Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with MICROSOFT-COMPUTER-ERROR.COM immovable image blocks screen


  • This topic is locked This topic is locked
8 replies to this topic

#1 GranPaSmurf

GranPaSmurf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:01:57 AM

Posted 10 July 2017 - 06:29 PM

Using Chrome on fully up to date Win 10, a pop-up covers the screen saying:

microsoft-computer-error.com says:

Your computer is in blocked state.

SYSTEM WARNING:

DO NOT PRESS ANY KEY UNTIL YOU KNOW SAFE SIDE INSTRUCTIONS. (blaa, blaa, blaa}

I started following the tutorial from BleepingComputer.com but ran into a problem and am now asking for help.  See logs below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Payton.Robinson (administrator) on JANGALANG (10-07-2017 17:59:29)
Running from C:\Users\Payton.Robinson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Payton.Robinson (Available Profiles: Payton.Robinson)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Synergy\synergyd.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dashlane, Inc.) C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Synergy\synergy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\Synergy\synergys.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1053880 2017-06-24] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-18] (Valve Corporation)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [Dashlane] => C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-06-09] (Dashlane, Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [DashlanePlugin] => C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-06-09] (Dashlane, Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [GoogleChromeAutoLaunch_E45331950B692180895AF9B74C5AFB67] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{56cce3c5-d765-4d5c-b0e3-8c44bb123f14}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a538518c-8264-4753-a5e3-0ff4273e612a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001 -> {387B7F07-3CAC-4026-965D-27E71104E8CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=09f9f54dfa7e42bcac8b76d12bf3d7c6&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&r=481
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-06-09] (Dashlane, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-06] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-06] (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-06-09] (Dashlane, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
Edge: 
======
Edge Extension: (No Name) -> 9nblggh4x0qw_EvernoteEvernoteWebClipper_q4d96b2w5wcc2 => C:\Program Files\WindowsApps\Evernote.EvernoteWebClipper_6.12.1.0_neutral__q4d96b2w5wcc2 [2017-06-20]
 
FireFox:
========
FF DefaultProfile: krebs.don@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?pli=1#inbox","hxxps://www.facebook.com/KringleKrebs","chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/homelocal2.html","hxxps://www.google.com/settings/personalinfo","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR NewTab: Default ->  Active:"chrome-extension://ncdfeghkpohnalmpblddmnppfooljekh/core/newpage-pop.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Slides) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-18]
CHR Extension: (Google Docs) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-18]
CHR Extension: (Google Drive) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-18]
CHR Extension: (Google Groups) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2017-06-28]
CHR Extension: (ColorZilla) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-06-28]
CHR Extension: (YouTube) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-18]
CHR Extension: (Bing) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2017-05-18]
CHR Extension: (Honey) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-02]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2017-06-28]
CHR Extension: (High Contrast) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-06-28]
CHR Extension: (Dropbox for Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-06-05]
CHR Extension: (Gmail Offline) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-06-28]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-07-03]
CHR Extension: (Google Sheets) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
CHR Extension: (AdBlock) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-28]
CHR Extension: (MusixHub Start) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2017-07-02]
CHR Extension: (Save to Google Drive) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-06-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-07-06]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2017-06-28]
CHR Extension: (Notifier for Twitter) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2017-06-28]
CHR Extension: (Dropbox) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2017-06-28]
CHR Extension: (Interrobang) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmlnjjmjkbeolfilplmajdjbmmopoll [2017-06-28]
CHR Extension: (Page Ruler) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2017-06-28]
CHR Extension: (WeatherBlink) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2017-07-02]
CHR Extension: (Local Bank Serving San Antonio, TX & ...) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnofigkkhgonnmbpijbllcpphkjfcigm [2017-06-28]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-05-29]
CHR Extension: (RT News) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2017-06-28]
CHR Extension: (Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2017-06-28]
CHR Extension: (Google Hangouts) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-06-28]
CHR Extension: (WorkFlowy) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2017-06-28]
CHR Extension: (Google Play) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-06-28]
CHR Extension: (Evernote Web) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2017-06-28]
CHR Extension: (HTML5 Responsive Animator) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkiefejkflopfbagflkahaakmfjjdbd [2017-06-28]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-07-02]
CHR Extension: (FromDocToPDF) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-06-28]
CHR Extension: (Boomerang for Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-06-28]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2017-07-02]
CHR Extension: (Google Hangouts) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-06-28]
CHR Extension: (LastPass Vault) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2017-06-28]
CHR Extension: (AVG Secure Search) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-18]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-06-28]
CHR Extension: (HubSpot Sales) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-07-07]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-07-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-29]
CHR Extension: (Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-02]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-08-27] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-11] ()
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-10-29] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [307848 2017-03-16] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1053880 2017-06-24] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 athur; C:\WINDOWS\system32\DRIVERS\athurx.sys [1724416 2010-10-10] (Atheros Communications, Inc.) [File not signed]
S3 hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2014-06-23] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-10] (Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [127728 2017-07-10] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66656 2017-06-22] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 17:59 - 2017-07-10 17:59 - 00000000 ____D C:\FRST
2017-06-28 10:46 - 2017-06-28 10:46 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-28 10:44 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Google
2017-06-26 13:47 - 2017-06-26 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-26 09:35 - 2017-06-26 09:35 - 00003672 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-krebs.don@gmail.com
2017-06-26 09:34 - 2017-06-26 09:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-26 09:33 - 2017-06-26 09:33 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 14.lnk
2017-06-26 09:33 - 2017-06-26 09:33 - 00001218 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 14.lnk
2017-06-26 09:26 - 2013-09-03 05:01 - 00056336 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2017-06-26 09:26 - 2012-04-24 05:01 - 00011376 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2017-06-26 09:26 - 2012-04-24 05:01 - 00010864 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2017-06-26 09:18 - 2017-06-26 09:18 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Macromedia
2017-06-26 09:17 - 2017-07-10 02:00 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Adobe
2017-06-26 09:14 - 2017-06-26 09:17 - 00000000 ____D C:\Users\krebs\AdobeElements14
2017-06-26 08:58 - 2017-06-26 08:58 - 00000000 ____D C:\Users\krebs\ReadMe
2017-06-26 08:56 - 2017-06-26 08:58 - 00000000 ____D C:\Users\krebs\PSE 14
2017-06-26 08:55 - 2017-06-26 09:14 - 00000000 ____D C:\Users\krebs
2017-06-26 08:12 - 2017-06-26 08:44 - 1454644648 _____ (Adobe Systems Incorporated) C:\Users\Payton.Robinson\Downloads\PhotoshopElements_14_LS28_win64.exe
2017-06-26 05:27 - 2017-06-26 05:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-22 06:41 - 2017-06-22 06:41 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Skype
2017-06-17 13:41 - 2017-06-17 14:47 - 00000000 ____D C:\Users\Payton.Robinson\AppData\LocalLow\BitTorrent
2017-06-14 11:54 - 2017-06-03 05:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 11:54 - 2017-06-03 05:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 11:54 - 2017-06-03 05:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 11:54 - 2017-06-03 05:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 11:54 - 2017-06-03 05:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 11:54 - 2017-06-03 04:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 11:54 - 2017-06-03 04:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 11:54 - 2017-06-03 04:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 11:54 - 2017-06-03 04:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 11:54 - 2017-06-03 04:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 11:54 - 2017-06-03 04:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 11:54 - 2017-06-03 04:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 11:54 - 2017-06-03 04:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 11:54 - 2017-06-03 04:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 11:54 - 2017-06-03 04:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 11:54 - 2017-06-03 04:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 11:54 - 2017-06-03 04:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 11:54 - 2017-06-03 04:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 11:54 - 2017-06-03 04:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 11:54 - 2017-06-03 04:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 11:54 - 2017-06-03 04:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 11:54 - 2017-06-03 04:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 11:54 - 2017-06-03 04:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 11:54 - 2017-06-03 04:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 11:54 - 2017-06-03 04:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 11:54 - 2017-06-03 04:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 11:54 - 2017-06-03 04:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 11:54 - 2017-06-03 04:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 11:54 - 2017-06-03 04:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 11:54 - 2017-06-03 04:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 11:54 - 2017-06-03 04:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 11:54 - 2017-06-03 04:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 11:54 - 2017-06-03 04:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 11:54 - 2017-06-03 04:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 11:54 - 2017-06-03 03:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 11:54 - 2017-06-03 03:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 11:54 - 2017-06-03 03:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 11:54 - 2017-06-03 03:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 11:54 - 2017-06-03 03:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 11:54 - 2017-06-03 03:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 11:53 - 2017-06-03 05:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 11:53 - 2017-06-03 05:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 11:53 - 2017-06-03 05:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 11:53 - 2017-06-03 05:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 11:53 - 2017-06-03 05:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 11:53 - 2017-06-03 05:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 11:53 - 2017-06-03 05:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 11:53 - 2017-06-03 05:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 11:53 - 2017-06-03 05:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 11:53 - 2017-06-03 05:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 11:53 - 2017-06-03 05:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 11:53 - 2017-06-03 04:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 11:53 - 2017-06-03 04:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 11:53 - 2017-06-03 04:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 11:53 - 2017-06-03 04:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 11:53 - 2017-06-03 04:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 11:53 - 2017-06-03 04:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 11:53 - 2017-06-03 04:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 11:53 - 2017-06-03 04:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 11:53 - 2017-06-03 04:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 11:53 - 2017-06-03 04:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 11:53 - 2017-06-03 04:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 11:53 - 2017-06-03 04:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 11:53 - 2017-06-03 03:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 11:53 - 2017-06-03 03:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 11:53 - 2017-06-03 03:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 11:53 - 2017-06-03 03:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 11:53 - 2017-06-03 03:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 16:54 - 2017-05-29 11:37 - 00127728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-07-10 15:23 - 2017-05-30 07:28 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-10 12:33 - 2017-05-29 12:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-10 10:44 - 2017-05-29 11:37 - 00000000 ____D C:\ProgramData\WRData
2017-07-08 23:15 - 2017-05-30 07:28 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-08 23:15 - 2017-05-30 07:27 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-08 10:30 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 13:41 - 2017-03-18 16:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 13:41 - 2013-06-29 01:16 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Packages
2017-07-02 06:08 - 2017-05-18 06:40 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Google
2017-07-02 06:07 - 2017-05-29 12:50 - 00000000 ____D C:\Users\Payton.Robinson
2017-07-02 06:06 - 2017-05-29 13:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 06:06 - 2017-03-18 06:40 - 02883584 _____ C:\WINDOWS\system32\config\BBI
2017-06-28 17:14 - 2013-06-29 01:41 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 11:19 - 2017-05-01 11:02 - 00000000 ___RD C:\Users\Payton.Robinson\Dropbox
2017-06-27 02:00 - 2014-07-29 12:43 - 00000000 ____D C:\ProgramData\Adobe
2017-06-26 13:47 - 2017-05-01 10:43 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-26 09:35 - 2017-05-29 14:22 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Adobe
2017-06-26 09:30 - 2013-07-23 02:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-26 09:29 - 2014-05-23 19:09 - 00000000 ____D C:\Program Files\Adobe
2017-06-26 09:26 - 2017-03-18 16:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-26 09:26 - 2015-12-20 04:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-26 09:10 - 2017-05-29 13:07 - 00942836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-24 20:36 - 2017-05-22 09:32 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\ElevatedDiagnostics
2017-06-24 06:05 - 2017-05-29 11:37 - 00182192 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-06-24 06:05 - 2017-05-29 11:37 - 00114672 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-06-22 21:38 - 2017-05-29 11:37 - 00066656 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-06-22 06:42 - 2017-05-29 14:26 - 00002444 _____ C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 06:42 - 2017-05-29 14:26 - 00000000 ___RD C:\Users\Payton.Robinson\OneDrive
2017-06-22 06:42 - 2017-05-29 13:05 - 00003298 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 18:49 - 2017-05-02 17:57 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Dashlane
2017-06-20 12:16 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-20 06:48 - 2017-05-18 06:43 - 00002033 _____ C:\Users\Payton.Robinson\Desktop\Dashlane.lnk
2017-06-20 06:48 - 2017-05-18 06:42 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-06-17 14:43 - 2015-08-18 13:56 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Comms
2017-06-17 13:40 - 2016-11-20 13:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-17 13:37 - 2017-05-29 12:47 - 05007328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-17 13:34 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-17 13:34 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-17 13:30 - 2013-07-23 03:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-17 13:30 - 2013-07-23 03:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-16 14:21 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-14 12:01 - 2013-08-14 14:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 11:59 - 2013-06-30 03:12 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 11:58 - 2017-03-18 15:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 11:57 - 2013-07-23 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 11:21 - 2017-05-29 13:05 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-13 11:21 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-10 19:27 - 2017-05-29 15:42 - 00000000 ____D C:\Windows.old
 
