Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with PUM.Hijack.TaskManager Trojan


  • Please log in to reply
9 replies to this topic

#1 Macbeth_77

Macbeth_77

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 06 August 2015 - 05:15 AM

Hi guys,

 

I recently got a trojan virus that appears to be PUM.Hijack.TaskManager. It was obtained through an online download that I believed to be a sound card update for TeamSpeak (turned out it was a server message). After it downloaded I was blocked out of Steam on my PC and had to rush to my laptop to change passwords etc. Once I had done this I had access to my PC, downloaded Malwarebytes Anti-Malware and ran it, finding this Trojan. I quickly deleted these files and ran more scans, I found some more Malware which was removed. Upon restarting my PC the steam icon had changed which I assumed was still the virus so I uninstalled Steam and ran more scans. I didn't manage to find much more Malware though. I also found out that access to the Steam domain the internet is blocked for my PC, I get the message ERR_CONNECTION_REFUSED on chrome when trying to access it. I was sure I had removed the virus however it appears to have left behind some script that blocks me from Steam (only website domain that seems to be blocked so far). And yes this originated through Steam to hijack my account so I assume it is a virus focused on Steam?

 

I would be grateful for some help on the matter. Thanks!

 



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:45 AM

Posted 06 August 2015 - 02:37 PM

Hello Macbeth_77,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 Macbeth_77

Macbeth_77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 06 August 2015 - 04:07 PM

Hi Cody,

 

Thanks for the quick reply! I thought I should quickly mention that after resetting the 'hosts' folder in my computer after some research online I have managed to access Steam online and haven't appeared to have more issues, of course there is a chance that he virus could still be present so I'd love the advice! 

 

When I download the Farbar Recovery Scan Tool file my AntiVirus (Norton) automatically deletes the download as it is a 'medium' security risk, should I go ahead and restore it? Is the program safe?

 

Thanks


Edited by Macbeth_77, 06 August 2015 - 04:20 PM.


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:45 AM

Posted 07 August 2015 - 06:51 AM

When I download the Farbar Recovery Scan Tool file my AntiVirus (Norton) automatically deletes the download as it is a 'medium' security risk, should I go ahead and restore it? Is the program safe?

Yes, FRST is safe. It is a tool regularly used here at BleepingComputer (and other sites) to scan a system and report a log for analysis. The actual scan does nothing to your computer but report information. If I find malware in the log I will be writing a script to deal with it, and we will use FRST again to run that script.

 

I'm glad to hear that your system is doing better after you have reset the HOSTS file, but as you said, an infection may still be present on your system. If you'd still like to, I can help clean up any remnants that may still be on your computer. :)


Edited by TheShooter93, 07 August 2015 - 06:52 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Macbeth_77

Macbeth_77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 07 August 2015 - 07:10 AM

Hi Cody, great, I've allowed it to do its scan and here are the following text files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Duncan (administrator) on DAVE (07-08-2015 13:07:05)
Running from C:\Users\Duncan\Downloads
Loaded Profiles: Duncan (Available Profiles: Duncan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(CyberLink) C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
() C:\Users\Duncan\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Spotify Ltd) C:\Users\Duncan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Spotify Ltd) C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Spotify Ltd) C:\Users\Duncan\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-31] (Google Inc.)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [GameTracker] => C:\Program Files (x86)\GameTracker\GTLite.exe
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [Spotify Web Helper] => C:\Users\Duncan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-06] (Spotify Ltd)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [Amazon Music] => C:\Users\Duncan\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [OneDrive] => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-07-27] (Microsoft Corporation)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [Spotify] => C:\Users\Duncan\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-06] (Spotify Ltd)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2015-02-21]
ShortcutTarget: Roccat Talk.lnk -> C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2013-08-31]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-07-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-710853528-2284148312-1931307126-1000 -> {36FA9892-4FB8-4D82-81BB-DEE6D2063882} URL = https://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-710853528-2284148312-1931307126-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4CFCC91-CDF0-45E0-A120-90E5D791D33C}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F14BDAE5-D069-4030-B746-8FCB13C039FC}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-21] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-710853528-2284148312-1931307126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Duncan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-19] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-07]
 
Chrome: 
=======
CHR Profile: C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (YouTube) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-21]
CHR Extension: (Google Search) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (AdBlock) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-16]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-03-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-22] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Asus Product Register Service; C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe [62128 2012-09-11] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-19] ()
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-31] (Electronic Arts)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 ESEADriver2; C:\Users\Duncan\AppData\Local\Temp\ESEADriver2.sys [331592 2015-05-26] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-06-09] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150806.001\IDSvia64.sys [692984 2015-07-11] (Symantec Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150806.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150806.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 13:07 - 2015-08-07 13:07 - 00031100 _____ C:\Users\Duncan\Downloads\FRST.txt
2015-08-07 13:06 - 2015-08-07 13:07 - 00000000 ____D C:\FRST
2015-08-07 13:05 - 2015-08-07 13:05 - 02170368 _____ (Farbar) C:\Users\Duncan\Downloads\frst64.exe
2015-08-07 11:32 - 2015-08-07 11:32 - 00000000 ___HD C:\OneDriveTemp
2015-08-06 15:58 - 2015-08-07 11:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-06 15:58 - 2015-08-06 15:58 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-06 15:58 - 2015-08-06 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-06 15:57 - 2015-08-06 15:57 - 01476720 _____ C:\Users\Duncan\Downloads\SteamSetup.exe
2015-08-06 15:48 - 2015-08-06 15:49 - 00991232 _____ C:\Users\Duncan\Downloads\MicrosoftFixit50267.msi
2015-08-06 12:51 - 2015-08-06 12:51 - 00001808 _____ C:\Users\Duncan\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-08-06 12:51 - 2015-08-06 12:51 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\SUPERAntiSpyware.com
2015-08-06 12:51 - 2015-08-06 12:51 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-06 12:51 - 2015-08-06 12:51 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-06 12:51 - 2015-08-06 12:51 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-06 12:50 - 2015-08-06 12:50 - 22929720 _____ (SUPERAntiSpyware) C:\Users\Duncan\Downloads\SUPERAntiSpyware.exe
2015-08-05 22:21 - 2015-08-05 22:21 - 00000000 ____D C:\Windows\system32\log
2015-08-05 22:20 - 2015-08-05 23:21 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\Elex-tech
2015-08-05 18:51 - 2015-08-07 11:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 18:51 - 2015-08-05 18:51 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-05 18:51 - 2015-08-05 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-05 18:50 - 2015-08-05 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-05 18:50 - 2015-08-05 18:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-05 18:50 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-05 18:50 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-05 18:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-05 18:49 - 2015-08-05 18:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Duncan\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-22 09:55 - 2015-07-22 09:55 - 00000000 ____D C:\Users\Duncan\AppData\Local\CEF
2015-07-21 20:13 - 2015-07-21 20:13 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-21 20:07 - 2015-07-21 20:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-21 16:09 - 2015-07-21 16:09 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201507211609491606.log
2015-07-21 16:09 - 2015-07-21 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-21 16:07 - 2015-07-21 16:07 - 00000000 ____D C:\ProgramData\ATI
2015-07-21 16:06 - 2015-07-21 16:06 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-07-21 15:01 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-21 15:01 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-21 15:01 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-21 15:01 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-21 15:01 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-21 15:01 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-21 15:01 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-21 15:01 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-21 15:01 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-21 15:01 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-21 15:01 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-21 15:01 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-21 15:01 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-21 15:01 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-21 15:01 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-21 15:01 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-21 15:01 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-21 15:01 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-21 15:01 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-21 15:01 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-21 15:01 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-21 15:01 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-21 15:01 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-21 15:01 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-21 15:01 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-21 15:01 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-21 15:01 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-21 15:01 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-21 15:01 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-21 15:01 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-21 15:01 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-21 15:01 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-21 15:01 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-21 15:01 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-21 15:01 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-21 15:01 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-21 15:01 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-21 15:01 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-21 15:01 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-21 15:01 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-21 15:01 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-21 15:01 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-21 15:01 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-21 15:01 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-21 14:59 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 14:59 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 14:59 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 14:59 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 14:59 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 14:59 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 14:59 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 14:59 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 14:59 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 14:59 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 14:59 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-21 14:59 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-21 14:59 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-21 14:59 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-21 14:59 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-21 14:59 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-21 14:59 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-21 14:59 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-21 14:59 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-21 14:59 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-21 14:59 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-21 14:59 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-21 14:59 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-21 14:59 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-21 14:59 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-21 14:59 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-21 14:59 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-21 14:59 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-21 14:59 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-21 14:59 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-21 14:59 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-21 14:59 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-21 14:59 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-21 14:59 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-21 14:59 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-21 14:59 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-21 14:59 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-21 14:59 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-21 14:59 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-21 14:59 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-21 14:59 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-21 14:59 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-21 14:59 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-21 14:53 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-21 14:53 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-21 14:53 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-21 14:53 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-21 14:53 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-21 14:53 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-21 14:53 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-21 14:53 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-21 14:53 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-21 14:53 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-21 14:53 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-21 14:53 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-21 14:53 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-21 14:53 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-21 14:53 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-21 14:53 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-21 14:53 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-21 14:53 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-21 14:53 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-21 14:53 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-21 14:53 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-21 14:53 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-21 14:53 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-21 14:29 - 2015-07-21 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-21 14:29 - 2015-07-21 14:29 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-21 14:29 - 2015-07-21 14:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-08 22:18 - 2015-07-08 22:18 - 00000000 ____D C:\Users\Duncan\Documents\Banished
2015-07-08 12:01 - 2015-07-08 12:01 - 09469331 _____ C:\Users\Duncan\Downloads\WIN_20150708_114313.MP4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 13:06 - 2013-08-31 12:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 12:18 - 2014-07-13 12:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 12:17 - 2014-06-10 13:39 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\Spotify
2015-08-07 11:42 - 2015-05-21 16:12 - 00004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Dave-Duncan Dave
2015-08-07 11:32 - 2015-04-18 20:06 - 00000000 ___RD C:\Users\Duncan\OneDrive
2015-08-07 10:44 - 2015-05-05 12:25 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\Raptr
2015-08-07 10:43 - 2014-06-10 13:40 - 00000000 ____D C:\Users\Duncan\AppData\Local\Spotify
2015-08-07 10:43 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 10:43 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 10:41 - 2013-08-31 12:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 10:39 - 2013-08-27 15:45 - 01447804 _____ C:\Windows\WindowsUpdate.log
2015-08-07 10:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 10:35 - 2009-07-14 05:51 - 00110782 _____ C:\Windows\setupact.log
2015-08-06 20:40 - 2015-05-05 12:25 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-08-06 15:26 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-06 15:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-06 10:49 - 2009-07-14 03:34 - 00000079 ____H C:\Windows\system32\Drivers\etc\hosts.old
2015-08-06 09:22 - 2010-11-21 04:47 - 01781800 _____ C:\Windows\PFRO.log
2015-08-05 23:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Speech
2015-08-05 23:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-08-05 18:00 - 2013-09-20 16:14 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\TS3Client
2015-08-05 17:07 - 2013-09-20 16:13 - 00000000 ____D C:\Users\Duncan\AppData\Local\TeamSpeak 3 Client
2015-08-04 21:08 - 2013-08-31 12:28 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-01 13:09 - 2013-08-31 14:24 - 00000000 ____D C:\ProgramData\Origin
2015-07-31 13:23 - 2013-08-31 14:24 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-28 17:28 - 2014-05-10 23:37 - 00000000 ____D C:\Users\Duncan\Documents\Euro Truck Simulator 2
2015-07-28 16:32 - 2013-09-01 19:34 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-07-28 16:32 - 2013-09-01 19:32 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-27 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-27 15:27 - 2014-02-19 20:05 - 00002121 _____ C:\Users\Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-07-22 10:14 - 2015-05-21 16:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-22 09:45 - 2009-07-14 05:45 - 00442768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 22:08 - 2013-09-01 00:40 - 00000000 ____D C:\Windows\system32\MRT
2015-07-21 20:07 - 2014-08-29 11:02 - 00002225 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-21 20:07 - 2014-08-16 11:30 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-21 20:07 - 2014-08-16 11:27 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-21 18:23 - 2014-08-29 11:02 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-21 18:23 - 2014-08-29 11:02 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-21 18:23 - 2014-08-16 11:30 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-21 18:22 - 2013-08-31 13:52 - 00000000 ____D C:\ProgramData\Norton
2015-07-21 18:19 - 2013-11-28 15:57 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-21 17:06 - 2013-09-06 18:37 - 00000000 ____D C:\Users\Duncan\AppData\Roaming\Skype
2015-07-21 16:13 - 2014-01-22 16:15 - 00000000 ____D C:\Users\Duncan\AppData\Local\DayZ
2015-07-21 16:09 - 2015-05-05 12:22 - 00000000 ____D C:\Program Files\AMD
2015-07-21 16:08 - 2013-08-31 14:34 - 00000000 ____D C:\ProgramData\AMD
2015-07-21 16:08 - 2013-08-31 13:58 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-21 16:07 - 2013-11-05 00:22 - 00000000 ____D C:\AMD
2015-07-21 16:06 - 2013-09-06 18:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-21 16:06 - 2013-09-06 18:37 - 00000000 ____D C:\ProgramData\Skype
2015-07-21 16:04 - 2014-10-16 17:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-21 16:04 - 2013-10-17 14:44 - 00000000 ____D C:\ProgramData\Oracle
2015-07-21 16:02 - 2014-10-16 17:38 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-21 15:01 - 2013-08-31 12:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 15:01 - 2013-08-31 12:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-21 14:18 - 2014-07-13 12:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-21 14:18 - 2014-07-13 12:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-21 14:18 - 2014-07-13 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 19:12 - 2014-05-08 23:07 - 00000022 _____ C:\Windows\GPU-Z.INI
 
==================== Files in the root of some directories =======
 
2014-07-13 14:59 - 2014-07-02 14:24 - 0012005 _____ () C:\Users\Duncan\AppData\Roaming\alsoft.ini
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivx01b9
2015-07-06 10:43 - 2015-07-06 10:43 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx1899
2015-07-05 11:43 - 2015-07-05 11:43 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx1f41
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivx2356
2015-07-05 21:13 - 2015-07-05 21:13 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx2a67
2015-07-05 17:57 - 2015-07-05 17:57 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx6640
2015-07-05 11:43 - 2015-07-05 11:43 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx7910
2015-07-05 17:58 - 2015-07-05 17:58 - 0043682 _____ () C:\Users\Duncan\AppData\Local\Tempdivx9204
2015-07-05 11:43 - 2015-07-05 11:43 - 1328472 _____ (DivX, LLC) C:\Users\Duncan\AppData\Local\Tempdivx9332.exe
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivxce2c
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivxe257
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivxe5d6
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Duncan\AppData\Local\Tempdivxf6dc
 
