09-02 16:17 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-11-15 11:50 - 2009-07-14 15:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD 2017-11-15 11:50 - 2009-07-14 14:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-11-15 11:48 - 2009-07-14 14:45 - 000274152 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-15 11:45 - 2014-12-11 03:38 - 000000000 ____D C:\Windows\system32\appraiser 2017-11-15 10:56 - 2013-11-30 19:22 - 000766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-11-15 07:52 - 2015-10-18 16:04 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-15 07:52 - 2015-10-18 16:04 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-14 09:20 - 2012-02-10 20:59 - 000002429 _____ C:\Users\Wayne Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-14 09:20 - 2012-02-10 20:59 - 000002421 _____ C:\Users\Wayne Jensen\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-04-01 17:31 - 2016-05-07 08:21 - 000003584 _____ () C:\Users\Wayne Jensen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-22 20:51 - 2016-11-22 21:01 - 000007655 _____ () C:\Users\Wayne Jensen\AppData\Local\Resmon.ResmonCfg 2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Wayne Jensen\AppData\Local\setup.txt Some files in TEMP: ==================== 2016-09-25 17:52 - 2002-06-12 04:22 - 000040960 _____ () C:\Users\Wayne Jensen\AppData\Local\Temp\comver.dll 2016-04-18 12:15 - 2016-04-18 12:15 - 000065536 _____ (Sony DADC Austria AG) C:\Users\Wayne Jensen\AppData\Local\Temp\drm_dialogs.dll 2016-04-18 12:15 - 2016-04-18 12:15 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Wayne Jensen\AppData\Local\Temp\drm_dyndata_7380006.dll 2016-07-23 10:57 - 2016-07-23 10:57 - 000741440 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-10-19 05:55 - 2016-10-19 05:55 - 000737856 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-20 16:51 - 2017-01-20 16:51 - 000739904 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-04-20 13:41 - 2017-04-20 13:41 - 000739904 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-20 00:49 - 2017-07-20 00:49 - 000739904 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-10-19 06:57 - 2017-10-19 06:57 - 001856576 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u151-windows-au.exe 2016-04-20 17:28 - 2016-04-20 17:28 - 000739904 _____ (Oracle Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\jre-8u91-windows-au.exe 2011-11-05 08:42 - 2011-11-05 08:42 - 000336280 ____R (Microsoft Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\rootsupd.exe 2006-05-24 14:10 - 2006-05-24 14:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Wayne Jensen\AppData\Local\Temp\_is8E0B.exe 2017-03-19 12:22 - 2017-03-19 12:22 - 000000000 _____ () C:\Users\Wayne Jensen\AppData\Local\Temp\{010AF682-53F6-4E0A-9248-8CBE699BDC16}-DropboxClient_21.4.25.exe 2017-03-14 01:23 - 2017-03-14 01:53 - 000000000 _____ () C:\Users\Wayne Jensen\AppData\Local\Temp\{0DF72774-9FB1-4119-93FC-7E0D1031AD1B}-DropboxClient_21.4.25.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-12-11 20:33 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191012 Share Posted December 12, 2017 Step3b, Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017 Ran by Wayne Jensen (12-12-2017 19:22:37) Running from C:\Users\Wayne Jensen\Downloads Windows 7 Professional Service Pack 1 (X64) (2011-09-02 05:28:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3399296086-530735103-1438226696-500 - Administrator - Disabled) Guest (S-1-5-21-3399296086-530735103-1438226696-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3399296086-530735103-1438226696-1003 - Limited - Enabled) Wayne Jensen (S-1-5-21-3399296086-530735103-1438226696-1000 - Administrator - Enabled) => C:\Users\Wayne Jensen ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1944 - Battle of the Bulge (HKLM-x32\...\1944 Battle of the Bulge) (Version: 2.17 - Montecristo Games) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - ) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.5.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB) BigPond Broadband ADSL (HKLM-x32\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 12.0 - Telstra) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Dropbox (HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.) Emulator Starter (HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - ) Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - ) Heroes(TM) II Gold (HKLM-x32\...\Heroes of Might and Magic II Gold) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.) John Tiller's Campaign Series (HKLM-x32\...\John Tiller's Campaign Series1.00) (Version: 1.00 - Matrix Games) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell) Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Might and Magic Heroes VII (HKLM-x32\...\Uplay Install 1176) (Version: - Ubisoft) Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation) NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) Uplay (HKLM-x32\...\Uplay) (Version: 7.3 - Ubisoft) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.) Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\ChromeHTML: -> C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3399296086-530735103-1438226696-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Wayne Jensen\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2011-03-13] (Atheros Commnucations) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2011-03-13] (Atheros Commnucations) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers1_S-1-5-21-3399296086-530735103-1438226696-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-3399296086-530735103-1438226696-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-3399296086-530735103-1438226696-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D78C609-EF1F-40FA-8FBE-5BCA772BF36D} - System32\Tasks\{F70344EB-BFFF-4A27-A1DD-1C282436FDB8} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {1090B33F-840E-4663-9EE1-A1C60A9D6534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-02] (Adobe Systems Incorporated) Task: {18B7B64F-8B71-4A16-A28E-399A9ED9C7D3} - System32\Tasks\{C35C7E2E-B116-467C-BCF8-FB5891328A7E} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Task: {1E6D613F-6B75-4EF5-959E-649C88F91889} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {206C4927-E2A9-4B0E-B1BB-1164FA09D92E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {23AFB1CE-54EC-467B-BC88-39DADB3A486C} - System32\Tasks\{58B8DAB7-CDCB-43CB-A716-EB471DC5CAC8} => C:\Program Files (x86)\Origin\Origin.exe [2017-11-06] (Electronic Arts) Task: {2EEAB3CF-4F7C-4BC0-917B-F121A1548EFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {320079CA-9106-4047-A2AF-01675671DA95} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {336C6687-35DC-4ECB-ABC7-FDA956123129} - System32\Tasks\{27E2FF65-7BF8-4E6E-BB0B-3077E5F88D11} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {49C56403-C22A-478E-A606-7255F6CFB382} - System32\Tasks\{58C21C1C-CCB3-4C15-833A-76537B9B94A5} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {52B06BCA-2551-45B6-866B-248759FBFCDC} - System32\Tasks\{C4AAC0E9-269A-4413-8479-2FA30BFCC8C0} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {58ED05D1-FEF2-4477-8493-AB31E944BF37} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000Core => C:\Users\Wayne Jensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {6840BC1E-EE4C-4BE9-9F5B-F136DA96B133} - System32\Tasks\{C2B652A4-29C9-4C21-B024-47E992EC5B5F} => C:\Program Files (x86)\Origin\Origin.exe [2017-11-06] (Electronic Arts) Task: {6BD7F06A-B4A2-4F87-96F9-D94BC6117963} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000Core => C:\Users\Wayne Jensen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6FB8E3F6-34AD-41AE-B0DF-AB6C86DCEA37} - System32\Tasks\{E1FDEF40-908D-4B0D-90F2-4B7EE7A8C93C} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe Task: {78724A7B-5E5E-4F14-9E5E-FEEEC70ED9C1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000UA => C:\Users\Wayne Jensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {7B2BA9CA-C3E2-4F19-98E0-879E297D6E5C} - System32\Tasks\{C370753B-832A-462B-9F90-4BF9A711AF44} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {8A12A18B-985F-43AD-B9EB-FBCF3A70B680} - System32\Tasks\{AF00A3D9-FF20-445B-BC98-AB0CD37A7A21} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {8C83AB59-E555-4CF3-B035-FDAB9CD567E0} - System32\Tasks\{3BB8ED6E-7DC5-4710-85EF-11B0DBC7DC38} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\ArdennesSplash.exe" -d "C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge" Task: {8D1E20AA-62D1-4EDE-8845-0C273AC596BF} - System32\Tasks\{9F929DBF-5BF8-408E-9153-DBDB86FCD091} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {8DB52467-8434-417F-B1D2-F23CEC2F3FBE} - System32\Tasks\{DC9E72D7-C12C-4584-B6D3-0E71337D1906} => C:\b15aa1e5c0421f931fa7\mrtstub.exe Task: {988AE3F8-A87E-449F-A885-1FC491C08A3E} - System32\Tasks\{E5C07FEF-E619-4CB5-969B-25889F0BB83E} => C:\Heroes3.exe Task: {98A0CBCC-1A0A-4183-A869-B0D5DDBB0AEA} - System32\Tasks\{677BE1E9-BA32-498F-A957-574AA1FD4653} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {9B11EDD3-CB07-4247-AD0D-0130922DFC4C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {9BF6A806-24A6-4C8C-B707-4F92010F3550} - System32\Tasks\{10354332-D779-4CCD-964A-70912B0F8D0D} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {A0F71032-9FD1-40DF-98D7-A4627BFA5597} - System32\Tasks\{EB14F527-03F2-4717-A8FD-67369FDE6551} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {A5472BCC-31A0-4CE3-A859-BEC7FB6CE310} - System32\Tasks\{8ECA5BC8-AAEC-41F4-86E7-772F66A6CC44} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {B0657CC9-4E86-4C65-8791-C4C3403238BC} - System32\Tasks\{27A9B363-46B8-4FC7-A278-095802C76F64} => C:\Program Files (x86)\Origin\Origin.exe [2017-11-06] (Electronic Arts) Task: {B238D680-C88A-4952-AE55-5018505A3CC7} - System32\Tasks\{97A17E38-8149-4C47-A48B-CD2B461DFEE7} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) Task: {B8821B1F-E6FD-4298-BCFC-26600F9EA7A9} - System32\Tasks\{E52C979F-C4C8-4200-A353-4A7B12770A28} => C:\Users\Wayne Jensen\Downloads\280.26-desktop-win7-winvista-64bit-english-whql.exe [2011-09-29] (NVIDIA Corporation) Task: {BC796CD4-53A0-499A-A145-BB086B41F3D9} - System32\Tasks\{9D25F08A-1C60-4E67-BBFE-F729692EF710} => C:\Users\Wayne Jensen\Downloads\StarCraft-II-Setup-enSG.exe [2013-03-30] (Blizzard Entertainment) Task: {BD6E8D97-3B34-4A4D-B562-72CFBCBFBF13} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000UA => C:\Users\Wayne Jensen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C5214BED-C925-4FA5-810F-DDBEDB55F571} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {C528D631-D2C8-4916-A177-72D9815BAE29} - System32\Tasks\{72471704-BFF6-45D9-AFE1-82BBC932133D} => C:\Program Files (x86)\StarCraft II\StarCraft II.exe [2013-04-04] (Blizzard Entertainment) Task: {CF37B8A7-6765-4716-9616-905709CBAFE8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {D0384F3E-02F3-4FDA-9B2E-8DDC8C227447} - System32\Tasks\{9A143E39-9D54-45BF-B95A-38A840127934} => C:\Program Files (x86)\Origin\Origin.exe [2017-11-06] (Electronic Arts) Task: {D34FC7C8-BED9-44B3-8282-D83223780BAB} - System32\Tasks\{7D39F7C9-F9D8-4D47-AD00-84EE9FC495FF} => C:\NVIDIA\DisplayDriver\285.38\WinVista_Win7_64\English\Display.Driver\dbInstaller.exe [2011-09-23] (NVIDIA Corporation) Task: {D623A162-49B4-4BAA-85FD-1BB3A68C91C6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {DF005CFA-82B5-4278-8456-4F9715E6211F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {E73A881D-8A16-4169-86F8-45041A89EE82} - System32\Tasks\{251AA37F-60B8-4048-8255-B02FEBD27DEF} => C:\Program Files (x86)\Origin\Origin.exe [2017-11-06] (Electronic Arts) Task: {F1B6DD82-2179-446E-AE06-88DB3DF66066} - System32\Tasks\{EA1EB528-CA72-4AB8-BE3C-DE997F797165} => C:\2TeraByte\500GBDisk2\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe [2007-09-18] () Task: {F2FAC9B3-E77D-42B8-BA5D-0813604A0CE0} - System32\Tasks\{7AA8810F-02FD-42F9-A021-7F77DBDE38E6} => C:\WarThunder\launcher.exe Task: {F7C89CBC-A903-44D5-8B21-916AB4C03677} - System32\Tasks\{B2F5367E-BE2E-4D39-9226-3FB8F8796C1A} => C:\2TeraByte\500GBDisk2\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe [2007-09-18] () Task: {FCD15ED0-94CE-404C-835A-D728B0F5F68E} - System32\Tasks\{35209351-7E66-4543-AAF9-DE37BB4C271B} => C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe [2013-02-14] (EA Digital Illusions CE AB) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000Core.job => C:\Users\Wayne Jensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3399296086-530735103-1438226696-1000UA.job => C:\Users\Wayne Jensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-03-20 17:33 - 2016-01-29 20:49 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-03-19 21:56 - 2016-06-15 06:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2011-09-28 09:32 - 2014-12-25 23:08 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-05-26 17:46 - 2010-08-26 17:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2017-01-30 10:07 - 2017-10-11 22:18 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-30 10:07 - 2017-10-11 22:18 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-03-19 21:56 - 2016-06-15 06:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-08-20 00:06 - 2016-06-15 06:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-05-19 19:03 - 2016-06-15 06:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-05-26 17:46 - 2010-10-28 11:37 - 000368640 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com IE trusted site: HKU\S-1-5-21-3399296086-530735103-1438226696-1000\...\amazon.com -> hxxps://amazon.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:34 - 2009-06-11 07:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3399296086-530735103-1438226696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wayne Jensen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.1.