==================== Files in the root of some directories =======
 
2007-11-07 09:50 - 2007-11-07 09:50 - 1927956 _____ () C:\Program Files\VC_RED.cab
 
Some files in TEMP:
====================
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 18:59
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Payton.Robinson (10-07-2017 18:01:25)
Running from C:\Users\Payton.Robinson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1703 (X64) (2017-05-29 18:15:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1308803042-1448578824-3416181040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1308803042-1448578824-3416181040-503 - Limited - Disabled)
Guest (S-1-5-21-1308803042-1448578824-3416181040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1308803042-1448578824-3416181040-1020 - Limited - Enabled)
Payton.Robinson (S-1-5-21-1308803042-1448578824-3416181040-1001 - Administrator - Enabled) => C:\Users\Payton.Robinson
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{B73DADFD-55B4-2DB6-2A03-7162A7D5AC81}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Dashlane (HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Dashlane) (Version: 4.8.0.32091 - Dashlane, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Savage Lands (HKLM-x32\...\Steam App 307880) (Version:  - Signal Studios)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synergy (64-bit) (HKLM\...\{AFC0B660-3BC8-492B-A17C-338DBF633EFA}) (Version: 1.8.8 - Symless Ltd)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.17.24 - Webroot)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2017-06-24] (Webroot)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2017-06-24] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2EB1E0B0-2E2F-4789-BC35-9D11CD28B715} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-01] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {45FB85F5-87C3-42D4-B9BE-E1DB8B999FED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-01] (Google Inc.)
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60543861-0808-4403-A813-6BCAADD39F3B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-01] (Dropbox, Inc.)
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B35060F1-B32C-4A4E-A69C-0AA6B0276EB7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {BA05A48C-CF3E-4780-A7EE-00CEE7B4E43E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-krebs.don@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C5C4576C-3AFB-4206-9506-F8FE2D3640A4} - System32\Tasks\{31E70D97-DC32-4328-A836-86BEA5C610BC} => pcalua.exe -a "C:\Program Files\HWiNFO64\unins000.exe"
Task: {C6A6F7D3-B455-4531-A0CF-8AD02E48B223} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DA52309D-BC2F-42A6-8419-7DF7E1D8CE9F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-01] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe/cAMD-PC\Payton.Rob
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe/ua /installsource schedulerAMD-PC\Payton.Rob
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-16 13:23 - 2017-03-16 13:23 - 00017544 _____ () C:\Program Files\Synergy\synwinhk.DLL
2015-11-04 17:43 - 2015-11-04 17:43 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2017-05-30 07:27 - 2017-07-08 23:15 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-16 13:22 - 2017-03-16 13:22 - 00307848 _____ () C:\Program Files\Synergy\synergyd.exe
2017-03-18 15:58 - 2017-03-18 15:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 03:34 - 2017-06-21 03:35 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-28 17:14 - 2017-06-22 22:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-28 17:14 - 2017-06-22 22:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
2017-03-16 13:22 - 2017-03-16 13:22 - 01943176 _____ () C:\Program Files\Synergy\synergy.exe
2017-03-16 13:22 - 2017-03-16 13:22 - 00995976 _____ () C:\Program Files\Synergy\synergys.exe
2017-06-26 13:46 - 2017-06-26 05:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-26 13:46 - 2017-06-26 05:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-26 13:47 - 2017-06-26 05:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-26 13:46 - 2017-06-26 05:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-26 13:46 - 2017-06-26 05:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-26 13:47 - 2017-06-26 05:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-26 13:46 - 2017-06-26 05:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-26 13:46 - 2017-06-26 05:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-26 13:46 - 2017-06-26 05:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-26 13:47 - 2017-06-26 05:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-26 13:46 - 2017-06-26 05:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-26 13:47 - 2017-06-26 05:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-02 08:21 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\Payton.Robinson\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll
2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll
2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll
2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll
2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-05-29 13:01 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Payton.Robinson\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59509.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "WebCake Desktop"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "MPOptimizer"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Razer Comms"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Keyboard Inf."
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "MKLOL"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Clownfish"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D014BA51-2390-4173-9DB2-C9B2078A1C4A}] => (Allow) C:\Users\Payton.Robinson\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{4FE978B2-4FE9-42AD-8DFC-89989AD9C89B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{BAD34B52-1457-4C42-AF41-F5A1BC8EDCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{8D870230-DCA4-4E9E-BCDA-9892EE56199E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{90323EA3-05C7-45C9-8A3B-394FF658C41D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DE60193D-BC00-4335-8E12-80F57BDD7CDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{AE1C9A01-D272-4A31-B653-70ECEAA0866E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [UDP Query User{9EFDD2C7-793F-40D3-BDEE-87AE455C6EAA}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{4C2DE88C-2B8D-4265-BDCE-2A81E03C47AB}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{FA8502E3-C842-43A5-A177-62B3B74C193E}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{A2D32826-4EEB-4259-ACFA-43796BFA0507}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{24BD218C-7961-40D3-9E00-E1C521A00D52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{86312B68-12E8-43A7-8E95-696D9D2DCC3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{6F8B26D3-4044-4209-B69B-059C889120F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{5C671212-1C6E-4CB0-A68B-E8D2781A61A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{E9BA75AC-6983-40F9-8E70-DE52DC0563AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{71CB1560-5006-424C-B416-C333DC5BB636}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{BE2B13A3-8653-49CF-B392-137E84471E74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4EFA6C90-A1C7-49D5-B719-1A2B9D1C1F01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{8022F316-D3CD-494F-911C-29FEF512D4C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{F535C561-AFC0-4F5A-8515-D3DF86B4109C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [UDP Query User{ACE9527C-3597-4CC4-84C3-522543051538}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{A80AD0F8-F2ED-4128-878D-967B23295A79}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{4DAA0018-3C57-4C46-B681-6CB46C94CC09}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{A89647FC-43A3-457B-A1EA-8B59AA3C4DB9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E4A529C1-7F68-45B9-801B-9D803F9E70AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EB1AE00-1CEB-4450-BA04-B66AF71B53CD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6A042729-4541-4A7D-B342-6C4A253164E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8F3498BB-A80C-4335-86A1-9382A8194BA1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{322499EF-2FB6-46B5-AAA5-9DCD957B145D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{EA961284-31B5-4D4A-A881-4A07A4EF3B96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{AE3C26BA-DD10-4B5E-92F7-AF2E4A8F6F43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{E98740F7-AEDD-454D-9425-205519EDD2EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{7462E594-0AD8-470F-9A0D-295376927E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{5D664EB9-723E-457E-BF79-678732C11644}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [UDP Query User{11A92B57-7419-4B7D-BC54-AD2763A3E6AB}C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{07CBCB3E-E172-4362-B643-000862902927}C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe
FirewallRules: [{86A9B0A3-3CA0-4E3C-8BBE-D0542DDF2724}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{101B85DA-5966-43F1-9EE8-C66B2D1C4DD3}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{DEA3A0C7-8147-4603-95B1-9B25E5F5A5C1}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{4DCBB91B-B94F-4D5A-9148-7BE5CB40911F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{E851C8CA-89EC-4EC2-A962-A21845A31AB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1B1E5426-5544-46CA-B8C4-7A3C19417BD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C9157F6F-AD94-4210-8B06-979B48D62E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5BC72033-5F85-4473-BA9A-85C14B25F59D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{B7E138F6-1020-46EE-9EA3-7BAB738B1E61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{30CC3B6A-B8C6-47A7-865C-C45AD2840D41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{4AEA3E42-6631-413E-A058-9D3E5D0E825C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5419ECB0-03F2-4CC6-8B04-8D24FC522B1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{F1DCE735-AB87-4A2A-A5D7-CBF1D4717285}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{03D49F25-9A9D-487A-B0CD-CE6CF1291D23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{463063B3-C3BB-4FEF-9EB0-FF2328486623}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD2B37B5-0F13-4160-9FB3-60029931242F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{15D23EE6-1D75-4892-8C56-CC827AFFCA67}] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{C3650A4D-9E59-40C2-A4B1-E36468494C24}] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [UDP Query User{4AFC2F0C-41AE-4B6A-8441-2A9535870185}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [TCP Query User{32669590-9CFA-4CAE-A9CB-B8F22178B2C7}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{DD53A688-AEE0-443F-885E-CDD243BA0C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{ED09D16E-0E39-4D63-A836-0B060A8C2136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [UDP Query User{AEFA8BB4-25A2-4A3D-A29D-4A735061D2E3}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{F040BFEE-6332-4FCA-A3A3-6AC5F4F84FBF}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{733A0215-6507-4EB6-8471-9814BF43BBDA}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{4CA912DE-3DB6-4673-9857-1D6E5EA4402A}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{3268376F-F828-47AC-9A8D-F1557D10C46A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{11DAB4AC-A4EE-4DE5-B8DE-966A78927A66}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [UDP Query User{80BA54F6-B5DA-4FA0-8E18-72A8CA77FB6B}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{294299D8-1505-4738-BF0E-F07450E36BF2}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EF3450A4-3713-4874-B4F8-09C4EB9BD29C}C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{FB8FFE78-E856-41A7-A01E-7AA75070066E}C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{8647B0C8-3B02-498E-B2B6-EE1AD07D8083}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [TCP Query User{A11DD996-681D-4841-8779-4A31092D96AA}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [UDP Query User{78C3DD64-32A4-404D-AB90-FA2EDE77E54C}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{AF1EAA0C-4882-4D22-9970-EA0C0875A34E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{351B666B-3260-4239-A3C8-0D90F0A92C37}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [{ED32E3F1-451D-4970-80C9-521157F6FA6E}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [UDP Query User{302A1A61-83F5-4F7C-831C-B7284C086EDE}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{3921F2D7-58DF-418B-8F97-FF965A6484EF}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{446C3BD9-39C3-4D2C-AA6B-457483383FAD}C:\users\payton.robinson\downloads\dayzrp.exe] => (Allow) C:\users\payton.robinson\downloads\dayzrp.exe
FirewallRules: [TCP Query User{77E96B77-9D36-418C-B590-95D93936ED32}C:\users\payton.robinson\downloads\dayzrp.exe] => (Allow) C:\users\payton.robinson\downloads\dayzrp.exe
FirewallRules: [UDP Query User{FCFCEDEC-025F-46A0-9B2F-080F1F0AF0BB}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe
FirewallRules: [TCP Query User{739D914F-7B4F-4EA6-8BF8-FF35C80E37FD}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe
FirewallRules: [{A26F8E44-CA62-44C3-B528-5814B3ED22A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Combat Arms\NMService.exe
FirewallRules: [{8C75D374-CF4F-4F67-B33F-0B473178F6EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Combat Arms\NMService.exe
FirewallRules: [UDP Query User{19E59E0C-1134-406E-8052-2E2CA38397D6}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{321534E6-1DCA-4B03-AFDA-FE7EF25A3AA3}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{9A092009-1DE3-4A00-83E1-F7BAC21188A6}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{5B46BB29-59EF-44DE-8C75-9CF20E65223C}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{74C2A116-5DED-4337-AE0B-4BEBDAB52324}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09CC3E8B-F712-4C07-A902-141AEEDF538B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B00F8E0-0C5A-4C9E-9632-FAB8537F826F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E856DFC5-2240-4474-8FDD-A032BF1DA77B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A8CB2ED-1BE3-430B-A804-9C43ECC55AF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{2A17F22F-0E56-455A-ABDF-01771F801AB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{4203399F-29C3-4AC7-87B7-6EC60B8C8A56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{A74C264F-9184-4F7B-A5F1-5B57996A3D22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{F530D825-7C85-420D-87E0-9646B1C402D9}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{C6A35A59-9DB5-478D-9AAF-09CBD98041BC}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{B07FF44D-2FBC-4BA7-90C1-E907EFCE1C6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{8773C915-14CB-401B-A0E6-5572884B9A24}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{BD43FAC6-38FA-46FA-8DC2-A15969225B73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5DE8FB85-D3D0-4C38-938E-FCD1A5BB89E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{08EFF783-3DD5-42AF-828A-05A97E85ACB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{481518C9-3E84-41F4-BBF7-0F5BFA6ECD09}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0641B3BC-FC46-4424-A861-A4C1C350180E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8AA8DC5-C27E-4334-A3BC-BCE69EFCA3D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4E9315F2-E478-45C8-8297-3A0E85927F16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{71C0A9F0-F972-4DAC-A313-5D3F21681139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{B72E2DCB-EDF5-42CA-8388-06C158BCFBC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A59D3BDA-1F7A-47E7-A9D9-CAEA78AB7152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [UDP Query User{9E1556C1-E2D6-4113-9DC8-48BFB653AB16}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8D7423F3-6B21-4D88-ACEA-8388E59572A7}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2131FCD-68B8-4B4F-A634-3565BD1C8864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B11F4F7C-8F71-446E-9B57-80223466A6A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B197E345-296F-4C70-9990-75CC2060B7B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{30C7D3FC-0277-4386-9BCE-3F08A4FF9273}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [UDP Query User{29A9BA36-01C8-44F4-A94E-85CE3F2C29D4}C:\2-click run\terraria v1.2.1.2\terrariaserver.exe] => (Allow) C:\2-click run\terraria v1.2.1.2\terrariaserver.exe
FirewallRules: [TCP Query User{9694AF32-E29C-4E82-B2D3-516DEABF34E6}C:\2-click run\terraria v1.2.1.2\terrariaserver.exe] => (Allow) C:\2-click run\terraria v1.2.1.2\terrariaserver.exe
FirewallRules: [UDP Query User{6E1B536E-0F85-4557-8C62-2812E8D864A8}C:\users\payton.robinson\desktop\content\terrariaserver.exe] => (Allow) C:\users\payton.robinson\desktop\content\terrariaserver.exe
FirewallRules: [TCP Query User{16A8B0A6-3B83-4F83-90F5-F9C9190947E8}C:\users\payton.robinson\desktop\content\terrariaserver.exe] => (Allow) C:\users\payton.robinson\desktop\content\terrariaserver.exe
FirewallRules: [UDP Query User{601A1343-5BB4-47C9-88AC-376F88D4D6CD}C:\programdata\battle.net\agent\agent.beta.2638\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2638\agent.exe
FirewallRules: [TCP Query User{22518C13-B180-47DC-A927-105774255689}C:\programdata\battle.net\agent\agent.beta.2638\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2638\agent.exe
FirewallRules: [UDP Query User{E2C9204E-60B9-49E6-93A4-CD36EAAC366F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [TCP Query User{843E4F06-0952-40F4-8E98-ACD0950B7202}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{49A174C3-B60A-4B1B-943D-D594AC415C3F}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [TCP Query User{5FBE7704-8427-4E1A-8C81-3C312B0433E5}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{02A15BF9-6098-462D-A7C8-5EA530B27E82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{970EAC32-EC46-4D3D-A80E-397F2E657064}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{E47123D8-A100-4744-9A03-B50008ACCBB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{72A15255-061E-44C5-A95C-DB25717A9CC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [UDP Query User{03A38E92-A737-4FE3-A666-A8CD546A8913}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{5D9A00AF-4812-46F8-8153-586C81470AB6}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{8239CB73-7CA3-4C3D-B89E-AB8F9D5E04EA}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{21B69C50-A8FB-43A8-AD7C-AC64AB0E7E15}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{0C05BD43-E01D-4067-8CEF-79A7C1CD0BF1}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{00AD49DC-2647-4CBA-8A35-1C76997A3A61}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{D1501FB3-DEC6-4188-B6E5-8CE8E05E054C}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{D3BA6BE4-F981-4BB7-B56A-793D03C8C615}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [UDP Query User{75220A3C-0A52-4001-BA43-8442554E018D}C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{52D18553-7621-4AD8-AAC6-B023EE7ADBC1}C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{93F913E7-ED60-4D7F-9DEC-B532AFDDCF7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{BD08C58D-5876-4A74-992F-6C4864538576}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{5A1A70E7-EF20-47B6-805E-78532C4DD431}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{8B138934-684B-458B-9EA0-91A78C1D3BCA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{3A1F8EE8-B148-42C1-8AEC-EE1B224A100F}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C2B60C57-F3F0-4F0D-A68C-CEF32F2B6142}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{8D391534-C754-4828-98C9-9248152ACE1D}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{926F9D50-18B0-4914-8DCE-C0309FFFF975}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{3471E80B-2D53-4C35-994B-03D0558AA8FF}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{F18E1AAA-586C-4A58-AFD4-4B183294FEE3}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [UDP Query User{C325E1B6-888A-4F14-88DC-07ACA504AB7F}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe
FirewallRules: [TCP Query User{150A8A9A-46D1-4E88-8C2F-ED02EB3E6C24}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe
FirewallRules: [{6EE89C4C-7570-4806-9B3E-42A967AA66F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{316E992B-208D-450E-8C2A-D868763D40C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{4E51CB02-02A7-4C5C-B29C-D56BEF8ECF96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{CE2C6D0F-5030-4447-AD42-117298CA3CF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{4B792B9E-D377-4411-B397-275CFC291744}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{F28D51AF-F59D-40E0-992F-8CC0631C05FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{01E819B8-BD90-4F64-BE52-144D0DF67065}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8A37B60C-43FC-4FB1-B089-2F4F6BB63E1F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0347F854-6861-4988-AB33-97C477D28E9D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E94FBF46-F923-49B5-A452-867ED4A1E5E5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1949A683-0796-4AEC-94C1-09EB5DD69B56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{2CDA2573-2248-4581-94F8-11DE92A6F68E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [UDP Query User{7FCAB30C-9D8B-4F3B-8676-745E9F37951A}C:\programdata\battle.net\agent\agent.2328\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2328\agent.exe
FirewallRules: [TCP Query User{5085A18C-A244-4566-BDFE-767F5ED4BD0F}C:\programdata\battle.net\agent\agent.2328\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2328\agent.exe
FirewallRules: [UDP Query User{5A09421E-FB18-4FAD-B4E1-3AFE73E45FE1}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{98EED637-95B5-4B59-B407-F59AE8558BB1}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{E510512D-ECF1-4171-A84B-C702EBB218B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{033E3C8B-99DB-4D3B-9C9A-95E002158512}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{D510E283-81E0-4007-BCA3-AD2283FE804F}] => (Allow) C:\Users\Payton.Robinson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6288E4C3-9D62-4041-BC1F-5544AC651F00}] => (Allow) C:\Users\Payton.Robinson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A76E8567-B60B-4538-B702-9AA1B986A2CE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2F66655A-7269-4BDA-9449-56194BCC7C01}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [UDP Query User{0486E3F7-1F0B-443A-A32F-31F8DE3EE6E3}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [TCP Query User{814860A7-9376-4CE7-8968-E393C5932EE6}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{3C5EEB07-2F89-43C6-A719-41D6B843AFF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{A1C0EB29-16F1-419E-B669-55D123E6593B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2038DC6E-17BC-4DC3-8EE7-BCB9DC1B41D4}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{910FA6F7-1FD2-487F-93E4-A454B0FD8399}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{ECFBC2B7-29DA-4222-862D-C9E341B81E86}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{A4333730-DE47-4F74-A904-0EB723458B2B}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{0439F260-CED2-4B58-9BD1-E9F0DA3B8C07}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C4C5F5FE-4CB4-414E-99AE-859ABA6C05C6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{B1CB9AE6-23A1-49BF-B86E-2F74255FA841}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7D60A851-66A9-4B4D-A494-A0D3D04F39DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0EDA8E8C-7675-4D2D-BA51-63F2CD89191E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{BB17C658-137C-4654-B214-5CFF847BD4CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D481BC14-9EF3-4D2E-9D77-E08BF9E64574}] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [{BA5DEDA9-2B6A-4391-9B53-442D6315C386}] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{70938DB4-4F10-4954-BA57-A4FF71E3C65B}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [TCP Query User{B7A184E0-3C22-4586-9EE1-1BA8B76C3EF8}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{752B368A-D010-4065-AA99-0F4D14CB8053}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{7909FEC8-0757-4B23-9B46-820EC3E6CF38}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D08B771D-E8FC-4521-AB53-A4F8024E6779}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{AA97D7FF-7E2C-46B2-98BA-CBA685D7BE1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [UDP Query User{97C9DCD8-07FC-491C-AB67-1B3417304AE4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3AD77A3F-A41A-4C0E-8452-D5B9EAD2B083}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{664E85DA-AD3C-4CFE-A678-E4FF2DA8A79F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{CAB2E43D-01AE-4A95-97DB-856746682C54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [UDP Query User{0719E8F5-C4B1-4639-9650-DDB32A10BD49}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{0F5B0064-969B-49D9-A200-EAD1EA0B35E4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{8CBDFA87-D3D7-4DAF-8E55-58B9752FE2E8}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{18DAACF3-65F7-4EAA-866F-0D402DBBBA9B}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B9DB3AB4-750A-49CA-8C4A-DA6B3B334857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{AB1DD614-F858-4CEE-BD7D-C40B7B60BA76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [UDP Query User{30102388-E974-4041-B344-2FCE15F5A16D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1D3B9AF0-615F-4C48-B84D-BD76B882B3F1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A174B5ED-94B3-4824-AFF7-C3412A39E348}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{05A01104-9A4B-46AE-89DA-6FFFAFF317D8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{0004E950-9511-419E-BBAF-379BC4AF6541}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{550A16C6-B570-425A-B898-6D319EC46F47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [UDP Query User{00455FDE-D4EB-4B9A-9C7A-26C78057DA66}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CC2AC06C-FA93-455A-A366-87E652ADDD2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DF003C9E-E7A3-41DB-8A98-868971146FD8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{63B5C8FA-6E96-46BE-A92B-B6D5EDB8E94A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5750DC9-E993-4DA2-B54C-5A912CC51319}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{1A44DB45-755F-45F2-8BC3-CA77B3689100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{729EA82B-8320-4990-B9ED-184FC3CA61D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{04443A25-8ADA-4297-8490-FC7DA8F37CC0}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{0E45F71D-F3DA-4730-BAFE-AC83E48D9DFF}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{5C869061-6B2F-4614-8D32-328B14C2C3B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{92B194C4-6A10-4942-B2C4-5225881EE38B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{EB36EAEF-D5F1-4092-B540-03D7F82BACD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A5A3B057-F597-4E85-923D-75349A1B05ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C6B82558-E47F-4CAC-AEA7-6A04FE95A180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{BD50B4C3-9927-4736-8860-A7A86497E3BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4A350096-E72E-42B8-83D0-A544C4E6F5B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{88BF0F69-207D-42F6-A2D4-4568D5A4E664}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{CA5A050F-3C40-4FB5-9BE6-92025CF59757}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{A0F23315-EFDA-4FF7-9B31-78666491E46E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{48B1B94B-B8C7-4C8C-B1EC-34FD9FB57CE0}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{3AA9B540-AD20-4D15-9DD6-81C4A88AFD08}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{3DCA6B20-E8E9-43E4-95D5-BE2962861DA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{876CCB26-3248-47F1-9CC2-51A275765066}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{8AFE725A-6DD0-4694-AA77-BE603188374A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D8A58692-9318-457C-B437-ABBF64F5486A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{142475D7-3BB3-4159-90BA-2DC2BF943202}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{C461B886-F38F-4305-BFF5-B8C8C0941C19}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{365976C8-9D12-491A-AF42-0D756052C869}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{D68E9E4E-0F53-4687-B48A-F001791ECAF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{FF5FF168-4551-4EF3-A479-A8DC905BAB48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{C2E6D2C9-EF69-45F4-9E12-3B6EA279D7DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{5623CA7C-4EED-4082-BCF0-934CC48F6508}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{1BFBE860-25B0-4E61-A7A8-ED366C9B6BEC}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{B7684767-F3CC-4400-BB25-D2AE89BF2FF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{AA51B509-500A-47B6-8218-0661FA7DAE6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{CD7DEBC5-B189-461A-AEDD-EBCB419BEBF9}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{A2167199-4D1A-4DE5-948E-F7347BD70EEA}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{C108D0B3-1B35-458B-A2FE-5569D08C9509}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F3F32E99-0229-46EA-A4C9-3A25EAD31E08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5CDE45DF-DA63-4BC0-B4A3-C1C1344524C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{C3EDF6E1-C5A1-41FA-88FC-9C5BF25E9A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{E069C91E-045C-4CAE-BC5B-5C5F5D50410C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{BDC3C97C-BC7C-461A-8782-2F99B7E790AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{ADE8FE12-40C2-4068-B0D8-ACA8CFD85984}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{B4FC9DE2-CAB3-4770-B1C1-03D664F033E2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{D573E2B6-79C4-4291-8BAE-A92C4625FF9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{65927921-C360-48E6-B2D4-9355CBA06723}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [TCP Query User{01820B45-0FDB-4AC8-9995-1F853F2D80AE}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{003D08BF-EA7A-4FEB-95C2-1CAB2FF6133C}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8356E730-415E-427F-92BC-0ACF0CD36E95}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{269C1A4A-FF1C-40D6-BFAF-95B6F448563A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C0B99905-0A59-46F4-A0D6-B7A9517E972F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FDDD5A5C-2B08-4C92-B5BE-2107E36667DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8B222FC8-EE3E-417D-96D7-0A1D82FB3EBB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F436BB61-3D39-4873-B0E5-BE70008F4D84}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{265A5D96-08D7-4085-9744-0EB3DF978D8D}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [{E4ABA1B5-BB72-43D6-AC55-D6536E63174C}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [TCP Query User{B5A2B4BF-9FA1-48EC-8649-1F67E6A83274}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{F2934122-D3A9-461A-BB82-8BF830B39E6A}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{434A7DD9-4BEF-4F9C-931E-D840CE034702}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{B5B7DD43-7103-4D03-BE68-AF7066AAC157}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{2C4E9B7B-A116-49F9-BD1B-3A3279CEA189}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{72DA3B0F-6545-47E7-B8DF-5FE3B3596CD6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BF07A0F5-0D8D-4BAF-9AB4-06A4BB13E02E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A18164BA-3781-4910-B3D1-6D232B3AB095}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E534C725-7426-41F2-8886-4300582EFFCD}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{15B2EC3E-5B3A-42C3-85B4-2AF714177071}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{A18795AF-2803-42C5-95A9-6626414B8066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{887A44DC-D190-4F47-B1E7-129B68B40A19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B2CC5039-5986-470E-8DB2-264434973EA2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2565E1E1-08C4-4E67-9B12-F232DE45DE72}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{AD00C781-6268-4D0C-B999-B1BCED8D21EF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{183E270F-F281-422C-A29C-8451AB8E789F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{CF669118-7C28-4549-81DA-36C2268E9594}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{794A3028-E45D-4F8D-97A7-8A25FC63D81E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1A3587C8-76B9-49B4-A07D-0C102FB92828}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{BB7CAA9A-3D8A-4CE7-95F3-0553FF869C38}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{F5B0A038-7462-4842-873C-73C36E8E8700}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E48E5C1A-4EB8-46B5-8AA8-CE3C2A65A37A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5EB48938-1603-432D-BBA9-DA216DA3FB5B}C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe
FirewallRules: [UDP Query User{711C97F5-81F4-472A-99B7-8DDAAE249661}C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe
FirewallRules: [TCP Query User{0F3146D8-3B43-4D0A-B6A5-996E9DDB6B71}C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{7FABCD07-B4D6-4AA9-B3E6-6C0B176F077B}C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [{122EEA4E-C2EE-4913-9372-CE10DA594ED6}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{90F21148-FC4A-41FB-99EF-AA9550A042B5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8130541F-69EC-4117-92C6-15FBD493D46E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-06-2017 12:30:58 Scheduled Checkpoint
26-06-2017 09:26:01 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
26-06-2017 09:26:22 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
04-07-2017 11:18:53 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/10/2017 04:52:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2017 06:34:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2017 06:10:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/02/2017 06:07:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
 
Error: (07/02/2017 06:06:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (06/26/2017 09:10:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/26/2017 09:04:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
 
Error: (06/26/2017 09:04:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (06/26/2017 09:01:20 AM) (Source: DCOM) (EventID: 10010) (User: JANGALANG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
Error: (06/26/2017 09:01:20 AM) (Source: DCOM) (EventID: 10010) (User: JANGALANG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-10 18:08:50.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 18:03:50.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:58:50.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:57:03.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:56:34.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:55:56.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:53:50.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:48:50.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:43:50.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:38:50.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 86%
Total physical RAM: 7919.24 MB
Available physical RAM: 1077.61 MB
Total Virtual: 14239 MB
Available Virtual: 2121.1 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:455.65 GB) (Free:261.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A866108)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
 
 


While using up to date Windows 10 with WebRoot and Malwarebytes, running Chrome, an image popped up covering the screen. the text reads in part:

microsoft-computer-error.com says:

 

Your computer is in blocked sate.

SYSTEM WARNING:

DO NOT PRESS ANY KEY UNTIL YOU KNOW SAFE SIDE INSTRUCTIONS. ( blaa, blaa, blaa)

I found a tutorial here on Bleeping Computer that begins with stopping a process using Task Manager, but when I found the process does not show on my computer, I came to the forum for help.  
Below are the logs from FIRST and ADDITION:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Payton.Robinson (administrator) on JANGALANG (10-07-2017 17:59:29)
Running from C:\Users\Payton.Robinson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Payton.Robinson (Available Profiles: Payton.Robinson)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Synergy\synergyd.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dashlane, Inc.) C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane, Inc.) C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Synergy\synergy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\Synergy\synergys.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1053880 2017-06-24] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013200 2015-12-18] (Valve Corporation)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [Dashlane] => C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-06-09] (Dashlane, Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [DashlanePlugin] => C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-06-09] (Dashlane, Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Run: [GoogleChromeAutoLaunch_E45331950B692180895AF9B74C5AFB67] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{56cce3c5-d765-4d5c-b0e3-8c44bb123f14}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a538518c-8264-4753-a5e3-0ff4273e612a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001 -> {387B7F07-3CAC-4026-965D-27E71104E8CD} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=09f9f54dfa7e42bcac8b76d12bf3d7c6&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&r=481
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-06-09] (Dashlane, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-06] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-22] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-06] (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Payton.Robinson\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-06-09] (Dashlane, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
Edge: 
======
Edge Extension: (No Name) -> 9nblggh4x0qw_EvernoteEvernoteWebClipper_q4d96b2w5wcc2 => C:\Program Files\WindowsApps\Evernote.EvernoteWebClipper_6.12.1.0_neutral__q4d96b2w5wcc2 [2017-06-20]
 
FireFox:
========
FF DefaultProfile: krebs.don@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?pli=1#inbox","hxxps://www.facebook.com/KringleKrebs","chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/homelocal2.html","hxxps://www.google.com/settings/personalinfo","hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR NewTab: Default ->  Active:"chrome-extension://ncdfeghkpohnalmpblddmnppfooljekh/core/newpage-pop.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Slides) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-18]
CHR Extension: (Google Docs) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-18]
CHR Extension: (Google Drive) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-18]
CHR Extension: (Google Groups) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2017-06-28]
CHR Extension: (ColorZilla) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-06-28]
CHR Extension: (YouTube) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-18]
CHR Extension: (Bing) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2017-05-18]
CHR Extension: (Honey) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-02]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2017-06-28]
CHR Extension: (High Contrast) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-06-28]
CHR Extension: (Dropbox for Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-06-05]
CHR Extension: (Gmail Offline) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-06-28]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-07-03]
CHR Extension: (Google Sheets) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
CHR Extension: (AdBlock) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-28]
CHR Extension: (MusixHub Start) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan [2017-07-02]
CHR Extension: (Save to Google Drive) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-06-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-07-06]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2017-06-28]
CHR Extension: (Notifier for Twitter) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2017-06-28]
CHR Extension: (Dropbox) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2017-06-28]
CHR Extension: (Interrobang) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmlnjjmjkbeolfilplmajdjbmmopoll [2017-06-28]
CHR Extension: (Page Ruler) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2017-06-28]
CHR Extension: (WeatherBlink) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2017-07-02]
CHR Extension: (Local Bank Serving San Antonio, TX & ...) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnofigkkhgonnmbpijbllcpphkjfcigm [2017-06-28]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-05-29]
CHR Extension: (RT News) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2017-06-28]
CHR Extension: (Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2017-06-28]
CHR Extension: (Google Hangouts) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-06-28]
CHR Extension: (WorkFlowy) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2017-06-28]
CHR Extension: (Google Play) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-06-28]
CHR Extension: (Evernote Web) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2017-06-28]
CHR Extension: (HTML5 Responsive Animator) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkiefejkflopfbagflkahaakmfjjdbd [2017-06-28]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-07-02]
CHR Extension: (FromDocToPDF) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-06-28]
CHR Extension: (Boomerang for Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-06-28]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2017-07-02]
CHR Extension: (Google Hangouts) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-06-28]
CHR Extension: (LastPass Vault) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2017-06-28]
CHR Extension: (AVG Secure Search) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-18]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-06-28]
CHR Extension: (HubSpot Sales) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-07-07]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-07-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-29]
CHR Extension: (Gmail) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-02]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-08-27] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-11] ()
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-10-29] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [307848 2017-03-16] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1053880 2017-06-24] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 athur; C:\WINDOWS\system32\DRIVERS\athurx.sys [1724416 2010-10-10] (Atheros Communications, Inc.) [File not signed]
S3 hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2014-06-23] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-10] (Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [127728 2017-07-10] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66656 2017-06-22] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 17:59 - 2017-07-10 17:59 - 00000000 ____D C:\FRST
2017-06-28 10:46 - 2017-06-28 10:46 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-28 10:44 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Google
2017-06-26 13:47 - 2017-06-26 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-26 09:35 - 2017-06-26 09:35 - 00003672 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-krebs.don@gmail.com
2017-06-26 09:34 - 2017-06-26 09:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-26 09:33 - 2017-06-26 09:33 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 14.lnk
2017-06-26 09:33 - 2017-06-26 09:33 - 00001218 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 14.lnk
2017-06-26 09:26 - 2013-09-03 05:01 - 00056336 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2017-06-26 09:26 - 2012-04-24 05:01 - 00011376 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2017-06-26 09:26 - 2012-04-24 05:01 - 00010864 ____N (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2017-06-26 09:18 - 2017-06-26 09:18 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Macromedia
2017-06-26 09:17 - 2017-07-10 02:00 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Adobe
2017-06-26 09:14 - 2017-06-26 09:17 - 00000000 ____D C:\Users\krebs\AdobeElements14
2017-06-26 08:58 - 2017-06-26 08:58 - 00000000 ____D C:\Users\krebs\ReadMe
2017-06-26 08:56 - 2017-06-26 08:58 - 00000000 ____D C:\Users\krebs\PSE 14
2017-06-26 08:55 - 2017-06-26 09:14 - 00000000 ____D C:\Users\krebs
2017-06-26 08:12 - 2017-06-26 08:44 - 1454644648 _____ (Adobe Systems Incorporated) C:\Users\Payton.Robinson\Downloads\PhotoshopElements_14_LS28_win64.exe
2017-06-26 05:27 - 2017-06-26 05:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-22 06:41 - 2017-06-22 06:41 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Skype
2017-06-17 13:41 - 2017-06-17 14:47 - 00000000 ____D C:\Users\Payton.Robinson\AppData\LocalLow\BitTorrent
2017-06-14 11:54 - 2017-06-03 05:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 11:54 - 2017-06-03 05:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 11:54 - 2017-06-03 05:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 11:54 - 2017-06-03 05:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 11:54 - 2017-06-03 05:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 11:54 - 2017-06-03 04:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 11:54 - 2017-06-03 04:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 11:54 - 2017-06-03 04:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 11:54 - 2017-06-03 04:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 11:54 - 2017-06-03 04:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 11:54 - 2017-06-03 04:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 11:54 - 2017-06-03 04:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 11:54 - 2017-06-03 04:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 11:54 - 2017-06-03 04:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 11:54 - 2017-06-03 04:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 11:54 - 2017-06-03 04:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 11:54 - 2017-06-03 04:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 11:54 - 2017-06-03 04:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 11:54 - 2017-06-03 04:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 11:54 - 2017-06-03 04:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 11:54 - 2017-06-03 04:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 11:54 - 2017-06-03 04:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 11:54 - 2017-06-03 04:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 11:54 - 2017-06-03 04:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 11:54 - 2017-06-03 04:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 11:54 - 2017-06-03 04:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 11:54 - 2017-06-03 04:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 11:54 - 2017-06-03 04:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 11:54 - 2017-06-03 04:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 11:54 - 2017-06-03 04:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 11:54 - 2017-06-03 04:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 11:54 - 2017-06-03 04:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 11:54 - 2017-06-03 04:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 11:54 - 2017-06-03 04:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 11:54 - 2017-06-03 04:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 11:54 - 2017-06-03 04:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 11:54 - 2017-06-03 04:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 11:54 - 2017-06-03 04:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 11:54 - 2017-06-03 03:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 11:54 - 2017-06-03 03:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 11:54 - 2017-06-03 03:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 11:54 - 2017-06-03 03:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 11:54 - 2017-06-03 03:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 11:54 - 2017-06-03 03:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 11:54 - 2017-06-03 03:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 11:54 - 2017-06-03 03:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 11:54 - 2017-06-03 03:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 11:54 - 2017-06-03 03:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 11:53 - 2017-06-03 05:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 11:53 - 2017-06-03 05:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 11:53 - 2017-06-03 05:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 11:53 - 2017-06-03 05:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 11:53 - 2017-06-03 05:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 11:53 - 2017-06-03 05:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 11:53 - 2017-06-03 05:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 11:53 - 2017-06-03 05:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 11:53 - 2017-06-03 05:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 11:53 - 2017-06-03 05:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 11:53 - 2017-06-03 05:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 11:53 - 2017-06-03 04:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 11:53 - 2017-06-03 04:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 11:53 - 2017-06-03 04:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 11:53 - 2017-06-03 04:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 11:53 - 2017-06-03 04:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 11:53 - 2017-06-03 04:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 11:53 - 2017-06-03 04:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 11:53 - 2017-06-03 04:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 11:53 - 2017-06-03 04:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 11:53 - 2017-06-03 04:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 11:53 - 2017-06-03 04:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 11:53 - 2017-06-03 04:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 11:53 - 2017-06-03 04:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 11:53 - 2017-06-03 04:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 11:53 - 2017-06-03 03:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 11:53 - 2017-06-03 03:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 11:53 - 2017-06-03 03:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 11:53 - 2017-06-03 03:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 11:53 - 2017-06-03 03:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 16:54 - 2017-05-29 11:37 - 00127728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-07-10 15:23 - 2017-05-30 07:28 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-10 12:33 - 2017-05-29 12:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-10 10:44 - 2017-05-29 11:37 - 00000000 ____D C:\ProgramData\WRData
2017-07-08 23:15 - 2017-05-30 07:28 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-08 23:15 - 2017-05-30 07:28 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-08 23:15 - 2017-05-30 07:27 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-08 10:30 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 13:41 - 2017-03-18 16:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 13:41 - 2013-06-29 01:16 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Packages
2017-07-02 06:08 - 2017-05-18 06:40 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Google
2017-07-02 06:07 - 2017-05-29 12:50 - 00000000 ____D C:\Users\Payton.Robinson
2017-07-02 06:06 - 2017-05-29 13:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 06:06 - 2017-03-18 06:40 - 02883584 _____ C:\WINDOWS\system32\config\BBI
2017-06-28 17:14 - 2013-06-29 01:41 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 11:19 - 2017-05-01 11:02 - 00000000 ___RD C:\Users\Payton.Robinson\Dropbox
2017-06-27 02:00 - 2014-07-29 12:43 - 00000000 ____D C:\ProgramData\Adobe
2017-06-26 13:47 - 2017-05-01 10:43 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-26 09:35 - 2017-05-29 14:22 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Adobe
2017-06-26 09:30 - 2013-07-23 02:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-26 09:29 - 2014-05-23 19:09 - 00000000 ____D C:\Program Files\Adobe
2017-06-26 09:26 - 2017-03-18 16:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-26 09:26 - 2015-12-20 04:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-26 09:10 - 2017-05-29 13:07 - 00942836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-24 20:36 - 2017-05-22 09:32 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\ElevatedDiagnostics
2017-06-24 06:05 - 2017-05-29 11:37 - 00182192 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-06-24 06:05 - 2017-05-29 11:37 - 00114672 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-06-22 21:38 - 2017-05-29 11:37 - 00066656 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-06-22 06:42 - 2017-05-29 14:26 - 00002444 _____ C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 06:42 - 2017-05-29 14:26 - 00000000 ___RD C:\Users\Payton.Robinson\OneDrive
2017-06-22 06:42 - 2017-05-29 13:05 - 00003298 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 18:49 - 2017-05-02 17:57 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Dashlane
2017-06-20 12:16 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-20 06:48 - 2017-05-18 06:43 - 00002033 _____ C:\Users\Payton.Robinson\Desktop\Dashlane.lnk
2017-06-20 06:48 - 2017-05-18 06:42 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-06-17 14:43 - 2015-08-18 13:56 - 00000000 ____D C:\Users\Payton.Robinson\AppData\Local\Comms
2017-06-17 13:40 - 2016-11-20 13:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-17 13:37 - 2017-05-29 12:47 - 05007328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-17 13:34 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-17 13:34 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-17 13:30 - 2013-07-23 03:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-17 13:30 - 2013-07-23 03:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-16 14:21 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-14 12:01 - 2013-08-14 14:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 11:59 - 2013-06-30 03:12 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 11:58 - 2017-03-18 15:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 11:57 - 2013-07-23 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 11:21 - 2017-05-29 13:05 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-13 11:21 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-10 19:27 - 2017-05-29 15:42 - 00000000 ____D C:\Windows.old
 
==================== Files in the root of some directories =======
 
2007-11-07 09:50 - 2007-11-07 09:50 - 1927956 _____ () C:\Program Files\VC_RED.cab
 
Some files in TEMP:
====================
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 18:59
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Payton.Robinson (10-07-2017 18:01:25)
Running from C:\Users\Payton.Robinson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1703 (X64) (2017-05-29 18:15:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1308803042-1448578824-3416181040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1308803042-1448578824-3416181040-503 - Limited - Disabled)
Guest (S-1-5-21-1308803042-1448578824-3416181040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1308803042-1448578824-3416181040-1020 - Limited - Enabled)
Payton.Robinson (S-1-5-21-1308803042-1448578824-3416181040-1001 - Administrator - Enabled) => C:\Users\Payton.Robinson
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{B73DADFD-55B4-2DB6-2A03-7162A7D5AC81}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Dashlane (HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\Dashlane) (Version: 4.8.0.32091 - Dashlane, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Savage Lands (HKLM-x32\...\Steam App 307880) (Version:  - Signal Studios)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synergy (64-bit) (HKLM\...\{AFC0B660-3BC8-492B-A17C-338DBF633EFA}) (Version: 1.8.8 - Symless Ltd)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.17.24 - Webroot)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2017-06-24] (Webroot)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2017-06-24] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2EB1E0B0-2E2F-4789-BC35-9D11CD28B715} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-01] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {45FB85F5-87C3-42D4-B9BE-E1DB8B999FED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-01] (Google Inc.)
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60543861-0808-4403-A813-6BCAADD39F3B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-01] (Dropbox, Inc.)
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B35060F1-B32C-4A4E-A69C-0AA6B0276EB7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {BA05A48C-CF3E-4780-A7EE-00CEE7B4E43E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-krebs.don@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-29] (Adobe Systems Incorporated)
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C5C4576C-3AFB-4206-9506-F8FE2D3640A4} - System32\Tasks\{31E70D97-DC32-4328-A836-86BEA5C610BC} => pcalua.exe -a "C:\Program Files\HWiNFO64\unins000.exe"
Task: {C6A6F7D3-B455-4531-A0CF-8AD02E48B223} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DA52309D-BC2F-42A6-8419-7DF7E1D8CE9F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-01] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe/cAMD-PC\Payton.Rob
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe/ua /installsource schedulerAMD-PC\Payton.Rob
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Payton.Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-16 13:23 - 2017-03-16 13:23 - 00017544 _____ () C:\Program Files\Synergy\synwinhk.DLL
2015-11-04 17:43 - 2015-11-04 17:43 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2017-05-30 07:27 - 2017-07-08 23:15 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-16 13:22 - 2017-03-16 13:22 - 00307848 _____ () C:\Program Files\Synergy\synergyd.exe
2017-03-18 15:58 - 2017-03-18 15:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 03:34 - 2017-06-21 03:35 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 03:34 - 2017-06-21 03:35 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-28 17:14 - 2017-06-22 22:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-28 17:14 - 2017-06-22 22:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
2017-03-16 13:22 - 2017-03-16 13:22 - 01943176 _____ () C:\Program Files\Synergy\synergy.exe
2017-03-16 13:22 - 2017-03-16 13:22 - 00995976 _____ () C:\Program Files\Synergy\synergys.exe
2017-06-26 13:46 - 2017-06-26 05:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-26 13:46 - 2017-06-26 05:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-26 13:47 - 2017-06-26 05:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-26 13:46 - 2017-06-26 05:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-26 13:46 - 2017-06-26 05:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-26 13:47 - 2017-06-26 05:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-26 13:46 - 2017-06-26 05:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-26 13:46 - 2017-06-26 05:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-26 13:47 - 2017-06-26 05:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-26 13:47 - 2017-06-26 05:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-26 13:46 - 2017-06-26 05:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-26 13:46 - 2017-06-26 05:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-26 13:47 - 2017-06-26 05:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-26 13:46 - 2017-06-26 05:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-26 13:46 - 2017-06-26 05:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-26 13:47 - 2017-06-26 05:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-26 13:47 - 2017-06-26 05:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-26 13:46 - 2017-06-26 05:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-02 08:21 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\Payton.Robinson\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll
2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll
2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll
2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll
2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-05-29 13:01 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Payton.Robinson\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59509.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "WebCake Desktop"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "MPOptimizer"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Razer Comms"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Keyboard Inf."
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "MKLOL"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\...\StartupApproved\Run: => "Clownfish"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D014BA51-2390-4173-9DB2-C9B2078A1C4A}] => (Allow) C:\Users\Payton.Robinson\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{4FE978B2-4FE9-42AD-8DFC-89989AD9C89B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{BAD34B52-1457-4C42-AF41-F5A1BC8EDCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{8D870230-DCA4-4E9E-BCDA-9892EE56199E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{90323EA3-05C7-45C9-8A3B-394FF658C41D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DE60193D-BC00-4335-8E12-80F57BDD7CDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{AE1C9A01-D272-4A31-B653-70ECEAA0866E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [UDP Query User{9EFDD2C7-793F-40D3-BDEE-87AE455C6EAA}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{4C2DE88C-2B8D-4265-BDCE-2A81E03C47AB}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{FA8502E3-C842-43A5-A177-62B3B74C193E}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{A2D32826-4EEB-4259-ACFA-43796BFA0507}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{24BD218C-7961-40D3-9E00-E1C521A00D52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{86312B68-12E8-43A7-8E95-696D9D2DCC3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{6F8B26D3-4044-4209-B69B-059C889120F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{5C671212-1C6E-4CB0-A68B-E8D2781A61A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{E9BA75AC-6983-40F9-8E70-DE52DC0563AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{71CB1560-5006-424C-B416-C333DC5BB636}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{BE2B13A3-8653-49CF-B392-137E84471E74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4EFA6C90-A1C7-49D5-B719-1A2B9D1C1F01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{8022F316-D3CD-494F-911C-29FEF512D4C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{F535C561-AFC0-4F5A-8515-D3DF86B4109C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [UDP Query User{ACE9527C-3597-4CC4-84C3-522543051538}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{A80AD0F8-F2ED-4128-878D-967B23295A79}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{4DAA0018-3C57-4C46-B681-6CB46C94CC09}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{A89647FC-43A3-457B-A1EA-8B59AA3C4DB9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E4A529C1-7F68-45B9-801B-9D803F9E70AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EB1AE00-1CEB-4450-BA04-B66AF71B53CD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6A042729-4541-4A7D-B342-6C4A253164E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8F3498BB-A80C-4335-86A1-9382A8194BA1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{322499EF-2FB6-46B5-AAA5-9DCD957B145D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{EA961284-31B5-4D4A-A881-4A07A4EF3B96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{AE3C26BA-DD10-4B5E-92F7-AF2E4A8F6F43}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{E98740F7-AEDD-454D-9425-205519EDD2EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{7462E594-0AD8-470F-9A0D-295376927E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{5D664EB9-723E-457E-BF79-678732C11644}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [UDP Query User{11A92B57-7419-4B7D-BC54-AD2763A3E6AB}C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{07CBCB3E-E172-4362-B643-000862902927}C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\payton.robinson\appdata\local\akamai\netsession_win.exe
FirewallRules: [{86A9B0A3-3CA0-4E3C-8BBE-D0542DDF2724}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{101B85DA-5966-43F1-9EE8-C66B2D1C4DD3}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{DEA3A0C7-8147-4603-95B1-9B25E5F5A5C1}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{4DCBB91B-B94F-4D5A-9148-7BE5CB40911F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{E851C8CA-89EC-4EC2-A962-A21845A31AB5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1B1E5426-5544-46CA-B8C4-7A3C19417BD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{C9157F6F-AD94-4210-8B06-979B48D62E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5BC72033-5F85-4473-BA9A-85C14B25F59D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{B7E138F6-1020-46EE-9EA3-7BAB738B1E61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{30CC3B6A-B8C6-47A7-865C-C45AD2840D41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{4AEA3E42-6631-413E-A058-9D3E5D0E825C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5419ECB0-03F2-4CC6-8B04-8D24FC522B1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{F1DCE735-AB87-4A2A-A5D7-CBF1D4717285}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{03D49F25-9A9D-487A-B0CD-CE6CF1291D23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{463063B3-C3BB-4FEF-9EB0-FF2328486623}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD2B37B5-0F13-4160-9FB3-60029931242F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{15D23EE6-1D75-4892-8C56-CC827AFFCA67}] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{C3650A4D-9E59-40C2-A4B1-E36468494C24}] => (Allow) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [UDP Query User{4AFC2F0C-41AE-4B6A-8441-2A9535870185}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [TCP Query User{32669590-9CFA-4CAE-A9CB-B8F22178B2C7}C:\programdata\battle.net\agent\agent.3109\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3109\agent.exe
FirewallRules: [{DD53A688-AEE0-443F-885E-CDD243BA0C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{ED09D16E-0E39-4D63-A836-0B060A8C2136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [UDP Query User{AEFA8BB4-25A2-4A3D-A29D-4A735061D2E3}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{F040BFEE-6332-4FCA-A3A3-6AC5F4F84FBF}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [{733A0215-6507-4EB6-8471-9814BF43BBDA}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{4CA912DE-3DB6-4673-9857-1D6E5EA4402A}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{3268376F-F828-47AC-9A8D-F1557D10C46A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{11DAB4AC-A4EE-4DE5-B8DE-966A78927A66}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [UDP Query User{80BA54F6-B5DA-4FA0-8E18-72A8CA77FB6B}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{294299D8-1505-4738-BF0E-F07450E36BF2}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EF3450A4-3713-4874-B4F8-09C4EB9BD29C}C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{FB8FFE78-E856-41A7-A01E-7AA75070066E}C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{8647B0C8-3B02-498E-B2B6-EE1AD07D8083}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [TCP Query User{A11DD996-681D-4841-8779-4A31092D96AA}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [UDP Query User{78C3DD64-32A4-404D-AB90-FA2EDE77E54C}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{AF1EAA0C-4882-4D22-9970-EA0C0875A34E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{351B666B-3260-4239-A3C8-0D90F0A92C37}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [{ED32E3F1-451D-4970-80C9-521157F6FA6E}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [UDP Query User{302A1A61-83F5-4F7C-831C-B7284C086EDE}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{3921F2D7-58DF-418B-8F97-FF965A6484EF}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{446C3BD9-39C3-4D2C-AA6B-457483383FAD}C:\users\payton.robinson\downloads\dayzrp.exe] => (Allow) C:\users\payton.robinson\downloads\dayzrp.exe
FirewallRules: [TCP Query User{77E96B77-9D36-418C-B590-95D93936ED32}C:\users\payton.robinson\downloads\dayzrp.exe] => (Allow) C:\users\payton.robinson\downloads\dayzrp.exe
FirewallRules: [UDP Query User{FCFCEDEC-025F-46A0-9B2F-080F1F0AF0BB}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe
FirewallRules: [TCP Query User{739D914F-7B4F-4EA6-8BF8-FF35C80E37FD}C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\combat arms\engine.exe
FirewallRules: [{A26F8E44-CA62-44C3-B528-5814B3ED22A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Combat Arms\NMService.exe
FirewallRules: [{8C75D374-CF4F-4F67-B33F-0B473178F6EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Combat Arms\NMService.exe
FirewallRules: [UDP Query User{19E59E0C-1134-406E-8052-2E2CA38397D6}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{321534E6-1DCA-4B03-AFDA-FE7EF25A3AA3}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{9A092009-1DE3-4A00-83E1-F7BAC21188A6}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{5B46BB29-59EF-44DE-8C75-9CF20E65223C}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{74C2A116-5DED-4337-AE0B-4BEBDAB52324}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09CC3E8B-F712-4C07-A902-141AEEDF538B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B00F8E0-0C5A-4C9E-9632-FAB8537F826F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E856DFC5-2240-4474-8FDD-A032BF1DA77B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A8CB2ED-1BE3-430B-A804-9C43ECC55AF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{2A17F22F-0E56-455A-ABDF-01771F801AB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{4203399F-29C3-4AC7-87B7-6EC60B8C8A56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{A74C264F-9184-4F7B-A5F1-5B57996A3D22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [UDP Query User{F530D825-7C85-420D-87E0-9646B1C402D9}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{C6A35A59-9DB5-478D-9AAF-09CBD98041BC}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{B07FF44D-2FBC-4BA7-90C1-E907EFCE1C6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{8773C915-14CB-401B-A0E6-5572884B9A24}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{BD43FAC6-38FA-46FA-8DC2-A15969225B73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5DE8FB85-D3D0-4C38-938E-FCD1A5BB89E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{08EFF783-3DD5-42AF-828A-05A97E85ACB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{481518C9-3E84-41F4-BBF7-0F5BFA6ECD09}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0641B3BC-FC46-4424-A861-A4C1C350180E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8AA8DC5-C27E-4334-A3BC-BCE69EFCA3D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4E9315F2-E478-45C8-8297-3A0E85927F16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{71C0A9F0-F972-4DAC-A313-5D3F21681139}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rustlauncher.exe
FirewallRules: [{B72E2DCB-EDF5-42CA-8388-06C158BCFBC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A59D3BDA-1F7A-47E7-A9D9-CAEA78AB7152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [UDP Query User{9E1556C1-E2D6-4113-9DC8-48BFB653AB16}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8D7423F3-6B21-4D88-ACEA-8388E59572A7}C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2131FCD-68B8-4B4F-A634-3565BD1C8864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B11F4F7C-8F71-446E-9B57-80223466A6A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B197E345-296F-4C70-9990-75CC2060B7B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{30C7D3FC-0277-4386-9BCE-3F08A4FF9273}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [UDP Query User{29A9BA36-01C8-44F4-A94E-85CE3F2C29D4}C:\2-click run\terraria v1.2.1.2\terrariaserver.exe] => (Allow) C:\2-click run\terraria v1.2.1.2\terrariaserver.exe
FirewallRules: [TCP Query User{9694AF32-E29C-4E82-B2D3-516DEABF34E6}C:\2-click run\terraria v1.2.1.2\terrariaserver.exe] => (Allow) C:\2-click run\terraria v1.2.1.2\terrariaserver.exe
FirewallRules: [UDP Query User{6E1B536E-0F85-4557-8C62-2812E8D864A8}C:\users\payton.robinson\desktop\content\terrariaserver.exe] => (Allow) C:\users\payton.robinson\desktop\content\terrariaserver.exe
FirewallRules: [TCP Query User{16A8B0A6-3B83-4F83-90F5-F9C9190947E8}C:\users\payton.robinson\desktop\content\terrariaserver.exe] => (Allow) C:\users\payton.robinson\desktop\content\terrariaserver.exe
FirewallRules: [UDP Query User{601A1343-5BB4-47C9-88AC-376F88D4D6CD}C:\programdata\battle.net\agent\agent.beta.2638\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2638\agent.exe
FirewallRules: [TCP Query User{22518C13-B180-47DC-A927-105774255689}C:\programdata\battle.net\agent\agent.beta.2638\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2638\agent.exe
FirewallRules: [UDP Query User{E2C9204E-60B9-49E6-93A4-CD36EAAC366F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [TCP Query User{843E4F06-0952-40F4-8E98-ACD0950B7202}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{49A174C3-B60A-4B1B-943D-D594AC415C3F}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [TCP Query User{5FBE7704-8427-4E1A-8C81-3C312B0433E5}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{02A15BF9-6098-462D-A7C8-5EA530B27E82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{970EAC32-EC46-4D3D-A80E-397F2E657064}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{E47123D8-A100-4744-9A03-B50008ACCBB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{72A15255-061E-44C5-A95C-DB25717A9CC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [UDP Query User{03A38E92-A737-4FE3-A666-A8CD546A8913}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{5D9A00AF-4812-46F8-8153-586C81470AB6}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{8239CB73-7CA3-4C3D-B89E-AB8F9D5E04EA}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{21B69C50-A8FB-43A8-AD7C-AC64AB0E7E15}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{0C05BD43-E01D-4067-8CEF-79A7C1CD0BF1}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{00AD49DC-2647-4CBA-8A35-1C76997A3A61}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{D1501FB3-DEC6-4188-B6E5-8CE8E05E054C}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{D3BA6BE4-F981-4BB7-B56A-793D03C8C615}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [UDP Query User{75220A3C-0A52-4001-BA43-8442554E018D}C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{52D18553-7621-4AD8-AAC6-B023EE7ADBC1}C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\payton.robinson\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{93F913E7-ED60-4D7F-9DEC-B532AFDDCF7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{BD08C58D-5876-4A74-992F-6C4864538576}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{5A1A70E7-EF20-47B6-805E-78532C4DD431}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{8B138934-684B-458B-9EA0-91A78C1D3BCA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{3A1F8EE8-B148-42C1-8AEC-EE1B224A100F}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C2B60C57-F3F0-4F0D-A68C-CEF32F2B6142}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{8D391534-C754-4828-98C9-9248152ACE1D}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{926F9D50-18B0-4914-8DCE-C0309FFFF975}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{3471E80B-2D53-4C35-994B-03D0558AA8FF}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{F18E1AAA-586C-4A58-AFD4-4B183294FEE3}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [UDP Query User{C325E1B6-888A-4F14-88DC-07ACA504AB7F}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe
FirewallRules: [TCP Query User{150A8A9A-46D1-4E88-8C2F-ED02EB3E6C24}C:\games\viscera_alpha\binaries\win32\udk.exe] => (Allow) C:\games\viscera_alpha\binaries\win32\udk.exe
FirewallRules: [{6EE89C4C-7570-4806-9B3E-42A967AA66F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{316E992B-208D-450E-8C2A-D868763D40C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{4E51CB02-02A7-4C5C-B29C-D56BEF8ECF96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{CE2C6D0F-5030-4447-AD42-117298CA3CF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2417\Agent.exe
FirewallRules: [{4B792B9E-D377-4411-B397-275CFC291744}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{F28D51AF-F59D-40E0-992F-8CC0631C05FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{01E819B8-BD90-4F64-BE52-144D0DF67065}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8A37B60C-43FC-4FB1-B089-2F4F6BB63E1F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0347F854-6861-4988-AB33-97C477D28E9D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E94FBF46-F923-49B5-A452-867ED4A1E5E5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1949A683-0796-4AEC-94C1-09EB5DD69B56}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{2CDA2573-2248-4581-94F8-11DE92A6F68E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [UDP Query User{7FCAB30C-9D8B-4F3B-8676-745E9F37951A}C:\programdata\battle.net\agent\agent.2328\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2328\agent.exe
FirewallRules: [TCP Query User{5085A18C-A244-4566-BDFE-767F5ED4BD0F}C:\programdata\battle.net\agent\agent.2328\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2328\agent.exe
FirewallRules: [UDP Query User{5A09421E-FB18-4FAD-B4E1-3AFE73E45FE1}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{98EED637-95B5-4B59-B407-F59AE8558BB1}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{E510512D-ECF1-4171-A84B-C702EBB218B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{033E3C8B-99DB-4D3B-9C9A-95E002158512}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{D510E283-81E0-4007-BCA3-AD2283FE804F}] => (Allow) C:\Users\Payton.Robinson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6288E4C3-9D62-4041-BC1F-5544AC651F00}] => (Allow) C:\Users\Payton.Robinson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A76E8567-B60B-4538-B702-9AA1B986A2CE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2F66655A-7269-4BDA-9449-56194BCC7C01}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [UDP Query User{0486E3F7-1F0B-443A-A32F-31F8DE3EE6E3}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [TCP Query User{814860A7-9376-4CE7-8968-E393C5932EE6}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{3C5EEB07-2F89-43C6-A719-41D6B843AFF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{A1C0EB29-16F1-419E-B669-55D123E6593B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{2038DC6E-17BC-4DC3-8EE7-BCB9DC1B41D4}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{910FA6F7-1FD2-487F-93E4-A454B0FD8399}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{ECFBC2B7-29DA-4222-862D-C9E341B81E86}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{A4333730-DE47-4F74-A904-0EB723458B2B}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{0439F260-CED2-4B58-9BD1-E9F0DA3B8C07}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{C4C5F5FE-4CB4-414E-99AE-859ABA6C05C6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{B1CB9AE6-23A1-49BF-B86E-2F74255FA841}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7D60A851-66A9-4B4D-A494-A0D3D04F39DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0EDA8E8C-7675-4D2D-BA51-63F2CD89191E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{BB17C658-137C-4654-B214-5CFF847BD4CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D481BC14-9EF3-4D2E-9D77-E08BF9E64574}] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [{BA5DEDA9-2B6A-4391-9B53-442D6315C386}] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{70938DB4-4F10-4954-BA57-A4FF71E3C65B}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [TCP Query User{B7A184E0-3C22-4586-9EE1-1BA8B76C3EF8}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{752B368A-D010-4065-AA99-0F4D14CB8053}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{7909FEC8-0757-4B23-9B46-820EC3E6CF38}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D08B771D-E8FC-4521-AB53-A4F8024E6779}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{AA97D7FF-7E2C-46B2-98BA-CBA685D7BE1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [UDP Query User{97C9DCD8-07FC-491C-AB67-1B3417304AE4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3AD77A3F-A41A-4C0E-8452-D5B9EAD2B083}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{664E85DA-AD3C-4CFE-A678-E4FF2DA8A79F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{CAB2E43D-01AE-4A95-97DB-856746682C54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [UDP Query User{0719E8F5-C4B1-4639-9650-DDB32A10BD49}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{0F5B0064-969B-49D9-A200-EAD1EA0B35E4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{8CBDFA87-D3D7-4DAF-8E55-58B9752FE2E8}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{18DAACF3-65F7-4EAA-866F-0D402DBBBA9B}C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\payton.robinson\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B9DB3AB4-750A-49CA-8C4A-DA6B3B334857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{AB1DD614-F858-4CEE-BD7D-C40B7B60BA76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [UDP Query User{30102388-E974-4041-B344-2FCE15F5A16D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1D3B9AF0-615F-4C48-B84D-BD76B882B3F1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A174B5ED-94B3-4824-AFF7-C3412A39E348}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{05A01104-9A4B-46AE-89DA-6FFFAFF317D8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{0004E950-9511-419E-BBAF-379BC4AF6541}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{550A16C6-B570-425A-B898-6D319EC46F47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [UDP Query User{00455FDE-D4EB-4B9A-9C7A-26C78057DA66}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CC2AC06C-FA93-455A-A366-87E652ADDD2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DF003C9E-E7A3-41DB-8A98-868971146FD8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{63B5C8FA-6E96-46BE-A92B-B6D5EDB8E94A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C5750DC9-E993-4DA2-B54C-5A912CC51319}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{1A44DB45-755F-45F2-8BC3-CA77B3689100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{729EA82B-8320-4990-B9ED-184FC3CA61D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{04443A25-8ADA-4297-8490-FC7DA8F37CC0}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{0E45F71D-F3DA-4730-BAFE-AC83E48D9DFF}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{5C869061-6B2F-4614-8D32-328B14C2C3B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{92B194C4-6A10-4942-B2C4-5225881EE38B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{EB36EAEF-D5F1-4092-B540-03D7F82BACD4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A5A3B057-F597-4E85-923D-75349A1B05ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C6B82558-E47F-4CAC-AEA7-6A04FE95A180}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{BD50B4C3-9927-4736-8860-A7A86497E3BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4A350096-E72E-42B8-83D0-A544C4E6F5B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{88BF0F69-207D-42F6-A2D4-4568D5A4E664}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{CA5A050F-3C40-4FB5-9BE6-92025CF59757}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{A0F23315-EFDA-4FF7-9B31-78666491E46E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{48B1B94B-B8C7-4C8C-B1EC-34FD9FB57CE0}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{3AA9B540-AD20-4D15-9DD6-81C4A88AFD08}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{3DCA6B20-E8E9-43E4-95D5-BE2962861DA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{876CCB26-3248-47F1-9CC2-51A275765066}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{8AFE725A-6DD0-4694-AA77-BE603188374A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D8A58692-9318-457C-B437-ABBF64F5486A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{142475D7-3BB3-4159-90BA-2DC2BF943202}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{C461B886-F38F-4305-BFF5-B8C8C0941C19}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{365976C8-9D12-491A-AF42-0D756052C869}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{D68E9E4E-0F53-4687-B48A-F001791ECAF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{FF5FF168-4551-4EF3-A479-A8DC905BAB48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{C2E6D2C9-EF69-45F4-9E12-3B6EA279D7DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{5623CA7C-4EED-4082-BCF0-934CC48F6508}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{1BFBE860-25B0-4E61-A7A8-ED366C9B6BEC}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{B7684767-F3CC-4400-BB25-D2AE89BF2FF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{AA51B509-500A-47B6-8218-0661FA7DAE6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{CD7DEBC5-B189-461A-AEDD-EBCB419BEBF9}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{A2167199-4D1A-4DE5-948E-F7347BD70EEA}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{C108D0B3-1B35-458B-A2FE-5569D08C9509}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F3F32E99-0229-46EA-A4C9-3A25EAD31E08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5CDE45DF-DA63-4BC0-B4A3-C1C1344524C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{C3EDF6E1-C5A1-41FA-88FC-9C5BF25E9A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{E069C91E-045C-4CAE-BC5B-5C5F5D50410C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{BDC3C97C-BC7C-461A-8782-2F99B7E790AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{ADE8FE12-40C2-4068-B0D8-ACA8CFD85984}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{B4FC9DE2-CAB3-4770-B1C1-03D664F033E2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{D573E2B6-79C4-4291-8BAE-A92C4625FF9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{65927921-C360-48E6-B2D4-9355CBA06723}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [TCP Query User{01820B45-0FDB-4AC8-9995-1F853F2D80AE}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{003D08BF-EA7A-4FEB-95C2-1CAB2FF6133C}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8356E730-415E-427F-92BC-0ACF0CD36E95}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{269C1A4A-FF1C-40D6-BFAF-95B6F448563A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C0B99905-0A59-46F4-A0D6-B7A9517E972F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FDDD5A5C-2B08-4C92-B5BE-2107E36667DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8B222FC8-EE3E-417D-96D7-0A1D82FB3EBB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F436BB61-3D39-4873-B0E5-BE70008F4D84}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{265A5D96-08D7-4085-9744-0EB3DF978D8D}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [{E4ABA1B5-BB72-43D6-AC55-D6536E63174C}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [TCP Query User{B5A2B4BF-9FA1-48EC-8649-1F67E6A83274}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{F2934122-D3A9-461A-BB82-8BF830B39E6A}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{434A7DD9-4BEF-4F9C-931E-D840CE034702}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{B5B7DD43-7103-4D03-BE68-AF7066AAC157}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{2C4E9B7B-A116-49F9-BD1B-3A3279CEA189}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{72DA3B0F-6545-47E7-B8DF-5FE3B3596CD6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BF07A0F5-0D8D-4BAF-9AB4-06A4BB13E02E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A18164BA-3781-4910-B3D1-6D232B3AB095}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E534C725-7426-41F2-8886-4300582EFFCD}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{15B2EC3E-5B3A-42C3-85B4-2AF714177071}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{A18795AF-2803-42C5-95A9-6626414B8066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{887A44DC-D190-4F47-B1E7-129B68B40A19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B2CC5039-5986-470E-8DB2-264434973EA2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2565E1E1-08C4-4E67-9B12-F232DE45DE72}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{AD00C781-6268-4D0C-B999-B1BCED8D21EF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{183E270F-F281-422C-A29C-8451AB8E789F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{CF669118-7C28-4549-81DA-36C2268E9594}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{794A3028-E45D-4F8D-97A7-8A25FC63D81E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1A3587C8-76B9-49B4-A07D-0C102FB92828}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{BB7CAA9A-3D8A-4CE7-95F3-0553FF869C38}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{F5B0A038-7462-4842-873C-73C36E8E8700}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E48E5C1A-4EB8-46B5-8AA8-CE3C2A65A37A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5EB48938-1603-432D-BBA9-DA216DA3FB5B}C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe
FirewallRules: [UDP Query User{711C97F5-81F4-472A-99B7-8DDAAE249661}C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_enus (2).exe
FirewallRules: [TCP Query User{0F3146D8-3B43-4D0A-B6A5-996E9DDB6B71}C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{7FABCD07-B4D6-4AA9-B3E6-6C0B176F077B}C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\payton.robinson\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [{122EEA4E-C2EE-4913-9372-CE10DA594ED6}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{90F21148-FC4A-41FB-99EF-AA9550A042B5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8130541F-69EC-4117-92C6-15FBD493D46E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-06-2017 12:30:58 Scheduled Checkpoint
26-06-2017 09:26:01 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
26-06-2017 09:26:22 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
04-07-2017 11:18:53 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/10/2017 04:52:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2017 06:34:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2017 06:10:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (07/02/2017 06:07:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
 
Error: (07/02/2017 06:06:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (06/26/2017 09:10:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/26/2017 09:04:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
 
Error: (06/26/2017 09:04:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (06/26/2017 09:01:20 AM) (Source: DCOM) (EventID: 10010) (User: JANGALANG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
Error: (06/26/2017 09:01:20 AM) (Source: DCOM) (EventID: 10010) (User: JANGALANG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-10 18:08:50.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 18:03:50.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:58:50.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:57:03.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:56:34.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:55:56.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Store signing level requirements.
 
  Date: 2017-07-10 17:53:50.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:48:50.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:43:50.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-10 17:38:50.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Synergy\synwinhk.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 86%
Total physical RAM: 7919.24 MB
Available physical RAM: 1077.61 MB
Total Virtual: 14239 MB
Available Virtual: 2121.1 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:455.65 GB) (Free:261.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A866108)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=27)
 
==================== End of Addition.txt ============================
 
Mod Edit:  Merged posts/topics - Hamluis.
 
 

Edited by hamluis, 10 July 2017 - 08:11 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:57 AM

Posted 10 July 2017 - 08:59 PM

Welcome. :)

  • Highlight the entire content of the quote box below.

Start::  
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:01:57 AM

Posted 11 July 2017 - 04:17 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Payton.Robinson (11-07-2017 03:59:45) Run:1
Running from C:\Users\Payton.Robinson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Payton.Robinson (Available Profiles: Payton.Robinson)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {17E65782-39E9-4CBE-A605-F129A833DF71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {19C7B5CA-23DB-48CE-9069-65F9C4B5B011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {246BEEB9-0F95-47E4-BD72-A34655E4C685} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {28CDB656-25B8-4780-A4DD-5505B5121BFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42152001-5E5A-414A-A462-6C908D8C5572} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E003788-E317-4195-B52A-9018851854B0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {85723C15-7658-42BB-B20A-B706E5089B9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BF660A6-A53D-42D5-A2E4-72439C1B53A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A6E493D8-AC47-441B-B075-381CC0C551B7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} - \WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 -> No File <==== ATTENTION
Task: {C8217548-642D-41C8-893E-1760E2EE4642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-03-15 13:11 - 2017-03-15 13:11 - 0739904 _____ (Oracle Corporation) C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17E65782-39E9-4CBE-A605-F129A833DF71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E65782-39E9-4CBE-A605-F129A833DF71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C7B5CA-23DB-48CE-9069-65F9C4B5B011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C7B5CA-23DB-48CE-9069-65F9C4B5B011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{246BEEB9-0F95-47E4-BD72-A34655E4C685} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{246BEEB9-0F95-47E4-BD72-A34655E4C685} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28CDB656-25B8-4780-A4DD-5505B5121BFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CDB656-25B8-4780-A4DD-5505B5121BFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42152001-5E5A-414A-A462-6C908D8C5572} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42152001-5E5A-414A-A462-6C908D8C5572} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E003788-E317-4195-B52A-9018851854B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E003788-E317-4195-B52A-9018851854B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85723C15-7658-42BB-B20A-B706E5089B9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85723C15-7658-42BB-B20A-B706E5089B9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BF660A6-A53D-42D5-A2E4-72439C1B53A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF660A6-A53D-42D5-A2E4-72439C1B53A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6E493D8-AC47-441B-B075-381CC0C551B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E493D8-AC47-441B-B075-381CC0C551B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8217548-642D-41C8-893E-1760E2EE4642} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8217548-642D-41C8-893E-1760E2EE4642} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe => key removed successfully
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E65782-39E9-4CBE-A605-F129A833DF71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C7B5CA-23DB-48CE-9069-65F9C4B5B011} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{246BEEB9-0F95-47E4-BD72-A34655E4C685} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CDB656-25B8-4780-A4DD-5505B5121BFF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42152001-5E5A-414A-A462-6C908D8C5572} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E003788-E317-4195-B52A-9018851854B0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85723C15-7658-42BB-B20A-B706E5089B9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF660A6-A53D-42D5-A2E4-72439C1B53A4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E493D8-AC47-441B-B075-381CC0C551B7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8217548-642D-41C8-893E-1760E2EE4642} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\exefile => key not found. 
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Classes\.exe => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E65782-39E9-4CBE-A605-F129A833DF71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C7B5CA-23DB-48CE-9069-65F9C4B5B011} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{246BEEB9-0F95-47E4-BD72-A34655E4C685} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CDB656-25B8-4780-A4DD-5505B5121BFF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42152001-5E5A-414A-A462-6C908D8C5572} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E003788-E317-4195-B52A-9018851854B0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85723C15-7658-42BB-B20A-B706E5089B9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF660A6-A53D-42D5-A2E4-72439C1B53A4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E493D8-AC47-441B-B075-381CC0C551B7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8217548-642D-41C8-893E-1760E2EE4642} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key not found. 
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key not found. 
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E65782-39E9-4CBE-A605-F129A833DF71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C7B5CA-23DB-48CE-9069-65F9C4B5B011} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{246BEEB9-0F95-47E4-BD72-A34655E4C685} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CDB656-25B8-4780-A4DD-5505B5121BFF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42152001-5E5A-414A-A462-6C908D8C5572} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B754FE-5F37-45CA-BF71-B8EA5BFEFB80} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E003788-E317-4195-B52A-9018851854B0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85723C15-7658-42BB-B20A-B706E5089B9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF660A6-A53D-42D5-A2E4-72439C1B53A4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E493D8-AC47-441B-B075-381CC0C551B7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06A7837-E1A1-44E8-86FB-DFB89A9A6BDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1308803042-1448578824-3416181040-1001 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8217548-642D-41C8-893E-1760E2EE4642} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully
"C:\Users\Payton.Robinson\AppData\Local\Temp\jre-8u131-windows-au.exe" => not found.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11793283 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 6447396 B
Edge => 196953578 B
Chrome => 762159291 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 10662 B
NetworkService => 190290 B
Payton.Robinson => 651396329 B
 
RecycleBin => 2533066992 B
EmptyTemp: => 3.9 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-07-2017 04:07:35)
 
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
 
==== End of Fixlog 04:07:36 ====


#4 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:01:57 AM

Posted 11 July 2017 - 04:32 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Payton.Robinson (Administrator) on Tue 07/11/2017 at  4:21:30.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E45331950B692180895AF9B74C5AFB67 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{387B7F07-3CAC-4026-965D-27E71104E8CD} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/11/2017 at  4:27:22.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:01:57 AM

Posted 11 July 2017 - 04:49 AM

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 04:45:36
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-10.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Payton.Robinson - JANGALANG
# Running from : C:\Users\Payton.Robinson\Downloads\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\BSD\DriverHive
[-] Folder deleted: C:\ProgramData\BSD\DriverHiveEngine
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHive
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD\DriverHiveEngine
[-] Folder deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[-] Folder deleted: C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhpmdajdojnnhkfgffkofkjifglkan
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\webcakeupdaterservice
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\webcakeupdaterservice
[-] Key deleted: HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
[-] Key deleted: HKU\.DEFAULT\Software\ImInstaller
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Define Ext
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Headlight
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\WNLT
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\AVSoftware
[-] Key deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\BSD
[#] Key deleted on reboot: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\SweetIM
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Define Ext
[#] Key deleted on reboot: HKCU\Software\Headlight
[#] Key deleted on reboot: HKCU\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\WNLT
[#] Key deleted on reboot: HKCU\Software\AVSoftware
[#] Key deleted on reboot: HKCU\Software\BSD
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKLM\SOFTWARE\Define Ext
[-] Key deleted: HKLM\SOFTWARE\SweetIM
[-] Key deleted: HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key deleted: HKLM\SOFTWARE\systweak
[-] Key deleted: HKLM\SOFTWARE\AVSoftware
[-] Key deleted: HKLM\SOFTWARE\TWEAKBIT
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\BSD
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Updater By Sweetpacks
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Define Ext
[#] Key deleted on reboot: [x64] HKCU\Software\Headlight
[#] Key deleted on reboot: [x64] HKCU\Software\ImInstaller
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\WNLT
[#] Key deleted on reboot: [x64] HKCU\Software\AVSoftware
[#] Key deleted on reboot: [x64] HKCU\Software\BSD
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: [x64] HKLM\SOFTWARE\AVSoftware
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
[-] Value deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebCake Desktop]
[-] Value deleted: HKU\S-1-5-21-1308803042-1448578824-3416181040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [MPOptimizer]
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Payton.Robinson\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_22&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyCyE0AzytDtCzzyEzz0DtN0D0Tzu0StCzyyByDtN1L2XzutAtFtAtBtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyEyE0EyC0C0EtGtD0BtCtCtGyBzy0DtCtGtB0EyE0CtGyDtCzztByCtCzyzz0EtCzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AyE0EtCzyyE0EtG0CyByE0FtGyEtByB0DtGzytA0CyEtGyBzztDyB0CtA0E0Azy0C0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyDtC%26cr%3D1268074195%26a%3Dwbf_ir_17_22%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\Payton.Robinson\AppData\Local\Chromium\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Payton.Robinson\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_22&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyCyE0AzytDtCzzyEzz0DtN0D0Tzu0StCzyyByDtN1L2XzutAtFtAtBtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyEyE0EyC0C0EtGtD0BtCtCtGyBzy0DtCtGtB0EyE0CtGyDtCzztByCtCzyzz0EtCzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AyE0EtCzyyE0EtG0CyByE0FtGyEtByB0DtGzytA0CyEtGyBzztDyB0CtA0E0Azy0C0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyDtC%26cr%3D1268074195%26a%3Dwbf_ir_17_22%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: google-desktop.en.softonic.com
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search here
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gkbhpmdajdojnnhkfgffkofkjifglkan
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jnnbmiailafajdkboegcjcdklooomfic
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Payton.Robinson\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [9416 Bytes] - [11/07/2017 04:45:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [8535 Bytes] - [11/07/2017 04:41:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9562 Bytes] ##########


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:57 AM

Posted 11 July 2017 - 09:31 AM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:01:57 AM

Posted 12 July 2017 - 08:39 AM

It seems OK. I only opened a couple of browsers yesterday and hit a couple of sites. 

I believe you fixed it! IN SHORT ORDER!

The last time I asked for help from Bleeping Computer I got experts but it took 2 weeks to get started and about that long to resolve.

THANKS FOR YOUR PROMPT GOOD WORK!



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:57 AM

Posted 12 July 2017 - 01:11 PM

You are welcome.

 

Remove the quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.

 

Best regards.   :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:57 AM

Posted 14 July 2017 - 10:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users