Some files in TEMP:
====================
C:\Users\Duncan\AppData\Local\Temp\Ionic.Zip.dll
C:\Users\Duncan\AppData\Local\Temp\System.Data.SQLite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-03 10:54
 
==================== End of log ============================
 
 
And the second one:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Duncan (2015-08-07 13:07:43)
Running from C:\Users\Duncan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-710853528-2284148312-1931307126-500 - Administrator - Disabled)
Duncan (S-1-5-21-710853528-2284148312-1931307126-1000 - Administrator - Enabled) => C:\Users\Duncan
Guest (S-1-5-21-710853528-2284148312-1931307126-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
AlienFX for KoneXTD (Version: 1.02 - Roccat GmbH) Hidden
Amazon Music (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.017 - ASUSTek Computer Inc.)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.33122 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
CyberLink AudioDirector 5 (HKLM-x32\...\{78D01FB2-57B6-4612-89EC-5B19A93E5F43}) (Version: 5.0.4712.0 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2907.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Driving Test Success - All Tests (2009-2010) (HKLM-x32\...\Driving Test Success - All Tests_is1) (Version:  - Imagitech Ltd.)
Easy Tune 6 B12.1018.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1018.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESEA Client (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameRanger (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-4db170b1-6392-4eeb-b54d-62532c5f2f84) (Version:  - Epic Games, Inc.)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Play withSIX (HKLM-x32\...\{D7F3EEAD-183C-47DE-BDC5-593539573F97}) (Version: 1.30.0476 - SIX Networks)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0013 - Roccat GmbH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Spotify (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-710853528-2284148312-1931307126-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Manager B12.0822.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch_Dogs (Asia) (HKLM-x32\...\Uplay Install 545) (Version:  - Ubisoft)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-710853528-2284148312-1931307126-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A1DE8B8-62E3-4967-BB60-BC5F54CF8A30} - System32\Tasks\Amazon Music Helper => C:\Users\Duncan\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-07-22] ()
Task: {27989BA0-F475-43BF-9610-09BAA0C1789F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {48C77E81-ECD8-43C1-9B6A-06EEA7B6F00D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Dave-Duncan Dave => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {5A886606-6CC3-4FBB-B220-9425541A055C} - System32\Tasks\{E2AE6EB5-3921-4B88-B936-54E08620330A} => Chrome.exe 
Task: {68BD9168-E4FE-47FB-8534-DC093B3DBFAB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {84F9D77E-AA57-4ADB-8995-BF390655E76D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {904AD6E4-2564-47A1-B77A-FDCF455EA61A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {9D1FF66C-4900-47D6-B24F-A0DF50D5162D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {A4F2EC77-21C4-4985-8AB5-11DD6AF962EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {AE0C76A3-A09D-4B76-A82A-E0AD56312278} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {BB499BCD-5B4B-4A10-8553-8FE33C7306BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-21] (Adobe Systems Incorporated)
Task: {BB6347D2-64E4-48E2-A65E-8A3D761ED2C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {CCD57F40-27CB-401D-B2E0-EDAE513D655D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {DBA96841-F145-4C48-AEBD-0A0C33BD86D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {DBD84A10-5881-4255-AA68-5A97C4D626F5} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F47133D2-E98E-457D-A6B4-457ECAB6D542} - System32\Tasks\{C93D3361-48DA-48B4-90D4-0D41E68B54E0} => Chrome.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-22 21:37 - 2015-06-22 21:37 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2012-09-11 17:27 - 2012-09-11 17:27 - 00062128 _____ () C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
2015-05-21 16:08 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-01 19:32 - 2015-02-03 19:49 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-05-21 16:10 - 2015-05-21 16:10 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-16 11:11 - 2014-07-22 21:46 - 03356480 _____ () C:\Users\Duncan\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-06-22 21:37 - 2015-06-22 21:37 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2015-03-10 20:54 - 2015-08-06 17:43 - 45066808 _____ () C:\Users\Duncan\AppData\Roaming\Spotify\libcef.dll
2015-08-06 16:00 - 2015-07-03 17:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-06 16:00 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-06 16:00 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-06 16:00 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-06 16:00 - 2015-07-24 00:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-06 16:00 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-06 16:00 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-06 16:00 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-06 16:00 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-06 16:00 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-06 16:00 - 2015-07-24 00:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-06 16:00 - 2015-07-07 21:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-08-07 11:58 - 2015-08-07 11:58 - 00155232 ___HT () C:\Users\Duncan\AppData\Local\Temp\~871A.tmp
2015-02-21 19:09 - 2012-06-17 12:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2015-05-21 16:08 - 2015-05-21 16:10 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-03-10 20:54 - 2015-08-06 17:43 - 01649208 _____ () C:\Users\Duncan\AppData\Roaming\Spotify\libglesv2.dll
2015-03-10 20:54 - 2015-08-06 17:43 - 00080952 _____ () C:\Users\Duncan\AppData\Roaming\Spotify\libegl.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-08-06 16:00 - 2015-07-03 17:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-21 16:08 - 2015-05-21 16:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00317440 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00389120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 06683136 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00156160 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 01174016 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 01240064 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00351744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00607744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 01336320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00394752 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 03192320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 01762816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00143360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00230912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00996352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00582144 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 12357632 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 09923584 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00094208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00972800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2015-08-06 16:36 - 2015-08-06 16:36 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2015-08-06 16:36 - 2015-08-06 16:36 - 00012800 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2015-08-06 16:36 - 2015-08-06 16:36 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2015-08-06 16:36 - 2015-08-06 16:36 - 00173568 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll
2015-08-04 21:08 - 2015-07-31 07:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-04 21:08 - 2015-07-31 07:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-04 21:08 - 2015-07-31 07:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-710853528-2284148312-1931307126-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Duncan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{46A45351-C05C-4C96-A2A5-513CD357157E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DAC9D9F6-DAF1-4071-B237-0F79B4D00560}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6A2646AC-CC13-4AEB-8411-46F04118FC62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{D1BB8542-4AB8-42CB-9C16-63EB903063CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{8A4EB78F-61E5-4C45-A709-913AE99E008F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{95BA0166-28B0-4342-9588-92CF3F6BE545}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{2BDD1116-86F0-43D1-B88C-8526B50515AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TinyAndBig\tinyandbig.exe
FirewallRules: [{C06D79AD-5C80-4D80-BE67-F468BE218D8F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TinyAndBig\tinyandbig.exe
FirewallRules: [{43B1A2A9-D596-4C3A-916A-E685692919D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{AD500EF8-0547-4A5C-AC18-408F465F83C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{88BD64AE-F9BF-4615-91B4-E0A7BBED5B25}C:\users\duncan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\duncan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1DE0B542-587F-46D9-8294-5E91775A1A28}C:\users\duncan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\duncan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7346E0B5-E9D6-4DFC-BA5D-B227B1893778}] => (Allow) C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{B32FF9F6-CFD6-45A9-9801-FE94C4D5B50E}] => (Allow) C:\Program Files (x86)\Origin Games\Mirrors Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{CCD9F238-73EA-4E20-A275-EB2A3B537E86}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E6B299FF-D1BE-4215-832F-56FF689E7A78}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{5D01D6BF-E517-4CED-B18C-56D4E0FB937B}C:\users\duncan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\duncan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D2E3717F-7942-4E95-92F5-4CFA7889DB4D}C:\users\duncan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\duncan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3295C05C-8B3C-4B0B-8E41-5F4E9C16C7D1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DB305BEA-6502-4302-AE61-D4D7B8E481DE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{F89D1C01-0EAA-4D87-A78E-D3BCC6ECC94F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{3BEB3E0C-85A1-4E13-9397-351159047752}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B857FEB6-CC4C-415E-A474-17D69EA6098C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2A20C5D5-28D9-4F6D-8FE4-EE6D4D189CFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{FBD8E8BB-8D17-4972-B3A2-6701BF6000C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{7158717E-B6FC-4DB5-9640-2045D824FED2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{04EBC231-1915-409F-ACD1-24CCAC91CD07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{8469790A-FABF-4E91-B528-0BFC4B4E4FCC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{7DC1F368-8481-4440-9CBD-D985F267CC52}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{45508099-603D-4C6A-84EC-B7208A6A44F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\English Country Tune\English Country Tune.exe
FirewallRules: [{DAC4FE0A-822F-4C22-B069-33952CEE44EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\English Country Tune\English Country Tune.exe
FirewallRules: [{D0AE9F5D-0B6F-4E81-82A0-8E82762DA52B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{EBD2808F-22D1-46EC-B2E4-27D70949F65C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{61495086-0ABA-470C-B1C3-86AA79F66FC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{46268A40-7762-4856-AE7C-7BD7B05E2B21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{D3486BB7-C990-4A41-B5BC-B7228FAFB228}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{909AF055-DDF1-47B1-9E41-B2FD872ED1A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{2959FDC5-2ACC-4B40-8ABC-EEA04201134A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{FD15866B-7F05-4A04-84F2-126D68130DEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{801F9C66-CC20-4674-BAB8-CD8454B0E0AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4D5298E6-DDB5-4903-8E98-DA2CB2419750}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{04ECD103-16B4-48EC-B656-D5633BAC4DF8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{439832C1-31D8-42EC-9A87-C44D25A59DD3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{50B51C80-4D1E-4953-81E3-CEA5D5C61B1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{99F567F6-2531-4D2A-AF04-AFEC9A4ABA4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{14B63E0D-71D2-4252-9B46-6A38E03ADD75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0C572FF6-045F-4BBF-8AD0-465BAC7144CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C131BE23-4966-4B35-A06E-93909AF763EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{D936006B-9817-47F3-BA66-6A6D0A3A8A35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{2018B4BC-8A77-4B86-8770-170D8ACBE3D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{29B90931-D2B8-45C2-BE65-458DC988146B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{E3C1FA3F-F7EE-4F4D-8676-D6BE038D1ED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CC5C669F-E06E-4B77-A147-5948FFCA5AC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{19678740-435F-4C0C-B41C-3E59C55B0537}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{D410522E-3C7C-45CB-B28F-FB51311EECF4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{30F71B6A-E662-4B54-A464-B9F7E6EDA347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{297A321E-44C9-40E4-B905-706840C14BFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{83883693-4BB7-407A-882E-BE816B11AA00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{49CFF78B-ABEA-4E6A-A600-A27EA87E59E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FC5A00D5-95E7-4F51-99B2-411AACA27929}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Proteus\Proteus.exe
FirewallRules: [{76ED3FD5-BE07-4B11-904F-30079D19381A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Proteus\Proteus.exe
FirewallRules: [{7CE11741-7941-4769-960F-9B1FD1804923}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Proteus\Proteus.exe
FirewallRules: [{74C0D4AF-DF7A-4523-BB80-ABBF8D0612E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Proteus\Proteus.exe
FirewallRules: [{F45A93A1-1161-43C2-9B9F-F4DD0E9E81EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B9C777F7-5B34-4F37-B604-D292772B59A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E1437301-EA2C-407A-8190-42DD4E862840}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{DCE84294-DCEB-42CF-A41A-FCD674574C69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{4EA52FD6-28A3-4A94-A1D3-A9D38AC1B61A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{D86A3767-1B0F-482A-9B83-39511A469AE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{63B2024A-12C2-4F19-A929-490C104385DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{2FA2802D-9FA8-4DF9-AA85-F0E8A2C15C04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{9112E053-4B47-4A3E-A7FD-0933AE9E5CDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{93EAB315-510A-48A8-BB85-A40E06F68EE6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{83E2DCD6-D824-4466-9111-8ED5CFD6BB6A}] => (Allow) C:\Users\Duncan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{552B64B2-4A43-4DF2-B1E3-049775F144BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{89BE59E2-B926-46CE-9866-80C02AF0093C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{18285665-1224-4BA5-8585-7158CCCD18F9}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{331C5FD8-401E-4986-A4FF-20BA5B35CDC9}] => (Allow) D:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{B52BBF8E-2639-4BA2-9D6D-450D01EA41C2}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [{C39AAB57-BF2C-4EDE-83C8-A12CAA91A8B1}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [{D0022B92-472E-4473-A69A-8039E5A990E2}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [{56A3AB84-4C25-4C07-952F-09B8C2E7043B}] => (Allow) D:\SteamLibrary\SteamApps\common\The Ship\ship.exe
FirewallRules: [{38FDDBAE-D32F-4895-B14C-C85E31CAAE32}] => (Allow) D:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{C052BEE8-67D6-4460-9265-8F426922EB2F}] => (Allow) D:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BAC072EF-AE17-4E74-AEEC-3EF631EB1C9A}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{5132B114-5D6C-42C0-B1DB-EF54A14C5E2B}] => (Allow) D:\SteamLibrary\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{C943DAB0-D54A-4846-B4CF-191F6F2D36A8}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT 3\dirt3.exe
FirewallRules: [{A997F394-AE98-4EDE-8E22-82C78FE3572E}] => (Allow) D:\SteamLibrary\SteamApps\common\DiRT 3\dirt3.exe
FirewallRules: [{E3AEE843-1B9A-4A4B-A122-7D54B22D4ADB}] => (Allow) D:\SteamLibrary\SteamApps\common\f12013\F1_2013.exe
FirewallRules: [{041C23D0-8929-4AE8-B2D7-2A2499A921C7}] => (Allow) D:\SteamLibrary\SteamApps\common\f12013\F1_2013.exe
FirewallRules: [{9D759082-6C58-4DF7-9EA3-55AAB4998E5D}] => (Allow) D:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C3B02976-7DBC-4DE7-9D55-4FD78D97D346}] => (Allow) D:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{B4EF4ED4-EC62-467B-BC59-997CCB2A1A73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6367D5B4-9BDD-40E2-BE9E-8A02006F143F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C69D440C-3CEA-4CA9-B06B-ECCB8A9C3A78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{9FD6907E-2B44-4794-8CDF-04D6234D8469}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{CA236BC0-8360-40ED-955C-E167D02699C9}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DFCD4C1E-77C5-4219-AE4C-01B973AD080D}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{7B2B781A-A249-4DD5-B793-FEBB529F53DE}] => (Allow) D:\SteamLibrary\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{135DFF21-D77F-41C9-80AF-F0D2A6973A57}] => (Allow) D:\SteamLibrary\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{127FD84D-6542-4BCC-A348-9C0A1F8B5C95}] => (Allow) D:\SteamLibrary\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{535F671F-FF2D-44BB-BFD1-071702D8F684}] => (Allow) D:\SteamLibrary\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{B663ED65-899B-48A1-B987-0F9A14F8AA29}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{42E2F18F-249C-4ED8-AC9B-165C0037AE63}] => (Allow) D:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{1F9A352F-AFD8-4B4A-9EDF-94871FAD037A}] => (Allow) D:\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{4B12C586-30AA-417D-9104-59F74D322A6E}] => (Allow) D:\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{8D58D0DD-7299-481D-83F6-71BC771A725A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{7F65E14A-1A1E-4062-BA9A-BC9654D20D83}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{AD4FAD54-42FE-4FCB-BFDC-08A5D83FF15C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{6A25BDC5-9407-4F0C-B31C-306A79759CDD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{AE41EC79-29EB-4010-B680-915DB205F499}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{17355104-CB01-409A-9956-DE5C09CA50AC}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{7405FC89-2E40-4636-9A0E-8E5D707466C4}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{EFEC9277-0A3C-4C00-8417-FC628932E28C}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{C62810F3-D705-4892-9326-F13F28FC4E35}] => (Allow) D:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5BD15607-8E54-4913-8FDE-6BC95CF8C752}] => (Allow) D:\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{75D0704E-061E-43F4-9B81-7F7573DB8CD7}] => (Allow) D:\SteamLibrary\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A54DA5A5-B5B0-48A7-9177-EE21CC599E9B}] => (Allow) D:\SteamLibrary\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{113280E8-0D35-4CC9-ADF3-1CC0C49EE468}] => (Allow) D:\SteamLibrary\SteamApps\common\Floating Point\Floating Point.exe
FirewallRules: [{CC7D338C-6B52-4268-B2A4-99D1B8A9455E}] => (Allow) D:\SteamLibrary\SteamApps\common\Floating Point\Floating Point.exe
FirewallRules: [{D12B4F54-2FC6-4662-B226-FD55C7C63A14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{8D3615A3-F7D1-43B9-928B-B56974F05ECE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{EA11A1D3-DAED-47E3-8A93-A70C405780A5}] => (Allow) D:\SteamLibrary\SteamApps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{DAEDFF54-0EFC-41D8-AACA-00059692DE0A}] => (Allow) D:\SteamLibrary\SteamApps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{96234EFD-3A34-42E7-B7C1-9ECA94F3FE17}] => (Allow) D:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{8ED779AC-5EA2-4090-BC16-EFD0FAF0F54C}] => (Allow) D:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{90E5FC98-7934-4909-BB9C-7ED4A8D1C0EE}] => (Allow) D:\SteamLibrary\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{D6044F2E-2514-47F9-9140-B5ED3B5EC7A8}] => (Allow) D:\SteamLibrary\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{C2C7C043-4136-4CB2-9D61-D2A44D3966BF}] => (Allow) D:\SteamLibrary\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{56F92EDC-20AB-41B1-8B96-F383EE87EA8E}] => (Allow) D:\SteamLibrary\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{3A0AA522-0A14-49E5-9FB6-B237C8F41F1A}] => (Allow) D:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{40AFFA20-F121-4EAD-8C53-EC705552B41A}] => (Allow) D:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{C47EC004-9FB2-4B57-9211-8A52814266FE}] => (Allow) D:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{1AE358BE-37A0-43FE-B78D-663224B5236C}] => (Allow) D:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{7DAEA47C-ED02-410B-BA52-DB6234D097E2}] => (Allow) D:\SteamLibrary\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{5B8833D2-5933-42E6-A6E5-68AB204F8493}] => (Allow) D:\SteamLibrary\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{5788EC90-0F10-447A-B7EF-C0DD55785131}] => (Allow) D:\SteamLibrary\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{60421C13-F2F4-43AE-B139-72095AF7C6BA}] => (Allow) D:\SteamLibrary\SteamApps\common\The Swapper\TheSwapper.exe
FirewallRules: [{F0EB17EE-FB5E-43DE-B034-44CB97C15338}] => (Allow) D:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{536BBDBB-BDE7-4CB9-AB9F-C10E285BB5CB}] => (Allow) D:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{B9930FFB-073A-414B-81C4-CEA34EDEEBC5}] => (Allow) D:\SteamLibrary\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{3E0C06BD-4C1B-40EF-A1D0-C46A5BA01FF4}] => (Allow) D:\SteamLibrary\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{7DAEC9CF-FA94-44A1-9C2C-E0046EEE28F4}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C99C07AE-25B5-43D9-9C4A-19FC26C1B574}] => (Allow) D:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C26F535A-1BD1-49CF-8EB7-6C0C7BCAC371}] => (Allow) D:\SteamLibrary\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{97AFF92C-7676-4D02-8F56-3625C9945A80}] => (Allow) D:\SteamLibrary\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{2186BFFE-6789-49F0-8654-43339F9A30DD}] => (Allow) D:\SteamLibrary\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{D45EAD49-004B-4621-9515-00922BBC2AE0}] => (Allow) D:\SteamLibrary\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{57E2A2E0-CD20-480D-8F6D-3D81EED2FB69}] => (Allow) D:\SteamLibrary\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{C6CC68FA-C8C0-464E-9789-EE8EC125F7D6}] => (Allow) D:\SteamLibrary\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{1CA4B9F6-CBED-4214-A8C5-086ECF2E3850}] => (Allow) D:\SteamLibrary\SteamApps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [{3C327897-E916-452C-8B1B-D05C645E41FD}] => (Allow) D:\SteamLibrary\SteamApps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [{3E664A77-C1B6-47F1-850B-C75E972DD895}] => (Allow) D:\SteamLibrary\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{658F6E50-A2C7-40AD-9AC8-BE8A0671B26A}] => (Allow) D:\SteamLibrary\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{33367AA7-9653-4BA9-A677-07261203AAE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
FirewallRules: [{834F09F1-E2B7-4AC8-84CB-D7F71CCED637}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
FirewallRules: [{7AC45FA4-B630-473A-9EC0-88B2083BC37D}] => (Allow) D:\Common\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{781C0BCE-972D-4E0E-9545-E5B771AE3053}] => (Allow) D:\Common\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{04393706-7971-479E-93DD-6F60B2A241C3}] => (Allow) D:\Common\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{E8347B48-4E4F-4BE2-AAEE-53BCBDDDC2C0}] => (Allow) D:\Common\SteamApps\common\FEZ\FEZ_LaunchOptions.exe
FirewallRules: [{C740A0FE-5290-4473-852E-87F21F5FCCA8}] => (Allow) D:\Common\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{1D4FF3F7-4EF5-4EC9-80E7-24FF5F3C6DB5}] => (Allow) D:\Common\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CE1D47DC-CF8F-475D-B6A2-40033BC8828F}] => (Allow) D:\Common\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{E0651947-DC1F-44A7-93C5-49572E9C1559}] => (Allow) D:\Common\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{834FC5C0-CA71-480E-A775-5EEF8F406F69}] => (Allow) D:\Common\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{6902E0AF-5FA0-4EFC-B994-0F979E4448ED}] => (Allow) D:\Common\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{DE16C7CE-2FEE-4C2A-A858-CB05D25E590D}] => (Allow) D:\Common\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{3105738B-396E-4794-B41F-C622751516BB}] => (Allow) D:\Common\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{DFC60687-369D-402D-B8F1-2336A4CCEC07}] => (Allow) D:\Common\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{A1A6E403-5835-4850-9818-D6E9C565C93C}] => (Allow) D:\Common\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{0D8BBF39-D93A-457C-835B-30F5B015DFF4}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{D3887213-5E76-45C5-85FA-528D60C893A7}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{17718A15-1A14-4210-BDA1-1EFC013EDE5C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{9707E449-1DEC-4454-B562-5DDEF76787A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{609CA7E9-D47E-4510-B446-F26939517770}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{0D78A373-AF6F-4011-8F62-65CE64F0DD0C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{EFB21EF1-F84D-4AC2-A34D-A84E40802EB2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{AE07C6A7-6BF4-43C7-B8EF-DDC92C833B05}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{8CDD423C-214D-4C4D-8515-A918C2E7E163}] => (Allow) D:\Common\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C4FF293D-8BE9-4F40-94B8-2536EA84D3E4}] => (Allow) D:\Common\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{DB5692AB-8722-49DC-8F40-5EC35D2AA2C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{54A39E7F-06A3-4CF9-AFBD-DC54C4C5F327}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [TCP Query User{A0F1EF86-5387-4CE4-8F79-715A91C41ED9}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{414147E6-D377-4F1E-B778-39E8C8A37926}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [{03C8739D-52F7-435A-B6B3-A5B8B4E000FA}] => (Allow) D:\Common\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{050AE394-83D1-4AE7-A628-7598CE57155A}] => (Allow) D:\Common\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{08F0D845-675C-438C-8A0E-7C7EBDBD6716}] => (Allow) D:\Common\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5263769B-1CCD-44DB-ADFD-9C66BE9406EE}] => (Allow) D:\Common\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{06668353-6776-4B51-947D-F14096A70C9C}] => (Allow) D:\Common\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EBE8CC5F-422E-4E0E-808E-00FD960C35F6}] => (Allow) D:\Common\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{C88D46C8-3E59-4C3A-A2A0-3A225129617D}] => (Allow) D:\Common\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{5334F283-87EC-4E46-A52C-F1DA7DD4E02C}] => (Allow) D:\Common\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{DE9A1098-A517-46CD-BD18-AFCF7211C179}] => (Allow) D:\Common\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{51148928-04A6-472F-8DBC-4BDE9E892255}] => (Allow) D:\Common\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{487CABDD-E855-41BB-9196-A8A15CBEE7ED}] => (Allow) D:\Common\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{DAE26F21-E1FA-42DB-9852-67010C3137B8}] => (Allow) D:\Common\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{32E1CA26-C509-4147-BC90-A5AB5E76527A}] => (Allow) D:\Common\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{C63F76F9-BDE2-4028-8F02-EA403CD8812D}] => (Allow) D:\Common\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{C7940AF0-99C6-4BDA-BFD3-B9789B3B96EA}] => (Allow) D:\Common\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{20D22D98-44D3-4618-8CE2-E2FC6178A854}] => (Allow) D:\Common\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{D3F5E791-ECA3-447B-BEBF-9AE73C531CCE}] => (Allow) D:\Common\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B14C7774-6E51-456E-8BFB-648EF50D73CC}] => (Allow) D:\Common\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{B44084A5-D388-4423-B726-62716E11E1FE}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{1291AF4E-F53B-4E5D-816D-C05597D22568}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [{D94B8E28-FC68-458B-BD10-473B06D5E334}] => (Allow) D:\Common\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{0FAD3FC9-34D4-49EF-B3AA-10678D5401F9}] => (Allow) D:\Common\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{9236DF29-39EB-4987-9EED-31C5864BF1CA}] => (Allow) D:\Common\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{082A60CC-1EAF-4D7F-B18D-C2869405C685}] => (Allow) D:\Common\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{9C3FDBD5-7FF6-4A2D-B2BD-6C1FAD4D5186}] => (Allow) D:\Common\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{5C46AD44-1F8C-4992-86C1-86683D315233}] => (Allow) D:\Common\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{7D25777F-BFDA-4C32-A19A-655854F7E19E}] => (Allow) D:\Common\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{356DCBF3-F49F-46DA-964B-45DD92473D51}] => (Allow) D:\Common\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{91B06B02-F64D-41B1-959E-CE65D6872F85}] => (Allow) D:\Common\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{82FC846B-D85D-4DDB-B28F-7347297141B9}] => (Allow) D:\Common\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{58233FE0-CD68-4618-A8C3-1CE4E9F3D354}] => (Allow) D:\Common\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{79754AAE-8104-4569-9195-5DAE5F6B9B7A}] => (Allow) D:\Common\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{D7B915BD-A75D-4BE8-83D7-48C6AFBAAFA7}] => (Allow) D:\Common\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{D8A5ACF1-D8FD-48FF-AA4D-BF9A42E12236}] => (Allow) D:\Common\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{9D975408-A513-4261-B470-8BAFD4A19E2E}] => (Allow) D:\Common\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{96ED489E-9938-484F-8329-3906741311B7}] => (Allow) D:\Common\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{56B4C38E-9C72-4AB3-B154-ED2534F2FCAF}] => (Allow) D:\Common\SteamApps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [{AF1AC05F-8795-405C-ABFA-13999EAB3839}] => (Allow) D:\Common\SteamApps\common\Defy Gravity\DefyGravity.exe
FirewallRules: [TCP Query User{60C53D0A-3DD7-424A-93DA-B9935356DFD6}D:\common\steamapps\common\war thunder\aces.exe] => (Allow) D:\common\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{FC288046-3283-44DA-9278-B3E6239D5D2F}D:\common\steamapps\common\war thunder\aces.exe] => (Allow) D:\common\steamapps\common\war thunder\aces.exe
FirewallRules: [{F28D9A7D-FA26-48D5-A7F1-C3AB35F2AF7A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A574363E-23E5-431D-8989-1F54E87DE1E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4265B1B1-CA94-41E5-B318-7EFA40053478}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs (Asia)\bin\watch_dogs.exe
FirewallRules: [{E137DDAF-CAC7-406B-8EA2-861D5ED5B62F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs (Asia)\bin\watch_dogs.exe
FirewallRules: [{7051552B-F0C7-44BB-A055-D559F21D678D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{3D4FD962-4981-4727-8909-AC643E1F2167}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [TCP Query User{E59A25CD-8C82-4A89-8A12-B7C9D1CC46AB}C:\users\duncan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\duncan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{6F8ACEBC-419C-4EC2-91D2-41506120D20E}C:\users\duncan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\duncan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{BB7EEE63-CD5A-4BCD-9996-C37274AE34EC}F:\age_of_empires_ii___the_conquerors_expansion\age of empires ii + the conquerors expansion\age2_x1.exe] => (Allow) F:\age_of_empires_ii___the_conquerors_expansion\age of empires ii + the conquerors expansion\age2_x1.exe
FirewallRules: [UDP Query User{01383E77-B6FB-4909-A35F-4F5F27B078F3}F:\age_of_empires_ii___the_conquerors_expansion\age of empires ii + the conquerors expansion\age2_x1.exe] => (Allow) F:\age_of_empires_ii___the_conquerors_expansion\age of empires ii + the conquerors expansion\age2_x1.exe
FirewallRules: [TCP Query User{E20F01AD-AB37-4845-8D9B-F0727F27CBD1}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{13E7A4D9-8832-4D77-BBB4-FACB388477C6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{C56783C9-6C2C-4776-983B-81E1985FF6FE}] => (Allow) D:\Common\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{5C9868EA-DE97-461F-8985-396BEEEE6F6C}] => (Allow) D:\Common\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E5A30624-2049-470E-9540-1797406560C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{11F9BEA9-E031-48A6-8F1C-BCE1A04640A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{B5D4AAD1-8D34-4D07-8515-07A2A92A8D2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{9344BE5C-D656-4920-8C45-0A033496E82A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{389A499B-AA20-4652-B57E-B1722F740716}] => (Allow) D:\Common\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{76FA6347-E930-4D0C-A227-130E5F2C19AB}] => (Allow) D:\Common\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{26CC3D51-2A51-4C2A-8055-F5452CA57F95}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{06D42225-199C-4659-8F5C-8AD29B16B35E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6CC6D6B0-881E-4048-9B27-01C1979731B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DC85B9D3-6ACB-4B52-8E96-462D5E667FA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5FF39A4-A5FA-4CC8-A21E-F3643F900596}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{708B3E9C-FE0A-49A7-977B-9DAFD7254DB3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{A58DF9A6-E535-42A7-AE46-B802ADB990DF}] => (Allow) D:\Common\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{7A9E9F93-B93E-4C36-BF2E-21C6922A45F2}] => (Allow) D:\Common\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{ECD9890B-896A-42DA-806B-75D6709DB758}] => (Allow) C:\Users\Duncan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DA39C30B-BA34-4480-AF3E-B3A0B0902DE4}] => (Allow) D:\Common\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A2FC12B7-E1D2-4264-8166-4CFAFE6E951B}] => (Allow) D:\Common\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{AB43D9CD-DAF6-4827-9D9F-3622DFEDE9E6}] => (Allow) D:\Common\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{7B3B2369-D28E-414B-A554-AD085D596A8D}] => (Allow) D:\Common\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{A4D0FBDD-323C-4797-B9FD-F169C39BF865}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4BAEFE85-1CD9-4BCA-893E-BC7555941AFC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C17A2BAF-2480-4D10-B1C8-D606CE922DF2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{01F45329-E080-4D51-8B6F-F099B05B1CAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{498A04CA-5CF5-4869-97C9-3236899B899F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D2869A1A-2B25-4F6D-B876-311C2790977C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte_x86.exe
FirewallRules: [{7FF86DBB-B141-436F-9B8E-C08EC364F15A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte_x86.exe
FirewallRules: [{475F9F93-0590-4F44-A2B0-BD3B24DAF8E1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte.exe
FirewallRules: [{896A705F-F0D5-48F2-8F7F-41AFA4209794}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte.exe
FirewallRules: [{D10237C3-FFFE-4479-89CD-5C34C0637CD7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{981EBE1C-2BEA-4019-88FE-5C7025177E11}] => (Allow) D:\Common\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{AC8F130D-874E-429D-8B4C-80CF26562EAD}] => (Allow) D:\Common\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{4CD3C9C9-C45E-43D2-8A98-C0E952CF95EC}] => (Allow) D:\Common\SteamApps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{C9AC98E7-0E1B-4472-8580-4A0278330AF1}] => (Allow) D:\Common\SteamApps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{43C7CCA3-1EA8-4306-A419-D8EE24A4432E}] => (Allow) D:\Common\SteamApps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{87ACC209-CACE-49F1-BB3A-C608ED36C65B}] => (Allow) D:\Common\SteamApps\common\Melissa K and the Heart of Gold\MelissaK_Steam.exe
FirewallRules: [{A41F8634-37F2-45BC-A441-FF1FD0E44F7B}] => (Allow) D:\Common\SteamApps\common\Lilly and Sasha Nexus of Souls\NexusOfSouls.exe
FirewallRules: [{C68B398D-745C-48EF-9479-5FFACD7B781C}] => (Allow) D:\Common\SteamApps\common\Lilly and Sasha Nexus of Souls\NexusOfSouls.exe
FirewallRules: [{F1817369-F653-4996-A768-66CE21DA6560}] => (Allow) D:\Common\SteamApps\common\Zombie zoeds\Zombie zoeds.exe
FirewallRules: [{FF9E85A7-E3EE-4665-8764-3E26ADCF9F05}] => (Allow) D:\Common\SteamApps\common\Zombie zoeds\Zombie zoeds.exe
FirewallRules: [{7C982B35-F0F3-45C1-9AED-F3515BDD2B9E}] => (Allow) D:\Common\SteamApps\common\Rush for Glory\RfG.exe
FirewallRules: [{E5C246F7-5B43-4555-9BE2-C3B65D367F3C}] => (Allow) D:\Common\SteamApps\common\Rush for Glory\RfG.exe
FirewallRules: [{AB656FA3-1869-4F33-A7B0-C72E4B6181EC}] => (Allow) D:\Common\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{F9BE22B9-3478-451F-88EA-48EED6BFEF2B}] => (Allow) D:\Common\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{F0903AFE-8124-4841-9125-1FA34C6E7072}] => (Allow) D:\Cyberlink\PowerDirector13\PDR10.EXE
FirewallRules: [{B951DF0C-EF21-4F5A-A45D-47C671753C1E}] => (Allow) D:\Common\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{72D6AC41-5937-45DD-93FE-D28D520F77BC}] => (Allow) D:\Common\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{3D9C4BFD-8D54-4149-A319-E2983B9C4A75}] => (Allow) D:\Common\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{BDDF90CA-7759-49FC-92B8-75069C042345}] => (Allow) D:\Common\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [TCP Query User{21C647A0-E7A1-49FA-A55C-34DEDD0AC5CB}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{684C32C2-1F31-4340-841F-7720AF370E4F}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{9728E654-A7BD-4D86-A8AC-3D30A6F5C48B}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{C95A1247-FFC6-4CFC-99F5-3A9381C7D928}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [{EBA6B59D-B2B5-48AC-ABF5-DC8636C437F0}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{D62178A8-6C0A-4038-9367-5CA6DBC9D801}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{3325EBFC-5CE6-43EB-AE1E-588D859AEC96}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{6BCD7F89-614A-400B-B6A9-3F82E9A894F5}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{8DD76196-C009-48DC-8B22-636B56D971A0}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{D6BC56CA-FAD9-4D4D-BBAC-DEF4394D83AE}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{DA6852F2-A23C-4562-BFB7-D38DE2340E5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{4D96937C-273F-4FD2-B7B7-F0ABD8CB8A7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{D26235D9-6DE8-454D-A436-4F8CB0145393}] => (Allow) D:\Common\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{174B8879-C452-408C-809B-33053885821F}] => (Allow) D:\Common\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{767573F6-55D8-470A-B3E9-E1580A765FDF}] => (Allow) D:\Common\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9CAD4763-B49F-421E-A2A6-747BD484C629}] => (Allow) D:\Common\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F08FC53C-6960-4B0C-8FAA-B86881C06CE9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3DE788A6-4FC6-4CE4-9A21-B7CF23404813}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DD5D1196-F00F-4F1F-9249-BE153AC024FD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8FC26717-A625-40C0-9366-F64A5917CADF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C09F7BA8-8CE6-4C0E-90BE-950798C173C3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{03E0256F-1C66-404E-B8A1-2446C9595F49}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{ECDA7FC3-9255-46C6-98FA-D2F76484D8EF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7B919359-E7DE-44EE-9654-258DD194AE56}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7340C666-313E-4179-8CCE-EFD2C7D87366}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{D993B662-4178-43D9-9C5D-79E1C7FF0D70}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{2F7F5C1E-FE9C-45E0-A697-E9CA9ECF81A0}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{F67C1FE6-F524-4268-B2B1-404E40B0A5D8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{17E3405A-5E53-4C42-AB34-14A4F0E1500E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3B2F89B2-6E27-4BB6-AE97-EEDF2156C5AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{7E7FDCFE-5A2C-4FB6-A5AF-ADEF970606B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: TP-LINK 150Mbps Wireless N Adapter
Description: TP-LINK 150Mbps Wireless N Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2015 12:53:25 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\24d05e22-d008-49a6-9a58-ad1ebd7e2666.dmp
 
Error: (08/07/2015 11:44:05 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\eea04fac-55d9-437d-83e3-4b7df6856a3b.dmp
 
Error: (08/07/2015 10:36:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 11:10:07 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\364b7270-64f0-42ea-87bf-a2afcdb4caa3.dmp
 
Error: (08/06/2015 09:43:24 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\fa963b0e-9856-4de6-acc1-9ccff2525b11.dmp
 
Error: (08/06/2015 03:52:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:49:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-710853528-2284148312-1931307126-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e2177ae6-2242-4319-82fe-0fd8129e515b}
 
Error: (08/06/2015 03:35:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:31:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:26:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
 
 
System errors:
=============
Error: (08/07/2015 12:17:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (08/07/2015 12:17:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (08/07/2015 10:35:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (08/06/2015 06:38:16 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/06/2015 03:51:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (08/06/2015 03:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (08/06/2015 03:29:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (08/06/2015 03:26:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10044
 
Error: (08/06/2015 03:26:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/06/2015 03:26:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10044
 
 
Microsoft Office:
=========================
Error: (08/07/2015 12:53:25 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\24d05e22-d008-49a6-9a58-ad1ebd7e2666.dmp
 
Error: (08/07/2015 11:44:05 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\eea04fac-55d9-437d-83e3-4b7df6856a3b.dmp
 
Error: (08/07/2015 10:36:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 11:10:07 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\364b7270-64f0-42ea-87bf-a2afcdb4caa3.dmp
 
Error: (08/06/2015 09:43:24 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=44.0.2403.130;lang=;guid=11EB0956CBC74AD89D39FFCAA5F929F0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\fa963b0e-9856-4de6-acc1-9ccff2525b11.dmp
 
Error: (08/06/2015 03:52:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:49:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-710853528-2284148312-1931307126-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e2177ae6-2242-4319-82fe-0fd8129e515b}
 
Error: (08/06/2015 03:35:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:31:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 03:26:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10044Initialize call failed, bailing out
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 43%
Total physical RAM: 12285.55 MB
Available physical RAM: 6904.85 MB
Total Virtual: 24569.3 MB
Available Virtual: 18304.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:646.84 GB) NTFS
Drive d: (Other Shizzle) (Fixed) (Total:931.51 GB) (Free:655.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DCA27D1C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 52ABA12F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:45 AM

Posted 07 August 2015 - 08:00 AM

Hi Macbeth_77,

 

Everything looks good in your FRST log.  :thumbsup2:

 

Finally we have an ESET scan - note that the ESET scan can take up to several hours, so make sure to run it at a time when you don't anticipate having to turn off your computer soon.

 

===============================================================

 

ESET Online Scanner

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Macbeth_77

Macbeth_77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 07 August 2015 - 12:55 PM

Hi Cody, just completed the ESET Scan, pasting the log below:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# end=init
# utc_time=2015-08-07 03:00:01
# local_time=2015-08-07 04:00:01 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25175
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# end=updated
# utc_time=2015-08-07 03:05:01
# local_time=2015-08-07 04:05:01 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# engine=25175
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-07 03:08:24
# local_time=2015-08-07 04:08:24 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 854600 201556689 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60931132 191425154 0 0
# scanned=2102
# found=26
# cleaned=0
# scan_time=202
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CD1B47CC2DBB22ACC520161798FB4404B75C1EA0 ft=1 fh=7f3c99525a19b2f5 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# end=init
# utc_time=2015-08-07 03:37:45
# local_time=2015-08-07 04:37:45 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25175
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# end=updated
# utc_time=2015-08-07 03:38:04
# local_time=2015-08-07 04:38:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=a0aa7b57da43734fb8eea82e9ff2944f
# engine=25175
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-07 05:06:22
# local_time=2015-08-07 06:06:22 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 861678 201563767 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60938210 191432232 0 0
# scanned=295674
# found=37
# cleaned=0
# scan_time=5297
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CD1B47CC2DBB22ACC520161798FB4404B75C1EA0 ft=1 fh=7f3c99525a19b2f5 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Duncan\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=26E10EFC88D516E8CF534198C956BE1BFC590D15 ft=1 fh=d2cf3574a5c7d32c vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Duncan\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe"
sh=9896C412D952F7C5D17EF63E8E539D3F94EE6A8B ft=1 fh=d8a7fb087506fd28 vn="a variant of Win32/RegistryNuke application" ac=I fn="C:\Users\Duncan\Downloads\AdvancedFix_Setup.exe"
sh=26E10EFC88D516E8CF534198C956BE1BFC590D15 ft=1 fh=d2cf3574a5c7d32c vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Duncan\Downloads\uTorrent.exe"
sh=EE9870CBECEFA38FB4BB164B20A25F3B5D97BCA3 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\f8a64.msi"
sh=1B099764E86292A0FF0113205C5A5D5885F7D33D ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\fb2f71.msi"


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:45 AM

Posted 07 August 2015 - 01:43 PM

Hi Macbeth_77,

C:\Users\Duncan\Downloads\uTorrent.exe

Everything looks good in your ESET log too, though I'd like to make one note to you regarding the above line. Beyond that, you are good to go! :)

Please read and consider the following.
 
=========================================

goGMWSt.gifP2P Warning

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs. Please read the following articles for more information.Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned program(s), right-click and click Uninstall. Follow the prompts.
If you choose not to, please refrain from using the program(s) during this process.
 
=========================================

All Clean!

Congratulations on your clean PC! :thumbup2:

For keeping your PC clean, there are a few main things to keep tabs on:

1) Make sure to keep your antivirus software up to date.

2) Keep Java, Adobe Flash Player, and Adobe Reader up to date.

3) Run periodic scans using your antivirus software and Malwarebyte's Antimalware.

4) Most importantly, practice safe browsing. You are the ultimate protection tool.

=======================================================================

Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.

=======================================================================

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:This thread will remain open for 48 hours after the posting of this "all-clean" for any questions you may have.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Macbeth_77

Macbeth_77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 07 August 2015 - 01:47 PM

Hi Cody,

 

great, thanks a lot for your help! I'll have a look at removing uTorrent! Thanks again!



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:45 AM

Posted 07 August 2015 - 01:50 PM

You're very welcome. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users