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Wayne Jensen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D0AB007D-3DA6-4C55-A022-B672B248E820}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3 Open Beta\bf3.exe FirewallRules: [{AE927C89-504E-4259-9884-A3DAA0910757}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3 Open Beta\bf3.exe FirewallRules: [{2437974C-0393-4C7A-B735-9A1782B26B72}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\SonarHost.exe FirewallRules: [{F583665F-66F8-485C-9823-6C8BBFE4D00C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\SonarHost.exe FirewallRules: [{6C3284C8-FEA3-4662-A85C-6599B29DDBF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9161A525-B46F-4B87-8D2D-1111E5BA24A8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1E0EE134-C64B-4C99-B30C-89C752A0F0B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{AED68349-86B6-43F1-A009-02AF5503ED0C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{85B4B3BF-1779-48E8-B99A-5DA0B597F0A8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{C33D0B91-D4DF-4CE2-AC92-C2D599DFEFB4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{4D4B3F88-EF46-41D4-93EA-5D9C2D3F3A16}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\SonarHost.exe FirewallRules: [{B5A22572-691D-4E3B-9DEE-ED8CE7F25AF2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\SonarHost.exe FirewallRules: [{5D2D551B-7A62-4AA0-8105-EFE548330853}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{639B75D4-80BF-4D3F-BA13-8084FC59FB21}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{56D2C9D4-0FA9-484E-BF7D-0A02BBF8ED51}] => (Allow) C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A9455E4C-2939-4B50-9D7E-5AAE26B6D405}] => (Allow) C:\Users\Wayne Jensen\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{D66A2EF6-08F9-4EF6-912B-71D272B2CAFD}C:\users\wayne jensen\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\wayne jensen\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{092154BC-5270-4603-8BB9-F2666972CA66}C:\users\wayne jensen\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\wayne jensen\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{B6B731D8-9B67-4543-8DB0-282684321C37}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{A0C6BC3A-4955-4349-A582-397E9FE28A1B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [TCP Query User{A66B866C-DB47-427C-AA68-EC5460FF3B57}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe FirewallRules: [UDP Query User{95FE80A6-374D-476A-9864-7EE9D1F2EE46}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe FirewallRules: [{ABD889E0-99E8-4BF8-8BB0-F9E3ACDB773F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\SonarHost.exe FirewallRules: [{D48858A3-C4C4-4B53-9FF5-995D59570E35}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\SonarHost.exe FirewallRules: [TCP Query User{F1173F6C-1973-43D1-9883-D80C8A2FF6A0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [UDP Query User{D79434A6-99DB-47DF-A611-3C768EE3F575}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe] => (Allow) C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe FirewallRules: [TCP Query User{76E545E9-C99A-4A66-A5BC-548AB7638E27}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe FirewallRules: [UDP Query User{950FB76D-782C-4FCB-A83F-71124CAC6227}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe FirewallRules: [{C9BBD8D5-64E5-4403-B916-C64C5B55E191}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{241B154D-50A3-447B-824D-E5A8B9A096E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{486EEDF5-A738-4B02-998C-0185C38F7577}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe FirewallRules: [{D7068D1E-35B2-4F1E-A645-AA3392378980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe FirewallRules: [{7FAF484E-E835-49F5-A1E8-2A1E3393C029}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{8869A116-ED55-4857-8D04-0FC12FDC96EA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{4A9D6181-B371-400E-9107-7CD3A2E71BED}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe FirewallRules: [UDP Query User{7676F0FE-0A55-4DD2-BDFF-BCDA141AA5ED}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe FirewallRules: [{2B67F5B9-96EE-4445-A6D8-EE6C9C3B2783}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe FirewallRules: [{45F23D55-2198-4E64-8937-E164EE0E63D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe FirewallRules: [{EE8FB4CE-A47E-47F7-9EEB-701E7D4B49B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [{6AD1E625-AAFF-49BC-A2B3-F6BB70A9819C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [{EA15CF39-BBCC-4A15-89BE-A17EFCB1B834}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [{6353CFB8-5D3D-4D65-9512-D367194AE0AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe FirewallRules: [TCP Query User{282D0C8B-081F-43B6-ABDE-08555DE625F1}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe FirewallRules: [UDP Query User{57990147-2CEE-4BF0-8477-6292A57309DE}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe FirewallRules: [{CD9B4B49-D0DB-421A-904E-2C4E83045F55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [{33DA764F-ABC0-435A-985C-6C75D0469A54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [TCP Query User{426E986A-6C9F-446B-9BEE-FBDCBEDBE7A7}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe FirewallRules: [UDP Query User{E0971BD4-CDF7-442A-BFCA-CDF5CA5BCE36}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe FirewallRules: [{E8BCFFE9-408A-4C15-AC50-2F158A7F9C42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [{ACC31354-6187-41A1-ADBD-37BAF0B41475}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [TCP Query User{6E7E481B-CF23-4CA5-A9A4-24A5BD2B6776}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe FirewallRules: [UDP Query User{29B66E96-7242-4D91-BA92-FD3B409620A6}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe FirewallRules: [{E75D88B0-B742-4548-BD1F-6C3719F26783}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{13EB152C-62FD-4C04-A8CF-637B9EC9B050}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [TCP Query User{7EDC0213-8F81-47C8-B7AC-B6368D28DCBC}C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe] => (Block) C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe FirewallRules: [UDP Query User{6404C9A5-6F4C-4589-9B15-5C1A7CB1DC27}C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe] => (Block) C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe FirewallRules: [{9C8F0CAF-572E-4F29-988E-D8715FB5EB99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{67F64522-BF77-4447-AFA2-A5B25B8959D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{2E498A79-7497-4856-AE1E-A01124BB3F76}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{3812EADD-6289-4D21-AD33-C7B9C290C4FD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{B3856CA1-1F0D-4F38-8844-40A46CB1FA4D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{240D8F45-37C8-46F1-A94F-9997616F3261}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{E2FC3BBD-3442-4C83-A3AE-B1D9CC6494C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe FirewallRules: [{B0403E36-6F59-4D4A-B873-CC97455D3311}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe FirewallRules: [{56E9173D-B1A9-4CBF-9546-BFDF767C0AF6}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe FirewallRules: [{08D49331-0842-4043-9E47-C640C72E6DEE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe FirewallRules: [{CF7E0A92-3FCF-4198-91BF-8F476D5DF8E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{E4CE66B0-13DA-440E-9163-B466E90FA057}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{EB1BF1DA-1D10-4390-BDF0-D6FE4EFD3CDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{FA93ECC0-4CC1-4A46-B555-AD77CC0627B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [TCP Query User{D0B3093E-B0BA-4976-9D59-0E0F6E338134}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe FirewallRules: [UDP Query User{81E4B6CF-97BC-4EBE-B724-C174A371690A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe FirewallRules: [{02736405-69DA-4450-9334-B9FBA47074CE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe FirewallRules: [{B4EC5A63-D584-4465-BEAD-AE51B1F31998}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe FirewallRules: [{F8F5979E-69D6-44A0-BAD0-1FCC03A9B9D2}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\StarCraft II.exe FirewallRules: [{6A50DD63-5FD7-4056-861B-3E91D9B46DAC}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\StarCraft II.exe FirewallRules: [{9161B301-4C08-434A-A373-33FA574682AD}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{9522AAAC-8838-4A0B-9EE7-56B5D13CED11}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{3B99053F-7CB4-48C5-AC2B-862BA6B3E4AE}C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe FirewallRules: [UDP Query User{7382C0F7-C036-4E31-A8C8-FD37A19033D7}C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe FirewallRules: [TCP Query User{D6F5B759-0AB9-47D9-9727-9C780266F2D2}C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe FirewallRules: [UDP Query User{159D33F9-8ED4-4E5E-AFDC-FB92AE1CAE66}C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base24944\sc2.exe FirewallRules: [{00130664-6255-4ECD-B9AB-6C1D47F96CBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe FirewallRules: [{43227325-9CD0-4208-85EB-9CACC6BB32C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe FirewallRules: [{C4CCFE3A-CC21-4BB9-8E03-BFF1072E35AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe FirewallRules: [{B925DB13-5586-4A29-AF7D-64D318A3C3DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe FirewallRules: [{5E76FC13-CB4F-4479-8726-DE28062F8CEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{9DA160BB-3136-4BEE-9F04-4D02B69F8F4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [TCP Query User{DE3FEEC4-17AA-4058-BE47-59085A4DDF40}C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe FirewallRules: [UDP Query User{1B927B5F-961F-48AB-90BE-2A6E03FE0107}C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe FirewallRules: [{DCB51422-7F69-43DF-8CB2-FA2593C97738}] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe FirewallRules: [{FC2BF7EE-ED1C-4265-B062-C7826BE482DC}] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base26490\sc2.exe FirewallRules: [{D8AA3A08-1588-4A22-8A4E-995E50F8317B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{5FDFB485-F24B-4FCC-8864-F06F449724F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{7CEBD734-1C58-435E-85D1-65D5A8F542D2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe FirewallRules: [{1328FD30-A227-4860-B5D3-7B26607FDC80}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe FirewallRules: [{FEF56DE1-37A9-44BC-BFA6-6DF9DDC582B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{6B4E18BE-8D2B-4962-900F-0048439C321A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{CDA908A6-A399-4A44-8ED7-8B2C06921C39}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{3EC6221D-AA25-4964-8F53-8A014CA6206B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{B53474AA-6F61-4358-B8AF-E6D14A745BC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{0B21D9C6-8917-4120-A480-8C819282C6A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{BF2A947B-FABA-454A-969C-A647BF4AEC76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{45F2BB1F-2D2C-4103-94DC-C2E7DF8B6E58}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [TCP Query User{0A4F9341-4309-40D6-9219-2E71E6CF1CE8}C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe FirewallRules: [UDP Query User{5A3E6CB4-F607-496B-B082-53C25BA78712}C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe FirewallRules: [TCP Query User{57F8C996-7BF8-4E2B-AD43-E16A68124974}C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe FirewallRules: [UDP Query User{0E7FC350-2EE0-4B5E-8194-A0BDC83067B7}C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base28667\sc2.exe FirewallRules: [{84D6B76D-383F-4127-86C3-ACE16DD4A81D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{347C0DAC-F070-4A38-846F-DCF3318C2DA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{3DF03C9A-EB65-42D9-AC64-28560B8DB96F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{6CA5F476-FAD9-48D6-8611-CA7882319774}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{2ADFAEE5-363D-4C14-BA0E-49214F255CF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{8B82C57F-38F9-44B3-A7EC-2C40B1AB6F78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{2CCC463F-E43B-4BAB-8EF8-CF992042BA9A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{3DDF2A69-C653-43C2-81A4-83F98D59B360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{F707130C-E18C-438E-A77D-B66C812337DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{C72D7FF0-7426-4A16-9A8A-0544BA903CEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{8FA678E1-7629-46AD-BFDC-AC692DFD3FB8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{7B46BC01-71DB-43B1-B96E-5C80D7DBFB68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{5294D2C0-EFC8-4C32-AB96-00C92FD201F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{49EB3FAA-D727-4427-B884-EA5E8CFEAC76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{8E06CD79-E1F1-4C3A-8B93-987065FDCD3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{24D4C816-C944-4B51-9683-250E07C37F65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{FDFCBD62-370E-4682-B1A4-B05AE2E17396}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{8032426D-D28D-449C-9897-05928766BBD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [TCP Query User{1715C403-716E-482B-B1FA-F1153234C09E}C:\users\wayne jensen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\wayne jensen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{64C112C2-E9B9-48B5-9C65-7FEEC618BFEA}C:\users\wayne jensen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\wayne jensen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [{B74E68E5-BABA-4171-AE1E-22E494794A32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{45DC4C03-9EE2-4397-8F8C-42660213F7F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{E10A37D2-6251-4103-9923-545EC3B8F893}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{C4334B36-2C91-40AF-86A9-7107328D3CA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{9BAFE1D7-6ACC-419D-8F83-1BD097A825E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{82729C2D-712A-4CE3-82E4-59AD6F8FB8EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{06518142-42DA-4F42-B55C-D0B71A07734D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{3810F5A3-56D7-42D0-9BDB-68832B6F026D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{B28CBD14-9166-4CC7-AB93-A51062FD8D0A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{5CB5CE99-EC07-47AA-AB72-0157B4B3EE89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{8E535907-0E86-4702-8D77-78CE5C8736CD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{FF9CB25E-9BF8-4330-AD32-D9BFCB0E6F3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{8885CB94-2AF8-40FB-832D-B1C742F01861}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{A0A6460F-2A93-49BC-9468-B549044A93EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{9A419F73-0AA2-4BB7-9789-159D6B440C48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{4131B7B6-ADC4-4169-A8A8-D3465267D234}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{B4EE2EE6-6C30-4D98-B370-E8949B47EC57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{3E4D349F-CD94-45D6-873C-A0BE9778EF19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{37AFC4AA-5F8D-45A9-B318-2843EDAFD83C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{71F00381-91E0-45A7-BCBC-E03E51B4927B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{B6EA3F51-6AB2-4F01-B280-B9D57CC03218}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe FirewallRules: [{60619817-EE95-4ECE-ADE5-B9E2A25A2DD0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe FirewallRules: [{0AB53FA3-C2A2-4461-B38C-49D3CD6CB4C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{3C944814-9178-49C9-A029-D78407ABA564}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{2256157F-3DE6-4EEC-B351-CD7E23388FB7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{5A369CBB-E2CD-4921-B117-9AF588F68EC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{580497EC-2AB4-4784-9A3F-5DD6305CBD19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{8C91AAE2-D832-4650-BD72-727D078438F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [TCP Query User{09235001-4B3F-4363-84D7-6FB9E834065A}C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe FirewallRules: [UDP Query User{5CE838C2-3910-4DE3-89BC-616CC277EE87}C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe FirewallRules: [{66567F03-0966-42A6-ACFF-3FFB13E75079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{D6E8DFFB-C417-4B71-B027-C4AD9D1AC9DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{5AED875E-9E76-46E2-BAB7-EC5E52C9B38D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{C1C38CB3-8E66-4592-AC07-8E8529EAC0A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{6E5A3449-019B-4CEF-BDC3-87F25F0E4C1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{5BD36DDF-BE9C-4A10-9AE7-58139EEE274E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{6A696812-BD17-48A4-8D3C-1DF5446111E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{CB439DC8-4C7B-43E7-A04F-0466979E2A78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{35E84736-D7CF-4195-AABB-C83C5D1152BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{C1DFEB80-9D3F-4109-A99A-526A39DA7052}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [TCP Query User{BCE0B251-94F6-497C-9192-680DCA47570A}C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe FirewallRules: [UDP Query User{4162319C-B07B-4B67-859E-873ABC4B95B6}C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base32283\sc2.exe FirewallRules: [{1709C158-99EC-4D89-87F6-BDBC5AA436C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{5096C6CF-F1C2-41DA-9460-DE116A95043B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{A1BB0642-9479-46DF-B21A-75D76990624F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe FirewallRules: [{D9A11619-9970-46DC-BB92-9433E467A5F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe FirewallRules: [{BD9B3864-37A3-4334-890C-A3D1F9B48E2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{CA6B1E48-71FE-47DE-B8C0-83B5676A8370}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{AA5202E9-63A8-479B-A4A2-BA7F83774E15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{842DBA46-D1B4-473E-84EB-1877968F87D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{F93C9503-A641-4B43-AF4B-9B2EFE24287C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{65B251CE-E00A-48F3-B2E1-C40C519270B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E3055710-A820-49AE-8EEC-075E17F05F27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B9F146E1-3D41-4BF7-AC8A-DCA5FAA86D0F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E704584C-F590-45AB-BBD9-B9ED5D02BB42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{44D78BB4-0DB3-4BDC-84B9-AF004CDE4528}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{A3EF01FD-3FA3-4AC3-B31E-31797A66097B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4FA9FE58-BF34-4A3A-87B6-B6D9746F5DFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{951174BD-581F-4A6F-9203-0CCF33CB3396}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{0C059A7E-E36D-4D91-B380-CC6E9FCF2EBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{2E51430F-D9EC-43E8-9061-A30ED8D4E610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{D7843794-7662-4782-BFA5-995A95874D40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [TCP Query User{8214E69F-ACCC-4B68-BF63-2BA07A2748E7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{0E233E51-931A-400C-AA95-F7639F72CA97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{2B98A7BC-D949-471B-861E-2B9C47D8889D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{E509F13D-E636-4D7D-A5D7-3F2A2E333852}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{77F26A50-8B32-474C-8E2D-7E9677FE9CBC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{EA3F456C-B15D-4BE2-A41C-21AA6F77643C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{09BCCB56-F12D-4189-B198-875DBF9A2898}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{A876728D-CE32-4BDB-AA37-618873238F00}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{6029B818-A88D-4999-AF68-B10A0327B5EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{EED33272-F61C-4E2B-A8FD-9A9560006070}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{36FD7410-F06B-4D24-9CB7-2870EB478300}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{3133281C-1E28-4566-81E6-AC226083149A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EC4010C7-4E67-46BB-9233-5F6B11325A5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{AD6D525E-D029-4B71-BE45-A8DDD3545DB4}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [UDP Query User{28DEEB4C-D68C-41AA-A05E-DAB02B4D4FBD}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [{845C6262-703F-4AD8-A2EE-E9F8CEC176FE}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{57CFA565-59A6-4E5F-98FD-0496509900E6}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [TCP Query User{DBF1A920-C2D0-4A39-84F2-CE895A964AF4}C:\users\wayne jensen\desktop\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38215\sc2_x64.exe FirewallRules: [UDP Query User{47F16EF5-F5BD-470C-89AE-BA924BA575EE}C:\users\wayne jensen\desktop\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38215\sc2_x64.exe FirewallRules: [TCP Query User{D743A4FB-BFC7-4F33-8CD4-68913B48B4BC}C:\heroes3.exe] => (Allow) C:\heroes3.exe FirewallRules: [UDP Query User{B97B8B6F-4F2F-41B2-B37F-79B2AC2849C5}C:\heroes3.exe] => (Allow) C:\heroes3.exe FirewallRules: [TCP Query User{535BABF7-881A-4057-9902-2F168F7241BD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{9FD26924-0C9D-46E1-B983-71EE71EDDB4D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{8C8A90B4-2DE9-49F7-8F28-BF215D36CB26}C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe FirewallRules: [UDP Query User{19B94379-A798-4EFD-92C5-D5BA8BFB52FC}C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe FirewallRules: [{0C1D8551-FB27-40B7-B396-8C7DA6215A9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1DD51262-AE5F-4CE5-9202-C858BB2CB266}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{79202E16-7AA2-4F66-80F9-3052F809FB7E}C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe FirewallRules: [UDP Query User{6899C839-3735-48D8-A164-0AB18C73490A}C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38749\sc2_x64.exe FirewallRules: [TCP Query User{EDF512A4-5237-4C19-81FD-17B0B47759F3}C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe FirewallRules: [UDP Query User{58BBBCC2-7AA4-4BAA-91C9-ECA246268F52}C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe FirewallRules: [TCP Query User{4D3D16AC-CB8C-4ECD-A375-F6F90C94F327}C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe FirewallRules: [UDP Query User{4A50C9E7-318A-43CB-BA51-53D2AA64FFE0}C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base38996\sc2_x64.exe FirewallRules: [{289F400F-6624-48EE-992E-2E7F884721A2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{D34BE28D-F819-4332-8CF6-D4653AB4CD27}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{0263D161-EEE4-462D-B469-A6463D46ADEC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{204D29FE-A3DF-4264-B023-B992C7C56CBD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [TCP Query User{DAF9828F-A6EE-4CF0-98E0-7A5EB4EBFFE2}C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [UDP Query User{2004C930-E674-4A28-B250-95E2F4C4CB68}C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [TCP Query User{A043B07C-E25C-4894-8C3A-CF36E019BE40}C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [UDP Query User{5EE6FBD7-7A60-4602-899F-41347A9AA92C}C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [TCP Query User{61F230FD-06B6-43D9-AB81-F3F2510DEE9F}C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe FirewallRules: [UDP Query User{95172126-BCB3-4550-8DC7-2C3F30D9AA4D}C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe FirewallRules: [TCP Query User{7A0EBF96-5ABA-4DE8-8B34-8A59AD012E21}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Block) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe FirewallRules: [UDP Query User{74EA8FD8-024A-4F22-B457-8ADB4224E668}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Block) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe FirewallRules: [TCP Query User{F03F6ECD-7910-4D1C-9E29-272DE71B679B}C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe FirewallRules: [UDP Query User{088446EC-3DE6-4190-864D-57A6AD93752F}C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\users\wayne jensen\desktop\starcraft ii\versions\base41743\sc2_x64.exe FirewallRules: [TCP Query User{049D05DD-C350-4663-9452-91E9984069EA}C:\2terabyte\500gbdisk2\program files\thq\company of heroes\reliccoh.exe] => (Block) C:\2terabyte\500gbdisk2\program files\thq\company of heroes\reliccoh.exe FirewallRules: [UDP Query User{F83C877A-AF84-4055-A050-D67FC968BE11}C:\2terabyte\500gbdisk2\program files\thq\company of heroes\reliccoh.exe] => (Block) C:\2terabyte\500gbdisk2\program files\thq\company of heroes\reliccoh.exe FirewallRules: [TCP Query User{0C301C30-35B0-4429-828C-83A4B67FC573}C:\2terabyte\500gbdisk2\program files\thq\company of heroes\relicdownloader\relicdownloader.exe] => (Block) C:\2terabyte\500gbdisk2\program files\thq\company of heroes\relicdownloader\relicdownloader.exe FirewallRules: [UDP Query User{33CBE649-6DD2-493A-9F26-CA7183729E72}C:\2terabyte\500gbdisk2\program files\thq\company of heroes\relicdownloader\relicdownloader.exe] => (Block) C:\2terabyte\500gbdisk2\program files\thq\company of heroes\relicdownloader\relicdownloader.exe FirewallRules: [{EF5BB106-24DA-433A-96C3-6532E73C0714}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base42253\SC2_x64.exe FirewallRules: [{48DD1E87-ABCB-4718-86C1-B619A7BFC997}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base42253\SC2_x64.exe FirewallRules: [{2EAB33E9-8639-4569-BB5F-FBD66D813F25}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A961E033-C0A2-4D74-AB84-C5F958619C66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4960F135-A2C3-41C9-B725-2D21828CA8FE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{BD54A6F0-4158-4C28-ADAD-B979CD356E9D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{8667702C-7ADA-4C7C-B4E8-0BB6BF4B2E15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe FirewallRules: [{8BEE13F3-287C-4F9A-AAFE-0486A09563BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe FirewallRules: [{1B5EBAB8-EBBE-4052-BCFF-7DD7615B0E4F}] => (Allow) C:\WarThunder\launcher.exe FirewallRules: [{797C1A6E-262B-4B14-9029-98F158BB4F2C}] => (Allow) C:\WarThunder\launcher.exe FirewallRules: [{428CCA3E-7DEF-4BF9-8FBE-8B5806DBD85E}] => (Allow) C:\WarThunder\bpreport.exe FirewallRules: [{E670C2F4-DCF9-4C64-A52B-9D7340B072A7}] => (Allow) C:\WarThunder\bpreport.exe FirewallRules: [{CAA32035-A4DD-4321-B46F-DFD5705D684A}] => (Allow) LPort=80 FirewallRules: [{AC4D2E62-E99B-41C5-867F-116701CC4BEE}] => (Allow) LPort=443 FirewallRules: [{16EDC26D-EE9D-466A-914E-B1DF2B20F5F4}] => (Allow) LPort=20010 FirewallRules: [{B8B2AE36-C2E7-4F5F-AAFC-FBB71060F45B}] => (Allow) LPort=3478 FirewallRules: [{6FE54E5E-CFF7-47BF-891B-68460438A093}] => (Allow) LPort=7850 FirewallRules: [{8B338797-3096-4278-A2B8-988B2F07C985}] => (Allow) LPort=7852 FirewallRules: [{88E4313B-CB5E-4DA7-9353-9461F415090E}] => (Allow) LPort=7853 FirewallRules: [{5B783745-F427-40F0-9889-45E3B5D85BDF}] => (Allow) LPort=27022 FirewallRules: [{3AE88026-5A73-4359-B174-170C04758828}] => (Allow) LPort=6881 FirewallRules: [{7EF9E9CE-BBCF-4FE8-BC0E-DA2F42ECF5A1}] => (Allow) LPort=33333 FirewallRules: [{D7E3F341-85C4-4C1A-9D98-691C0ED6F1C5}] => (Allow) LPort=20443 FirewallRules: [{BB8E30A5-C9FF-44AB-9FD1-D26C599679C6}] => (Allow) LPort=8090 FirewallRules: [TCP Query User{99E3FE59-9809-4C06-889E-652981B99B2E}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe FirewallRules: [UDP Query User{C97F14CA-18F1-4DA2-B639-E37B4B13BF7C}C:\warthunder\win64\aces.exe] => (Allow) C:\warthunder\win64\aces.exe FirewallRules: [TCP Query User{BF3F85E9-AEC8-4644-9890-AA3490A4C87F}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe FirewallRules: [UDP Query User{7DD62229-3FC3-4677-86C1-918E3EE4DCFD}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe FirewallRules: [TCP Query User{4AFC67D9-E0B0-44AE-B8B9-2D2174A0718E}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe FirewallRules: [UDP Query User{9FB10398-E954-482B-B991-422A7C709E8D}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe FirewallRules: [TCP Query User{FFE13B5A-5AAE-4FEB-A701-938B259DE944}C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [UDP Query User{909F29FF-F889-4279-BBD0-FA95B0D977FC}C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{EEFF5E02-1018-47BB-96A6-C6B52259A8B8}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{C18B73F7-201D-4995-A0BF-D06042FEE093}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{7E758691-8554-41A3-BD3B-C07672B1F8E2}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{57FA2ED9-D24A-4E71-8F01-8EEA1DCAED1E}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{545943E8-952A-4EAD-8799-4629DFEAB08F}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base42932\SC2_x64.exe FirewallRules: [{F02E2613-38D2-4A33-BB6E-1A356898E536}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base42932\SC2_x64.exe FirewallRules: [TCP Query User{F37A2476-150C-432B-91CE-6B86652E58C7}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [UDP Query User{958A76A1-6F66-41A2-A17C-052319044843}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{756C4E2F-9A4C-41B6-AC05-29B1609AB9D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe FirewallRules: [{EDB0590C-677F-4D70-8E22-4749BFB0BA4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe FirewallRules: [{B36A8073-F2B1-486A-8767-B53F796FBD44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{73A344D8-B221-44A8-84E3-ADC55B58EE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{D9B70CAB-0971-4750-B05E-F3F9ECF4E9DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{01C7E56B-8517-46AA-B7D8-C9FC4795D7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{C4C2D12F-281F-458F-86E8-D4FE7B8645B2}] => (Allow) D:\AutoRun.exe FirewallRules: [{D74FD246-C2E0-4C0C-B9BE-53132536A0B1}] => (Allow) D:\AutoRun.exe FirewallRules: [{FF2808B0-366A-410C-B7E2-A58BCB6F9C7A}] => (Allow) D:\AutoRun.exe FirewallRules: [{5D19421B-E1D9-429A-A01A-C1BE8E69A15B}] => (Allow) D:\AutoRun.exe FirewallRules: [{6D9EC488-4AF4-4DCF-99A2-30D983B9A7EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{F2C0D79D-6AC6-458A-AA27-18B71C1DAE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{DDD8C650-095B-4FB1-B773-BF9714AB6E49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{AEB99284-D57A-407B-B249-00ED3EB3FCF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe FirewallRules: [{5A30EC3D-CC8A-485A-8792-73B1141E5C68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{BAE9C098-8206-4931-BDCD-2590EFBF359D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{3D5EDCE8-FA61-428D-A486-A70B1B13B4E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{B4DA2A9B-35DF-4719-B6C3-CB8D9343B5EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe FirewallRules: [{587A6288-80D1-4085-9123-BD33BDC48C3B}] => (Allow) C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{F2E4FFA2-1FF5-4830-8BB8-CD53AE79D236}] => (Allow) C:\2terabyte\500gbdisk2\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{8A3E3911-6AEF-40BC-A19D-9D6B93D5C226}] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{56E891DA-0075-49AC-8107-6733B43DA999}] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe FirewallRules: [{D3696237-F04C-40AD-9B10-33F917A0DD9C}] => (Allow) D:\AutoRun.exe FirewallRules: [{CB5226C1-9E6D-4E4F-9339-19EEE334E72F}] => (Allow) D:\AutoRun.exe FirewallRules: [{C55D47EF-F2DD-4379-884A-C60FFF68E5DB}] => (Allow) D:\AutoRun.exe FirewallRules: [{37844411-77AF-49CC-ACBD-1556F2D98E2A}] => (Allow) D:\AutoRun.exe FirewallRules: [{E44F56DD-42C9-4B66-BAC6-F611BFF83B35}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe FirewallRules: [{EEDBEDA7-1C2B-4E76-86E3-738956BA1E88}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe FirewallRules: [{97070E9B-4658-415D-B98F-8A2850897A9C}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base47185\SC2_x64.exe FirewallRules: [{05862032-B4A1-409F-A27A-79B9C0E09064}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base47185\SC2_x64.exe FirewallRules: [{AD471979-761D-4CBC-8FB1-8649490D60BE}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base47185\SC2_x64.exe FirewallRules: [{540AFA5B-04CF-409A-9E7C-AF2027FF2D4F}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base47185\SC2_x64.exe FirewallRules: [{3D667295-BBFC-4A22-B331-C809FEFDA873}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{33CBB8B6-90F5-43A7-9575-4F3A9637DA8F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{522B4736-CF4E-4F5D-BB7A-4D3D443E6A02}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base48258\SC2.exe FirewallRules: [{281DE4A3-0C1B-47E6-B381-8BC35B2EF732}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base48258\SC2.exe FirewallRules: [TCP Query User{5B3D4592-C459-4F0C-8F77-74EA58888677}C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe FirewallRules: [UDP Query User{0A94F77C-9A63-4768-B42C-62A0572E1DCA}C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe FirewallRules: [{ADF0B32B-9C9D-4DB3-9B49-8D77184FBBBE}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base48645\SC2_x64.exe FirewallRules: [{A4007409-526C-4AF5-9BB1-C2527E1D07D2}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base48645\SC2_x64.exe FirewallRules: [TCP Query User{B06D1E1B-E1E4-41AC-A279-88AB87BEEBDD}C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe FirewallRules: [UDP Query User{8BA79F97-9013-4AE5-85E5-7A8DC0C20F27}C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe FirewallRules: [{479F2689-EE65-487D-BB90-6F634208CFC8}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base49716\SC2_x64.exe FirewallRules: [{C34A0356-55AE-48F7-BC9B-39F4DE2BF2BE}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base49716\SC2_x64.exe FirewallRules: [{67F65BEF-4FCC-4E8E-BDC0-D70DBF722175}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base49716\SC2_x64.exe FirewallRules: [{FCFD9446-86B0-4D7F-90D0-0084EA75BFA6}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base49716\SC2_x64.exe FirewallRules: [TCP Query User{342496C9-75F4-4335-87F5-56834EFEB451}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe FirewallRules: [UDP Query User{8B4893D1-7D27-45D6-AD4B-A872A8517F34}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe FirewallRules: [{8F33D0D6-7149-4562-9FE4-B20E1BA15043}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{53E5363E-F5A7-420A-935E-BF3854DD1425}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{526252A4-42DB-4F7B-96D5-BFAB3EACCBA0}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{1B844419-2EB6-4B1A-9668-53F3B4BADDD5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{D5803D40-BEF5-4DFD-97FD-1D9955F2BA96}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base56787\SC2_x64.exe FirewallRules: [{1E33DEE9-FCEE-412D-BA8A-C9F9366E3A3B}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base56787\SC2_x64.exe FirewallRules: [{CD28897F-87A9-4420-9D40-911D656B9D8C}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base57507\SC2_x64.exe FirewallRules: [{4A801D88-011D-41EE-9E2A-8FF59FEEB7F1}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base57507\SC2_x64.exe FirewallRules: [TCP Query User{A6D699F7-89BF-4682-95B4-674A461A550E}C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe] => (Block) C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe FirewallRules: [UDP Query User{6D2018B8-13C9-4BD2-8CA4-C5E0F5127BDE}C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe] => (Block) C:\program files (x86)\monte cristo\1944 battle of the bulge\ardennes.exe FirewallRules: [{84BC9258-1453-4347-8E47-D5476DF8D6BB}] => (Allow) C:\Users\Wayne Jensen\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{623ACA4B-0A5D-416E-941B-AD90E32B936D}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base59587\SC2_x64.exe FirewallRules: [{1111DEE7-632D-4448-8F23-7814B319F00E}] => (Allow) C:\Users\Wayne Jensen\Desktop\StarCraft II\Versions\Base59587\SC2_x64.exe ==================== Restore Points ========================= 11-12-2017 20:40:53 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/09/2017 04:18:04 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (StartServiceCtrlDispatcher failed [1063]). Error: (12/08/2017 09:49:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0xfe8 Faulting application start time: 0x01d3700aed430d5f Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d5db5f1d-dc0d-11e7-ab14-0026832dae88 Error: (12/01/2017 03:18:09 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (StartServiceCtrlDispatcher failed [1063]). Error: (11/23/2017 04:07:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0x12e8 Faulting application start time: 0x01d363ac6bb83d5a Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: f5ce9d78-cfaf-11e7-8061-0026832dae88 Error: (11/22/2017 05:59:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0x94c Faulting application start time: 0x01d362f8aece645b Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6cbe1f8b-cef6-11e7-89d6-0026832dae88 Error: (11/19/2017 06:42:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0xc1c Faulting application start time: 0x01d360fd35d44d54 Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 986ea929-cd05-11e7-853f-0026832dae88 Error: (11/15/2017 03:52:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0x4b0 Faulting application start time: 0x01d35dc2880429e5 Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 33413537-c9c9-11e7-b686-0026832dae88 Error: (11/15/2017 01:33:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x000344fe Faulting process id: 0x1368 Faulting application start time: 0x01d35dbcc562ac1b Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bf595ce2-c9b5-11e7-b686-0026832dae88 Error: (10/25/2017 02:00:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Exception code: 0xc0000005 Fault offset: 0x00154ae0 Faulting process id: 0x1094 Faulting application start time: 0x01d34d4554f54b22 Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Report Id: 02fc72e6-b939-11e7-bbbd-0026832dae88 Error: (10/25/2017 01:56:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Faulting module name: Ardennes.exe, version: 1.0.0.2, time stamp: 0x42024cc5 Exception code: 0xc0000005 Fault offset: 0x00303873 Faulting process id: 0xc04 Faulting application start time: 0x01d34d44cf2bd8f1 Faulting application path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Faulting module path: C:\Program Files (x86)\Monte Cristo\1944 Battle of the Bulge\Ardennes.exe Report Id: 8708e07d-b938-11e7-bbbd-0026832dae88 System errors: ============= Error: (12/12/2017 07:14:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/12/2017 07:14:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (12/12/2017 07:12:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (12/12/2017 07:12:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/12/2017 07:12:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/12/2017 07:12:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (12/12/2017 07:12:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/12/2017 07:12:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WSWNA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (12/12/2017 07:12:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). Error: (12/12/2017 07:12:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 31% Total physical RAM: 8168.59 MB Available physical RAM: 5576.31 MB Total Virtual: 16335.36 MB Available Virtual: 13338.36 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:747.81 GB) NTFS Drive d: (ARDENNES) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:13.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 64A0B801) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BF4576B) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191013 Share Posted December 12, 2017 1 hour ago, AdvancedSetup said: Please run the following steps and post back the logs as an attachment when ready and we'll get you cleaned up. I'm sorry, but can you please attach your logs. The forum software does not always translate the logs correctly. Thanks Ron Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191017 Share Posted December 12, 2017 What have i done? firefox has changed recently and is kind of tricking me still, and the logs? showed up as notebook is that right? kind of devastated atm. do it all again? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191019 Share Posted December 12, 2017 Please run the following browser resets. Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet ExplorerHow to reset Internet Explorer settings Microsoft EdgeHow to Reset Microsoft Edge in Windows 10 Firefox Click on Help / Troubleshooting Information then click on the Refresh Firefox button. ChromeReset Chrome back to defaults to completely clear out issues with Chrome. First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser. Scroll down until you see the "reset sync" button to clear your data from the server and remove your passphrase. Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information. Press the Windows key + R at the same time, to bring up the run dialog box. Type in (or copy/paste) the following and press Enter: %localappdata%\Google\Chrome\User Data\Default\ Press Ctrl + A to select all the files and folders. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders. Example of all files and folders selected, except Bookmarks Restart your computer now and make sure there are no longer any redirects or other browser issues. Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191024 Share Posted December 12, 2017 As per -Re re set internet explorer. -Do not have Microsoft Edge Windows 10. -Deleted Google Chrome. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191025 Share Posted December 12, 2017 Okay, please restart the computer one more time. Then run the same scans again and post back the new logs as an ATTACHMENT and we'll see what's left over if anything. Thanks Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191035 Share Posted December 12, 2017 attach.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191037 Share Posted December 12, 2017 Okay you're running a little bit of an older version of Malwarebytes. Please download the latest version from this link and install it. https://downloads.malwarebytes.com/file/mb3/ How is the computer running now? Are there still any signs of an infection? Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191038 Share Posted December 12, 2017 Okay, it's 3:30 am for me. I'm heading out now. I'll check back on you again sometime tomorrow. Thank you Ron Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191039 Share Posted December 12, 2017 yes it was still there before the second round. ok then i got hung up trying to attach the adwcleaner report Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191040 Share Posted December 12, 2017 AdwCleaner.txt Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191042 Share Posted December 12, 2017 FRST.txt Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191043 Share Posted December 12, 2017 Addition.txt Link to post Share on other sites More sharing options...
waynejensen Posted December 12, 2017 Author ID:1191047 Share Posted December 12, 2017 24 minutes ago, AdvancedSetup said: Okay you're running a little bit of an older version of Malwarebytes. Please download the latest version from this link and install it. https://downloads.malwarebytes.com/file/mb3/ How is the computer running now? Are there still any signs of an infection? Ron is it me? my malwarebytes had current and up to date stamped in green all over the shop. also your link hung on a blank page. i remember now why i do not attach, it never saves it to the same file. all those attachments except the addition went to different saves. classic set and forget. so i will be afk tomorrow in the am. im in Australia and will private message you when i can in our pm, about the same time i first posted yesterday. wayne Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 12, 2017 Root Admin ID:1191175 Share Posted December 12, 2017 The link is valid, but it tries to download an 80MB installer so if you're on a slow link it may appear to be a blank page for a while as it loads up. Here is the image of the installer download link once it's ready to download Link to post Share on other sites More sharing options...
waynejensen Posted December 13, 2017 Author ID:1191341 Share Posted December 13, 2017 Done, sorry for delay. rl.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 13, 2017 Root Admin ID:1191382 Share Posted December 13, 2017 How is the computer running now? Are there still any issues you need further assistance with? Thanks Ron Link to post Share on other sites More sharing options...
waynejensen Posted December 14, 2017 Author ID:1191498 Share Posted December 14, 2017 It does appear to be gone now. I hope that the data is an assistance in your work. Thanks for your help and patience Ron. Wayne. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 14, 2017 Root Admin ID:1191515 Share Posted December 14, 2017 You're quite welcome @waynejensen glad to help. Take care and stay safe out there. I'll go ahead and close your topic now. Cheers Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 14, 2017 Root Admin ID:1191516 Share Posted December 14, 2017 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts