PDA

View Full Version : yessearches not gone after all



W4yneb0t
2016-04-18, 21:09
Continuing from this thread: https://forums.spybot.info/showthread.php?73433-yessearches-and-wajam-virus
I scanned with MBAM again today, and yessearches showed up again. Here are the MBAM finds and the usual logs.

PUP.Optional.YesSearches - Potentially Unwanted Program - Registry Key - HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
PUP.Optional.YesSearches - Potentially Unwanted Program - Registry Key - HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by ndjokic (administrator) on NDJOKIC-PC (18-04-2016 18:32:50)
Running from C:\Users\ndjokic\Desktop
Loaded Profiles: ndjokic (Available Profiles: ndjokic)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\MountPoints2: {6a70d0d2-ff26-11e1-b4b9-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{578D35C4-7A6D-4670-80A2-46D787BCE321}: [DhcpNameServer] 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Tcpip\..\Interfaces\{FF11C6AE-3BBF-47EC-ADA4-DDC7154832BE}: [DhcpNameServer] 7.254.254.254

Internet Explorer:
==================
HKU\S-1-5-21-132009455-2026092721-3990303557-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131051005170823377&GUID=70E66D95-8243-4756-B3B4-224911CD5991
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-15] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Homepage: google.co.uk
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-30] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-132009455-2026092721-3990303557-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ndjokic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-30] (Unity Technologies ApS)
FF Extension: Rehost Image - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\rehostimage@engy.us.xpi [2016-01-22]
FF Extension: Classic Theme Restorer - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-04-10]
FF Extension: ChatZilla - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-04-13]
FF Extension: FoxyProxy Standard - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\foxyproxy@eric.h.jung [2016-04-13]
FF Extension: Classic Theme Restorer - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-04-10]
FF Extension: ReChat for Twitch - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\firefox@rechat.org.xpi [2015-05-29]
FF Extension: FoxyProxy Standard - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\foxyproxy@eric.h.jung [2016-02-18]
FF Extension: YouTube Center - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-05-29]
FF Extension: Rehost Image - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\rehostimage@engy.us.xpi [2016-01-22]
FF Extension: ChatZilla - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-10-27]
FF Extension: Adblock Plus - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Team Liquid Streams - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{db09811d-efff-4339-a548-8550c7238a30}.xpi [2015-05-29]
FF Extension: ReChat for Twitch - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\firefox@rechat.org.xpi [2015-05-29]
FF Extension: YouTube Center - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Team Liquid Streams - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{db09811d-efff-4339-a548-8550c7238a30}.xpi [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-30] [not signed]

Chrome:
=======
CHR Profile: C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-15]
CHR Extension: (Google Docs) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-15]
CHR Extension: (Google Drive) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-15]
CHR Extension: (YouTube) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-15]
CHR Extension: (Adblock for Youtube) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-04-15]
CHR Extension: (Tampermonkey) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-15]
CHR Extension: (Google Sheets) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-15]
CHR Extension: (Custom Zoom) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\flacjbeghjebdkbgdlncibepomldoebh [2016-04-15]
CHR Extension: (Google Docs Offline) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (RealDownloader) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Gmail) - C:\Users\ndjokic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-15]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11264 2012-07-30] (Olof Lagerkvist) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) [File not signed]
S4 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18384 2012-02-16] (Olof Lagerkvist)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [38416 2012-07-30] (Olof Lagerkvist)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 ALSysIO; \??\C:\Users\ndjokic\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 18:32 - 2016-04-18 18:33 - 00019817 _____ C:\Users\ndjokic\Desktop\FRST.txt
2016-04-18 18:32 - 2016-04-18 18:32 - 00000000 ____D C:\FRST
2016-04-18 18:31 - 2016-04-18 18:31 - 05198336 _____ (AVAST Software) C:\Users\ndjokic\Desktop\aswMBR.exe
2016-04-18 18:31 - 2016-04-18 18:31 - 02375680 _____ (Farbar) C:\Users\ndjokic\Desktop\FRST64.exe
2016-04-18 18:28 - 2016-04-18 18:30 - 00000262 _____ C:\Users\ndjokic\Desktop\avnotes.txt
2016-04-17 01:06 - 2016-04-17 01:06 - 00003132 _____ C:\Windows\System32\Tasks\{08617ED2-1A65-4AA2-8D64-B9A261727EE2}
2016-04-15 12:26 - 2016-04-15 12:26 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Sun
2016-04-15 12:26 - 2016-04-15 12:26 - 00000000 ____D C:\Users\ndjokic\.oracle_jre_usage
2016-04-15 12:22 - 2016-04-15 12:22 - 00000000 ____D C:\Users\ndjokic\AppData\LocalLow\Oracle
2016-04-13 23:03 - 2016-04-13 23:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NDJOKIC-PC-Windows-7-Professional-(64-bit).dat
2016-04-13 22:41 - 2016-04-15 11:32 - 00000000 ____D C:\Users\ndjokic\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-13 22:41 - 2016-04-15 11:31 - 00000000 ____D C:\Program Files (x86)\yesbnd
2016-04-13 22:41 - 2016-04-15 11:31 - 00000000 ____D C:\Program Files (x86)\Fedaryqeule
2016-04-13 22:41 - 2016-04-14 11:41 - 00000000 ____D C:\Program Files (x86)\Ninight
2016-04-13 22:40 - 2016-04-13 22:41 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-10 22:19 - 2016-04-10 23:40 - 00000000 ____D C:\Users\ndjokic\Desktop\fab ub tutorial
2016-04-01 09:35 - 2016-04-01 09:35 - 00000137 _____ C:\Users\ndjokic\Desktop\Steambirds Alliance.url
2016-03-30 22:53 - 2016-03-30 22:53 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\.mono
2016-03-30 22:53 - 2016-03-30 22:53 - 00000000 ____D C:\Users\ndjokic\AppData\LocalLow\SpryFox
2016-03-30 22:53 - 2016-03-30 22:53 - 00000000 ____D C:\ProgramData\.mono
2016-03-28 12:02 - 2016-03-28 12:02 - 00000221 _____ C:\Users\ndjokic\Desktop\TrackMania Nations Forever.url
2016-03-27 18:53 - 2016-04-14 22:33 - 00000000 ____D C:\Users\ndjokic\Documents\TrackMania
2016-03-27 18:53 - 2016-03-28 12:25 - 00000000 ____D C:\ProgramData\TrackMania
2016-03-26 11:09 - 2016-03-26 11:09 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Crunchy Games
2016-03-26 10:46 - 2016-03-26 10:46 - 00000222 _____ C:\Users\ndjokic\Desktop\StarBreak.url
2016-03-23 17:25 - 2016-03-23 17:25 - 00085593 _____ C:\Users\ndjokic\Desktop\toocscraj.txt
2016-03-23 17:09 - 2016-03-23 17:09 - 00001149 _____ C:\Users\ndjokic\Desktop\toocsp.txt
2016-03-23 17:05 - 2016-03-23 17:05 - 00005648 _____ C:\Users\ndjokic\Desktop\toocscrdb.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 18:32 - 2013-08-06 21:04 - 00001158 _____ C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play IW4M (Modern Warfare 2).lnk
2016-04-18 18:32 - 2013-06-24 02:47 - 00002063 _____ C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk
2016-04-18 18:32 - 2012-09-15 12:30 - 00001389 _____ C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-18 18:31 - 2016-01-28 13:33 - 00000577 _____ C:\Users\Public\Desktop\The Witness.lnk
2016-04-18 18:31 - 2015-12-26 17:10 - 00002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Uptime Monitor.lnk
2016-04-18 18:31 - 2015-12-26 17:10 - 00002593 _____ C:\Users\Public\Desktop\Net Uptime Monitor.lnk
2016-04-18 18:31 - 2015-11-12 22:55 - 00000961 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2016-04-18 18:31 - 2015-08-26 15:31 - 00000959 _____ C:\Users\Public\Desktop\Bugs Bunny & Taz - Time Busters.lnk
2016-04-18 18:31 - 2015-08-22 17:07 - 00001813 _____ C:\Users\Public\Desktop\Jitsi.lnk
2016-04-18 18:31 - 2015-08-05 16:34 - 00002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-18 18:31 - 2015-08-05 16:34 - 00002050 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-18 18:31 - 2015-05-05 16:12 - 00001049 _____ C:\Users\Public\Desktop\StarCraft II - Legacy of the Void Beta.lnk
2016-04-18 18:31 - 2014-08-01 22:41 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-18 18:31 - 2013-09-06 20:32 - 00001005 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-04-18 18:31 - 2013-07-09 20:00 - 00001670 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PartyPoker.lnk
2016-04-18 18:31 - 2013-02-02 21:17 - 00000000 ____D C:\Users\ndjokic\Desktop\dls
2016-04-18 18:31 - 2013-02-01 13:30 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-18 18:31 - 2012-10-11 21:27 - 00001070 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-04-18 18:31 - 2012-09-18 10:23 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Torrent.lnk
2016-04-18 18:31 - 2012-09-15 13:54 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-18 18:31 - 2012-09-15 13:51 - 00001861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-18 18:31 - 2012-09-15 13:51 - 00001855 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-18 18:31 - 2012-09-15 13:23 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-18 18:31 - 2012-09-15 13:23 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-18 18:31 - 2012-09-15 13:01 - 00001634 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2016-04-18 18:31 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-18 18:31 - 2009-07-14 06:57 - 00001700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-18 18:31 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-18 18:31 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-18 18:31 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-18 18:31 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-18 18:31 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-18 18:31 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 18:31 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 18:30 - 2016-02-15 15:39 - 00001501 _____ C:\Users\ndjokic\Desktop\TextCrawler.lnk
2016-04-18 18:30 - 2015-11-14 13:05 - 00000935 _____ C:\Users\ndjokic\Desktop\Open Broadcaster Software.lnk
2016-04-18 18:30 - 2015-05-16 22:10 - 00001434 _____ C:\Users\ndjokic\Desktop\uTorrent.lnk
2016-04-18 18:30 - 2014-12-14 18:49 - 00001410 _____ C:\Users\ndjokic\Desktop\Tunngle.lnk
2016-04-18 18:30 - 2014-12-13 22:43 - 00001388 _____ C:\Users\ndjokic\Desktop\Core Temp.lnk
2016-04-18 18:30 - 2013-09-06 00:44 - 00000935 _____ C:\Users\ndjokic\Desktop\LEd.lnk
2016-04-18 18:27 - 2015-09-11 22:43 - 00017165 _____ C:\Users\ndjokic\Desktop\sb.txt
2016-04-18 18:14 - 2014-01-27 21:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 17:25 - 2014-07-31 13:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-18 15:54 - 2013-09-06 20:32 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\TS3Client
2016-04-17 23:09 - 2015-11-14 13:15 - 00000000 ____D C:\Users\ndjokic\Desktop\screenrec
2016-04-17 22:49 - 2012-09-18 08:37 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Skype
2016-04-17 19:46 - 2015-04-18 17:50 - 00003189 _____ C:\Users\ndjokic\Desktop\calendar.txt
2016-04-17 19:35 - 2015-08-06 00:09 - 00000000 ____D C:\Users\ndjokic\Desktop\job stuff
2016-04-17 19:14 - 2014-01-27 21:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 01:05 - 2015-12-08 22:49 - 00000000 ____D C:\Users\ndjokic\Desktop\multibox
2016-04-17 01:02 - 2014-08-01 09:49 - 00000769 _____ C:\DelFix.txt
2016-04-16 23:55 - 2009-07-14 07:13 - 00786766 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-16 23:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-16 23:52 - 2014-08-19 11:19 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
2016-04-16 23:52 - 2014-08-19 11:19 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
2016-04-16 23:48 - 2012-10-11 14:18 - 00000000 ____D C:\ProgramData\VMware
2016-04-16 23:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-16 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-16 23:44 - 2012-09-15 16:09 - 00000000 ____D C:\games
2016-04-16 17:17 - 2014-04-23 06:45 - 00003370 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
2016-04-16 17:17 - 2014-04-23 06:45 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
2016-04-16 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2016-04-16 17:14 - 2014-04-10 16:57 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2016-04-15 22:14 - 2012-11-20 23:07 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-15 12:29 - 2013-10-22 06:39 - 00000000 ____D C:\ProgramData\Oracle
2016-04-15 12:28 - 2013-10-22 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-15 12:26 - 2014-05-04 22:05 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-15 12:26 - 2012-09-18 08:49 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-15 12:26 - 2012-09-15 12:29 - 00000000 ____D C:\Users\ndjokic
2016-04-15 12:20 - 2015-11-22 14:59 - 00000000 ____D C:\Users\ndjokic\AppData\Local\CrashDumps
2016-04-15 12:20 - 2013-06-29 04:46 - 00000000 ____D C:\Users\ndjokic\AppData\Local\Adobe
2016-04-15 12:19 - 2012-09-20 11:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-15 12:19 - 2012-09-20 11:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-15 11:33 - 2012-12-31 19:09 - 00000000 ____D C:\Users\ndjokic\AppData\Local\TSVNCache
2016-04-15 11:03 - 2014-07-31 13:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-14 23:59 - 2012-09-15 13:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 23:56 - 2012-09-18 12:56 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online
2016-04-14 22:33 - 2014-07-03 21:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-14 01:45 - 2012-09-15 13:57 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-13 22:48 - 2014-07-23 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-13 22:43 - 2012-09-18 10:23 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\uTorrent
2016-04-13 14:12 - 2015-05-05 14:14 - 00006812 _____ C:\Users\ndjokic\Desktop\todo coding.txt
2016-04-13 13:35 - 2012-10-11 21:28 - 00000000 ____D C:\Users\ndjokic\.VirtualBox
2016-04-11 21:41 - 2013-07-11 18:26 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\vlc
2016-04-10 22:21 - 2015-11-14 15:01 - 00000000 ____D C:\Users\ndjokic\Desktop\sb vid
2016-04-08 00:15 - 2016-03-01 16:26 - 00001023 _____ C:\Users\ndjokic\Desktop\fabdoublegav.ahk
2016-04-08 00:15 - 2016-02-18 20:31 - 00001045 _____ C:\Users\ndjokic\Desktop\fabgav.ahk
2016-04-08 00:15 - 2016-02-17 17:35 - 00001015 _____ C:\Users\ndjokic\Desktop\fab.ahk
2016-04-08 00:15 - 2016-01-23 22:00 - 00000993 _____ C:\Users\ndjokic\Desktop\dw autoswitch.ahk
2016-04-08 00:14 - 2016-01-27 17:41 - 00001130 _____ C:\Users\ndjokic\Desktop\fab old.ahk
2016-04-08 00:14 - 2015-09-22 23:19 - 00000469 _____ C:\Users\ndjokic\Desktop\dw.ahk
2016-04-07 14:53 - 2015-12-26 17:33 - 00009843 _____ C:\Users\ndjokic\Documents\NetUptime.txt
2016-04-04 15:44 - 2014-02-17 15:18 - 00000000 ____D C:\Users\ndjokic\Desktop\stuff
2016-04-04 10:57 - 2015-08-22 17:07 - 00000000 ____D C:\Users\ndjokic\AppData\Roaming\Jitsi
2016-04-04 10:57 - 2015-08-22 17:07 - 00000000 ____D C:\Users\ndjokic\AppData\Local\Jitsi
2016-04-04 10:49 - 2016-03-14 02:08 - 00000947 _____ C:\Users\ndjokic\Desktop\justalts.txt
2016-04-02 13:02 - 2013-02-25 05:00 - 00000000 ____D C:\Users\ndjokic\Desktop\permutation stuff
2016-04-01 14:47 - 2015-05-09 20:11 - 00005753 _____ C:\Users\ndjokic\Desktop\task ideas.txt
2016-03-28 12:29 - 2012-09-15 12:29 - 00000000 ____D C:\Users\ndjokic\AppData\Local\VirtualStore
2016-03-26 11:09 - 2014-07-12 00:24 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-02-27 00:29 - 2015-02-27 00:29 - 0000335 _____ () C:\Users\ndjokic\AppData\Local\Perfmon.PerfmonCfg
2012-10-08 13:00 - 2012-10-08 13:13 - 0000600 _____ () C:\Users\ndjokic\AppData\Local\PUTTY.RND
2013-03-30 21:45 - 2015-10-27 18:20 - 0007635 _____ () C:\Users\ndjokic\AppData\Local\Resmon.ResmonCfg
2015-03-21 11:50 - 2015-03-21 11:50 - 0000000 _____ () C:\Users\ndjokic\AppData\Local\{98C9AFB2-5902-4A3A-B059-FE3063B0560A}

Some files in TEMP:
====================
C:\Users\ndjokic\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 18:08

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by ndjokic (2016-04-18 18:33:41)
Running from C:\Users\ndjokic\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-09-15 10:29:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-132009455-2026092721-3990303557-500 - Administrator - Disabled)
Guest (S-1-5-21-132009455-2026092721-3990303557-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-132009455-2026092721-3990303557-1005 - Limited - Enabled)
ndjokic (S-1-5-21-132009455-2026092721-3990303557-1000 - Administrator - Enabled) => C:\Users\ndjokic

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Torrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Torrent (HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
ŋ*̈͌ CrazyStone DLO (HKLM-x32\...\{F051B726-4DFD-4DDC-B999-496D27E14AD2}) (Version: 1.00.0000 - UNBALANCE)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
Ÿٵ 2.0 (HKLM-x32\...\Ÿٵ 2.0) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Bugs Bunny & Taz - Time Busters (HKLM-x32\...\Bugs Bunny & Taz - Time Busters) (Version: - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version: - Copyright (C) 2001-2012 Celemony Software GmbH)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Fight The Dragon (HKLM-x32\...\Steam App 250560) (Version: - 3 Sprockets)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
Fur Fighters PC (HKLM-x32\...\{9E49481C-37C8-4EEF-9AA1-45103A547462}) (Version: 1.00.0000 - Acclaim Entertainment Inc.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Jamestown (HKLM-x32\...\JamestownFinal) (Version: Final - AllSmartGames)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Jitsi (HKLM-x32\...\{DBA37B35-10E9-484D-8AF6-2BB1FC734590}) (Version: 2.8.5426 - Jitsi)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
JumpJet Rex (HKLM-x32\...\Steam App 329460) (Version: - TreeFortress Games)
K-Lite Codec Pack 9.9.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Livestreamer 1.6.1 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Magicka v1.4.14.1 Incl. 23 DLC (HKLM-x32\...\{B26C2E8F-C216-4FBC-9F15-FB07D0A8E753}_is1) (Version: 1.4.14.1 - Arrowhead)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Many Faces of Go 12 (HKLM-x32\...\{59772D11-9D88-4020-838C-6F4864D0DE8A}) (Version: 12.0 - Smart Games)
MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
Mercury (HKLM\...\{69ebe133-29a9-4c62-ae28-1509b988d81e}.sdb) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 en-GB)) (Version: 17.0.3 - Mozilla)
MultiGo Version 4 (HKLM-x32\...\MultiGo 4_is1) (Version: - )
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
Net Uptime Monitor (HKLM-x32\...\{0A26EBEA-2042-4326-9815-5F072D56A59E}) (Version: 1.9.1 - NetUptimeMonitor.com)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Opera Stable 16.0.1196.62 (HKLM-x32\...\Opera 16.0.1196.62) (Version: 16.0.1196.62 - Opera Software ASA)
Oracle VM VirtualBox 4.2.0 (HKLM\...\{8ECC12DC-7819-402A-B54E-A991558C81B1}) (Version: 4.2.0 - Oracle Corporation)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Populous - The Beginning (HKLM-x32\...\Populous - The Beginning_is1) (Version: - GOG.com)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Rayman Legends (HKLM-x32\...\UmF5bWFuTGVnZW5kcw==_is1) (Version: 1 - )
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.00 - Ubisoft)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.0.0.4 - GOG.com)
Skyperious 3.4.1 (HKLM-x32\...\Skyperious) (Version: 3.4.1 - Erki Suurjaak)
Skype 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedRunners (HKLM-x32\...\SpeedRunners_is1) (Version: - )
Spelunky HD 1.0 (HKLM-x32\...\Spelunky HD 1.0) (Version: 1.0 - Cat-A-Cat)
Spiral Knights (HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\Spiral Knights) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
StarBreak (HKLM\...\Steam App 420790) (Version: - )
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steambirds Alliance (HKLM\...\Steam App 386010) (Version: - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
Super Motherload ver. 1.3.1.0 (HKLM-x32\...\{70D31D4C-D93B-4AB1-B4E3-A1AB216EEBC3}_is1) (Version: 1.3.1.0 - XGen Studios)
Super Panda Adventures 1.0 (HKLM-x32\...\Super Panda Adventures 1.0) (Version: 1.0 - Cat-A-Cat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
Terrafirma (HKLM-x32\...\{72E80496-C446-4389-B4F2-CC46DF704A7F}) (Version: 1.9.8 - Sean Kasun)
TextCrawler 2.4 (HKLM-x32\...\TextCrawler) (Version: 2.4 - DigitalVolcano Software)
The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - )
Thumbnail me 3.0 (HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\Thumbnail me 3.0) (Version: - )
TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
TygemBaduk Remove (HKLM-x32\...\Tygem Baduk) (Version: - )
United States-International - Programming (HKLM\...\{FCF2574C-AFE2-42BA-BBD6-7263C3BDA308}) (Version: 1.0.3.40 - Company)
United States-International (no dead keys) (HKLM\...\{17C35B8C-73BD-448B-A89B-70AE5D2873DC}) (Version: 1.0.3.40 - Freeman2222)
Unity Web Player (HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.0 - VMware, Inc)
VMwarePlayer_x64 (Version: 5.0.0 - VMware, Inc.) Hidden
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team)
Wanderlust Adventures (HKLM-x32\...\Steam App 240620) (Version: - Yeti Trunk)
Wanderlust: Rebirth (HKLM-x32\...\Steam App 211580) (Version: - Yeti Trunk)
Warcraft III eSK 1.26.0.6401 (HKLM-x32\...\Warcraft III eSK 1.26.0.6401) (Version: - )
WinHTTrack Website Copier 3.47-11 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.11 - HTTrack)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1ED437A3-DDE7-45BB-A18A-15C61BADEC53} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {23F39ACE-F555-4759-A059-ADADFB6DC44F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B8BE232-7CB1-4BCB-BC68-CF862AA71A61} - System32\Tasks\{71778D02-BE03-44C6-BC77-3AB1822E4347} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {3883A749-F225-46AD-9657-84686314A48E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3A4C3513-2883-4DBB-A015-7E9D7DD7A26D} - System32\Tasks\{32E00D74-FB1D-46D1-9575-1C4D73F78895} => pcalua.exe -a "C:\games\Lode Runner 2 t\INSTALL.EXE" -d "C:\games\Lode Runner 2 t"
Task: {3C763361-B5C2-419F-A60E-26B8B2DD2921} - System32\Tasks\{F62E4B26-EA5F-4393-B55F-C69D7980E1F9} => pcalua.exe -a "C:\Program Files (x86)\GOG.com\Populous 3\GOGSetup.exe" -d "C:\Program Files (x86)\GOG.com\Populous 3"
Task: {64B0D390-008D-4A63-8823-BB7F66628095} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {867E1178-6523-40C2-A0D1-13D9B4ADD543} - System32\Tasks\{08617ED2-1A65-4AA2-8D64-B9A261727EE2} => pcalua.exe -a C:\Users\ndjokic\Desktop\pagedfrg.exe -d C:\Users\ndjokic\Desktop
Task: {874F78F7-679A-4687-ABB6-0CC7BFB87BCC} - System32\Tasks\{BDA6F1C7-BBAD-4388-A0B7-F4354809B991} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {87915235-38E5-4CAB-99EA-0D50354698B7} - System32\Tasks\{76CDB725-DFA4-49E0-82EA-CFF547B29FC4} => pcalua.exe -a C:\Users\ndjokic\Desktop\QuickTimeInstaller.exe -d C:\Users\ndjokic\Desktop
Task: {AABDCC70-7F96-455E-87EF-E2C70E3E272B} - System32\Tasks\{AC3EA61C-25A9-46E7-9C46-AE56B1109833} => pcalua.exe -a C:\games\Antichamber\Binaries\UnSetup.exe -d C:\games\Antichamber\Binaries
Task: {AB1C1E3A-449B-475B-8A2C-026256128654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF2C10DC-A000-4AF9-BA6D-187C79284B15} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B67B9C05-5E05-44E5-A938-0F3D2283DDB0} - System32\Tasks\{3175FDAB-0B7B-4511-8EDD-E83A1649A565} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {BAF4AFB8-5928-4006-A68A-34DD00C442EE} - System32\Tasks\{70BBB129-B5C9-42B1-878D-7FED7F2E783D} => pcalua.exe -a H:\Setup.exe -d H:\
Task: {C4184B8C-F99C-4360-B9E0-8F05F9974198} - System32\Tasks\{81A58B6E-E7FC-4B1D-BC4A-50C7FC7EE589} => pcalua.exe -a C:\games\TygemKorea\InstallTygem.exe -d C:\games\TygemKorea
Task: {D662FEE1-E9DF-4073-85A2-6D31A32B6147} - System32\Tasks\{D536ED9A-BBAA-447D-8B69-67E7273A4B1B} => pcalua.exe -a "C:\games\lost vikings tr\The Lost Vikings 1 and 2\DOSBox0.73-win32-installer.exe" -d "C:\games\lost vikings tr\The Lost Vikings 1 and 2"
Task: {E38600C7-B81E-4FD1-9923-7E8390ABB396} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E7FFC49B-CC76-47BE-8DDA-015887809C05} - System32\Tasks\{A337A582-F4E2-4965-9898-A0E48CDACFA7} => pcalua.exe -a C:\Users\ndjokic\Desktop\dls\tor-browser-2.3.25-8_en-US.exe -d C:\Users\ndjokic\Desktop\dls

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-12 22:37 - 2012-12-12 22:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-02-01 13:30 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-02-01 13:30 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-01 13:30 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-01 13:30 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-01 13:30 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-12-12 21:30 - 2012-12-12 21:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:BC359956 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7781 more sites.

IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-07-31 15:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-132009455-2026092721-3990303557-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 62.2.17.60 - 62.2.24.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpHotkeyMonitor => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ImDskSvc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ndjokic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E76B1FE6-B5B2-43B4-82A8-9C69E49E1A02}] => (Allow) c:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{93C4CFDD-E432-4B83-A708-9FFD3F111AFB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3BDB65D3-692C-4324-B29B-FB07EF2C7EA6}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{62929611-20BE-4B91-89AC-7A43828D8B81}C:\games\alpha centauri alien crossfire\terranx.exe] => (Allow) C:\games\alpha centauri alien crossfire\terranx.exe
FirewallRules: [UDP Query User{6EAC41A1-B840-4593-ABCB-489724DC44BD}C:\games\alpha centauri alien crossfire\terranx.exe] => (Allow) C:\games\alpha centauri alien crossfire\terranx.exe
FirewallRules: [TCP Query User{ABD82126-3D83-44F2-B6FF-1ECBDF459410}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{8A60A4C8-2E20-463E-A000-9486048BA052}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{59D66EF2-1535-4462-87D1-0CE73E030E6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{CFCC2D3A-CBD1-47FE-B871-972A80E59361}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{DE98F599-8A53-4F2C-AB5C-3816921FAF2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{52AA6A06-2975-4F45-BFCE-FC5A772B8C9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{35D4EF4A-CD83-4772-B706-F8A327FBDE36}] => (Allow) C:\games\StarCraft II\StarCraft II.exe
FirewallRules: [{A2EAB1D4-FBAE-4530-9A2F-8E37DA068C67}] => (Allow) C:\games\StarCraft II\StarCraft II.exe
FirewallRules: [{BF43D6BA-F936-4166-BE38-24FF8DB963E4}] => (Allow) C:\games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{133CCD85-70FC-4417-992F-B383EFDA281B}] => (Allow) C:\games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{8DCDA6C6-B272-49F2-8078-5F860D831BC9}C:\games\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [UDP Query User{88A34ABF-69BA-480E-AF8A-601DF3953D44}C:\games\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [TCP Query User{5CC5B687-BE35-405D-BE92-5EAA71216AA6}C:\games\portal 2\portal2.exe] => (Allow) C:\games\portal 2\portal2.exe
FirewallRules: [UDP Query User{91F94A5D-E35B-42A1-AE5A-7A5AC6BDE4DF}C:\games\portal 2\portal2.exe] => (Allow) C:\games\portal 2\portal2.exe
FirewallRules: [{B2E3C797-D346-4C65-AB58-F5D32DFC6DF1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AE9175C-FB27-490B-844F-73611BD34908}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{40061202-F41A-43B8-ACCF-C78770CE3B5E}C:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{A8BF28C9-53AC-4E1E-A477-7DAE49D72F65}C:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{F09AEDB7-B9BE-4833-B493-42AE7025611A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{37EA3AC6-97F0-41E3-84B0-13F1B4EFF500}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{869FF100-5195-4DCA-9C18-EE3ABD209E4C}C:\games\tr\terraria 1.1\terrariaserver.exe] => (Allow) C:\games\tr\terraria 1.1\terrariaserver.exe
FirewallRules: [UDP Query User{00224916-2F98-41E9-AAC2-C744651E3210}C:\games\tr\terraria 1.1\terrariaserver.exe] => (Allow) C:\games\tr\terraria 1.1\terrariaserver.exe
FirewallRules: [{B2C97392-B9A9-46FC-A1EA-7CF2EB1FCC99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{2C6E4845-CD05-4A91-B89E-AB83591421AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{81750F67-1D5D-4C8F-B3F7-A46F6B5AA0E2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{4D8CFF72-292A-4A18-988E-84B60C358511}C:\games\antichamber\binaries\win32\udk.exe] => (Allow) C:\games\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{1169E807-477C-4FE3-A32D-C6B51543E4DC}C:\games\antichamber\binaries\win32\udk.exe] => (Allow) C:\games\antichamber\binaries\win32\udk.exe
FirewallRules: [TCP Query User{81131443-C14A-4B64-9AAA-A55E020E48C7}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{13405EBE-34C8-4ED8-8BAD-242617866858}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{261FBCF7-8D97-4222-A9EA-B592F4D9AAC3}] => (Allow) LPort=443
FirewallRules: [{A3DC69FE-B26C-44AB-8427-79ACBB086695}] => (Allow) LPort=443
FirewallRules: [{8BC0326E-FEA8-44BD-8435-71536EAC0BA6}] => (Allow) LPort=37674
FirewallRules: [{0F8AFF28-4E62-4B8E-A3E1-70FF3F849F22}] => (Allow) LPort=37674
FirewallRules: [{4387F0CF-CF00-4C0C-9A52-57D504C70F83}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{68A1021B-DC66-4D25-9C1E-F29E2C874700}C:\program files (x86)\voxox\voxox.exe] => (Allow) C:\program files (x86)\voxox\voxox.exe
FirewallRules: [UDP Query User{F78D2AE5-AE91-4F64-B1DD-DB4C16B95C81}C:\program files (x86)\voxox\voxox.exe] => (Allow) C:\program files (x86)\voxox\voxox.exe
FirewallRules: [{5DF03DB7-4037-4030-9CEB-7AD48EFA9A81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{35C52D3E-C77C-45A7-BAC4-46BC8F9541E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [TCP Query User{95C15AFC-CAD5-4956-AA9C-C07B29352B67}C:\games\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{C1F2D928-BDAB-4EFA-AE5A-B604A028F437}C:\games\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{8B5AA8A0-86A2-4401-BB4C-4CFEB9DA0437}] => (Allow) C:\games\Diablo III\Diablo III.exe
FirewallRules: [{9AC29FC9-8483-46EF-B663-8C3001C540E9}] => (Allow) C:\games\Diablo III\Diablo III.exe
FirewallRules: [{4FF61F62-1D53-48A3-B833-9B43C7550947}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{F57218B7-53D3-440A-AC22-DDDF091968F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{12CEA8F8-693F-4897-A4CA-8FCD01526B43}] => (Allow) C:\games\d3n\Diablo III\Diablo III.exe
FirewallRules: [{59E08A94-A406-4869-93F6-49B3A5CA0D54}] => (Allow) C:\games\d3n\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{1AA5DA69-D786-4F80-BAC3-30B14D1B2D8B}C:\games\trackmania 2\maniaplanet.exe] => (Block) C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [UDP Query User{B5C53639-D45D-44A7-87BC-531A63F30262}C:\games\trackmania 2\maniaplanet.exe] => (Block) C:\games\trackmania 2\maniaplanet.exe
FirewallRules: [TCP Query User{3ACA01DD-1CE0-42D4-8546-3897AAC21C03}C:\games\tmnf\tmforever.exe] => (Allow) C:\games\tmnf\tmforever.exe
FirewallRules: [UDP Query User{9E5D6B8B-C260-41E0-AF06-0A5C9EFA37C3}C:\games\tmnf\tmforever.exe] => (Allow) C:\games\tmnf\tmforever.exe
FirewallRules: [{DAAB76A7-722E-493E-AA1B-2FBB133D96D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{77C84A62-E03F-440D-B70E-AFF5F2FE66C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [TCP Query User{E5F8B717-1E53-4834-A34C-930BCD21E642}C:\games\ee 2 crack\ee2.exe] => (Allow) C:\games\ee 2 crack\ee2.exe
FirewallRules: [UDP Query User{5900678D-3E75-48CB-A686-0DBC50D08F59}C:\games\ee 2 crack\ee2.exe] => (Allow) C:\games\ee 2 crack\ee2.exe
FirewallRules: [{16E5E817-49D2-4585-9A75-6545212C7852}] => (Allow) %SystemDrive%\games\Magicka\Magicka.exe
FirewallRules: [TCP Query User{66ED2F22-840A-41BE-B348-C42D3BB3D062}C:\games\tera\tera-launcher.exe] => (Allow) C:\games\tera\tera-launcher.exe
FirewallRules: [UDP Query User{8ADFAEC8-3672-4B53-BAFA-7CE80E45144D}C:\games\tera\tera-launcher.exe] => (Allow) C:\games\tera\tera-launcher.exe
FirewallRules: [{0D9A622E-B97D-4C9F-96B1-026DEC9D69D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{1EF56813-8414-4143-97AD-CCB785B6BB0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{8D1764DB-0837-479E-BF19-94D25FF2B027}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{647385BD-3C6B-42A2-B576-C820D783A98C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{F620DD95-9D52-4FFD-8D83-0555ED2A57DE}] => (Allow) C:\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{E1AC2CBB-6D16-43BD-BA77-797373434C1F}] => (Allow) C:\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{8E34F570-8283-4FCA-A2A3-46C070F01F83}] => (Allow) C:\games\Rayman Origins\gu.exe
FirewallRules: [{03D24F7D-71EE-4DDA-9649-CDA8EC8ACEF9}] => (Allow) C:\games\Rayman Origins\gu.exe
FirewallRules: [{243BE045-D53E-48FD-A3E8-6CA1B8716EDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{ED64D886-A7BC-4251-9C40-405F9ECD77A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{2C603E25-6200-45A4-B28B-4CE5526DEC7E}C:\games\frozen synapse\frozensynapse.exe] => (Allow) C:\games\frozen synapse\frozensynapse.exe
FirewallRules: [UDP Query User{E22552EC-0D1D-47C7-9160-6EA13CD162B8}C:\games\frozen synapse\frozensynapse.exe] => (Allow) C:\games\frozen synapse\frozensynapse.exe
FirewallRules: [{AAC404DC-57E0-4C3E-B47A-DFAEF60C0944}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{D8325AFB-6A65-4462-B471-8602D540C6BB}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{67AFEDD2-546F-44DB-BE5B-864593FDD193}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{87005108-BB5D-4340-A46F-DBFAFD628F3B}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{230F57DE-7B08-463B-89CC-CDD383A08F5C}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{80AD2821-7611-49A5-B5EC-4D7A3D796CF0}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{0350F86C-614B-4F1C-8215-DEA1A051B03F}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{03B2D548-9D06-457D-9065-501552956645}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{305339CA-1D0E-40F4-BAD3-FB1C132EEAF7}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{93A8BE2B-8106-4AF4-BD7F-7B6060D45F52}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\play-UT2004.exe
FirewallRules: [{6043AA9E-3937-4035-BDBB-19FF31252E22}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{8DCCBDD9-57A5-43F7-B884-ECDF8F0F36E8}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [TCP Query User{3D10B0C3-D4FA-4F8E-91D4-CEC212E0FA4D}C:\games\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{A803672F-67D2-4374-8ECE-8C14C242863F}C:\games\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{5BE2CA3E-223E-4526-A534-CFEB837347C3}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{9BE21486-A6B6-4566-8A1F-3BD2BEC0125B}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [TCP Query User{C8177C03-7170-4577-8D4E-856ACEF7BB55}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D19E90D0-9789-4A55-A523-6E971D31FF43}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{60DDD76E-DBE5-466D-A5A6-23C460561E54}C:\users\ndjokic\appdata\local\apps\2.0\l47bha44.zm9\kw5hpykx.knp\laun...app_59711684aa47878d_0001.0021_75874090487f0510\launcher.exe] => (Allow) C:\users\ndjokic\appdata\local\apps\2.0\l47bha44.zm9\kw5hpykx.knp\laun...app_59711684aa47878d_0001.0021_75874090487f0510\launcher.exe
FirewallRules: [UDP Query User{BA4EB439-DFF2-4CE7-BDD4-C28A330AEBA6}C:\users\ndjokic\appdata\local\apps\2.0\l47bha44.zm9\kw5hpykx.knp\laun...app_59711684aa47878d_0001.0021_75874090487f0510\launcher.exe] => (Allow) C:\users\ndjokic\appdata\local\apps\2.0\l47bha44.zm9\kw5hpykx.knp\laun...app_59711684aa47878d_0001.0021_75874090487f0510\launcher.exe
FirewallRules: [TCP Query User{1024CFAA-80B7-458D-9716-8A3491FB9211}C:\games\ghost recon online\pdc-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\pdc-live\ghostrecononline.exe
FirewallRules: [UDP Query User{4A0D2F9D-8E73-4658-8A93-AADC26393642}C:\games\ghost recon online\pdc-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\pdc-live\ghostrecononline.exe
FirewallRules: [TCP Query User{950443F7-78E5-4341-9445-368810B54F8E}C:\games\modern warfare 2\iw4mp.exe] => (Allow) C:\games\modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{F51BFE2F-A504-4945-8ABD-E2D7D26ED036}C:\games\modern warfare 2\iw4mp.exe] => (Allow) C:\games\modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{D4994C59-84C5-431A-981B-230678679B25}C:\games\torchlight ii\torchlight2.exe] => (Allow) C:\games\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{C2B213EF-2846-4439-9206-A48CBA058656}C:\games\torchlight ii\torchlight2.exe] => (Allow) C:\games\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{3F2CC76F-10B3-45B5-A345-70A124EDEF1C}C:\games\modern warfare 2\call of duty modern warfare 2\iw4m.exe] => (Allow) C:\games\modern warfare 2\call of duty modern warfare 2\iw4m.exe
FirewallRules: [UDP Query User{6689DE2F-7742-4D4E-9561-49325808954B}C:\games\modern warfare 2\call of duty modern warfare 2\iw4m.exe] => (Allow) C:\games\modern warfare 2\call of duty modern warfare 2\iw4m.exe
FirewallRules: [{3F5EB136-A08F-465C-9F6C-9510735D7B31}] => (Allow) %SystemDrive%\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{36F4D39A-C13B-4E15-BF11-C04F9865C5A9}] => (Allow) %SystemDrive%\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [{E7107577-D363-4BE7-8B6F-52EC307D7FCE}] => (Allow) %SystemDrive%\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{E91A5561-2937-4EC9-B037-D2A4E3AD59A6}] => (Allow) %SystemDrive%\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [{82FBE987-FDB4-419E-A315-971798B88F4A}] => (Block) C:\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{6B4C4742-53C7-4D33-BFCC-83DE309B601B}] => (Allow) C:\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{5E6ED2DD-DD69-4963-B5E5-2ADC3C80D86B}] => (Block) C:\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{57E57277-B8FF-487E-BA53-A7E66CBF53CE}] => (Allow) C:\games\Modern Warfare 2\iw4sp.exe
FirewallRules: [{C51A9233-5A97-41D8-9C00-2AC2C59189CF}] => (Allow) C:\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [{F3A16F29-DB09-47A9-BA2E-665DC2C3BAD9}] => (Allow) C:\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [{1D1CDACF-0412-42B9-8EC8-04AE0DBF2DC6}] => (Allow) C:\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [{487834DA-8345-482F-B4A9-BF7F8F30B3A1}] => (Allow) C:\games\Modern Warfare 2\TeknoGods_MW2SP.exe
FirewallRules: [TCP Query User{CAFB8294-DD21-4668-8A80-E5432CF04D5A}C:\games\warcraft 3 i2\war3.exe] => (Allow) C:\games\warcraft 3 i2\war3.exe
FirewallRules: [UDP Query User{BF93F68E-8034-42E0-A08B-26DF6793F181}C:\games\warcraft 3 i2\war3.exe] => (Allow) C:\games\warcraft 3 i2\war3.exe
FirewallRules: [{32FF5D7A-4604-48FA-94A5-435D6CF4491D}] => (Allow) %ProgramFiles% (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A4CE53B0-E1F3-4927-BCA6-0BC9304A6493}] => (Allow) %ProgramFiles% (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A2BCE62F-C9FC-4EA5-8C3E-22884D4F3A48}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{D82D59F0-A0E7-4803-9D9F-07401B768A15}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{C10FEE7C-B038-445D-9736-D6A7FE5DB840}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{35120019-781A-4201-AEC9-33FAA1023FF2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{08FFF198-98B7-4BA6-BDEC-A21F5A7012CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{84A40C15-0E3A-47E0-B859-6B8D81FB5B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{FFB0CACD-2A07-4BDA-A966-DD41D63F5318}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{4E3838AA-80F5-4618-A0EE-9023092EFFFB}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{649D74B3-DEF8-4573-A491-909B00E60257}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{775EDEC3-CBC4-4123-9615-0382C9DCB4BF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{28BF93E3-178C-4E2A-A82B-75E18D5D9113}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{454694FF-3852-471C-919B-4F329A8B4340}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{42FA4187-B4B0-4058-B847-0045C1C57978}C:\games\fur fighters i1\furfighters.exe] => (Allow) C:\games\fur fighters i1\furfighters.exe
FirewallRules: [UDP Query User{55DB8CF6-C3B1-4E48-AC42-625BE8AC2285}C:\games\fur fighters i1\furfighters.exe] => (Allow) C:\games\fur fighters i1\furfighters.exe
FirewallRules: [TCP Query User{BD473EEA-B2A5-4556-B4E6-C9E0B92ABA05}C:\games\rayman legends i1\rayman legends.exe] => (Allow) C:\games\rayman legends i1\rayman legends.exe
FirewallRules: [UDP Query User{415172B0-C6C4-4800-91E9-EBACEEADE2E7}C:\games\rayman legends i1\rayman legends.exe] => (Allow) C:\games\rayman legends i1\rayman legends.exe
FirewallRules: [TCP Query User{605E0B1E-8C87-43D5-8F51-A5390D73770B}C:\games\the stanley parable\thestanleyparable.exe] => (Allow) C:\games\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{D67476A2-93C9-45C1-9BAA-C534634F906F}C:\games\the stanley parable\thestanleyparable.exe] => (Allow) C:\games\the stanley parable\thestanleyparable.exe
FirewallRules: [{5CBA51C7-1F1A-42F4-B418-083AB97A0997}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{7EEDDF2B-4A01-444A-A18F-CDC93D6C4E8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{3BA4D225-23F1-42CA-A7C3-183692570614}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{247D65C3-1D3D-4DB3-8E64-9FDD344BE2A5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{297F5072-C8F7-460B-B0A4-56059F301EFD}] => (Allow) C:\games\Hearthstone\Hearthstone.exe
FirewallRules: [{FD348B9D-04FA-490E-A7C9-36844797B35E}] => (Allow) C:\games\Hearthstone\Hearthstone.exe
FirewallRules: [{DBC4A866-73CE-4FBB-9DE7-FAE25DE23121}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{B907AD46-872A-4AF4-93D6-D48BC8D61DE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [TCP Query User{E8A110FA-7D10-4870-BAFB-E0F0D2CB8D50}C:\games\risk of rain\risk of rain 1.02\risk of rain.exe] => (Allow) C:\games\risk of rain\risk of rain 1.02\risk of rain.exe
FirewallRules: [UDP Query User{67C2470A-4106-4E27-BC8A-A983CCE92CA1}C:\games\risk of rain\risk of rain 1.02\risk of rain.exe] => (Allow) C:\games\risk of rain\risk of rain 1.02\risk of rain.exe
FirewallRules: [TCP Query User{B545A7B1-3B75-415A-8E69-F35A84F308C4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D52FDB09-EF6F-4C3D-9E00-A139AB9F767D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{61FF3BDB-9EAB-4B50-8126-0AC0D3D4176E}C:\programdata\battle.net\agent\agent.beta.2581\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2581\agent.exe
FirewallRules: [UDP Query User{6A4658D1-9193-4668-9494-7A08366BABEE}C:\programdata\battle.net\agent\agent.beta.2581\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2581\agent.exe
FirewallRules: [TCP Query User{0464A472-FCC3-45CA-9056-455BDE5B1B16}C:\games\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{E231313B-A3F0-4B4E-A819-2E69B09D63BB}C:\games\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [TCP Query User{4D12E67B-BDE9-4124-98B9-0B93F0F7954B}C:\games\tygemglobal\tygemglobal.exe] => (Allow) C:\games\tygemglobal\tygemglobal.exe
FirewallRules: [UDP Query User{0DA75EAB-316C-4EB0-931F-8B0DAE78F35C}C:\games\tygemglobal\tygemglobal.exe] => (Allow) C:\games\tygemglobal\tygemglobal.exe
FirewallRules: [{A721450F-E317-4402-A582-DBBE74B6B485}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E73628BC-6AF8-4BD8-85A9-2021867B5C88}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{321E510B-7A11-450A-A644-97FC8641D897}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6A1B7CCF-5D58-4099-890B-88B7F67A1605}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FD63AC4D-667E-4FB6-BEB9-8613EA635AD4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{84ADE433-0E8D-405F-9EE3-A52608D0BEFC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{913D51BF-90EB-4B2A-9ECA-0799753A2DE2}] => (Allow) C:\games\FarCry 3\bin\farcry3.exe
FirewallRules: [{E78F32CF-2BC7-4B76-8E4C-DCA421CB6372}] => (Allow) C:\games\FarCry 3\bin\farcry3.exe
FirewallRules: [{53499691-A648-4309-8846-1D185E3C33B8}] => (Allow) C:\games\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{FC95AA06-4706-464C-A3D2-F265BCCA5F8E}] => (Allow) C:\games\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{B8307AD7-09B3-4C2B-88FE-1E026F828CF8}] => (Allow) C:\games\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{F8564250-998A-4B85-9482-93D652B25A74}] => (Allow) C:\games\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{7C56F531-7EB2-491B-8E68-B3B67D0DF1F4}] => (Allow) C:\games\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{EFDD9544-282A-4B9D-B6C3-1D8115E2C262}] => (Allow) C:\games\FarCry 3\bin\FC3Editor.exe
FirewallRules: [TCP Query User{A277E779-2F61-4203-9014-9FF9430CFE39}C:\programdata\battle.net\agent\agent.beta.2680\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2680\agent.exe
FirewallRules: [UDP Query User{F9D213D2-8E69-4344-A923-A55BF81969CA}C:\programdata\battle.net\agent\agent.beta.2680\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2680\agent.exe
FirewallRules: [{67683665-9705-4D76-A0F2-98A665E38149}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{35C21635-9F4E-448A-9A4E-BABCB54DB8FD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{FEF3A67A-0001-4638-B82C-88E5414FB20A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{95CC0FBE-B735-4C7C-A49B-E57A4AB15BF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{7D0F4EE6-6858-46AD-B008-089A59516949}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{53BF65A7-2794-4DAA-8FDA-ED4BFDCD5922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [TCP Query User{F4E1C587-6469-4C66-8CC2-5DE9F9C2856A}C:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{81BAEDBD-1A4E-4578-BC6A-28EDE4F58E62}C:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{3355648B-34A5-440F-AAEF-186051A187A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{83014FF0-E55E-4873-A86F-78A8F8690360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{E79BBEFF-E405-4E57-AC78-78A95C2BC434}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{36691D00-529D-4420-A9B9-5F234A1CBA34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{25D15733-6258-4599-AB76-87F1FD83FC34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{958840D9-AD06-487C-9CE1-83C444BFB5BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7989B03F-28BF-4AE2-AAC3-4B3569E7F058}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{B20D6818-3343-49AC-93DD-9790B66EDFF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{6E615508-A331-4475-BC75-662BA31221B5}C:\games\wanderlust downloader\wanderlust.exe] => (Allow) C:\games\wanderlust downloader\wanderlust.exe
FirewallRules: [UDP Query User{65A42897-8979-4F4C-A3AB-23E7A74D9695}C:\games\wanderlust downloader\wanderlust.exe] => (Allow) C:\games\wanderlust downloader\wanderlust.exe
FirewallRules: [{3A7044FE-52B2-4CF7-8375-4D5A54D6A300}] => (Allow) LPort=1110
FirewallRules: [TCP Query User{665B2549-8FD2-47FE-A54F-0A004576376B}C:\games\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\games\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{9664FFFD-F430-4C12-B625-A2A5ECEF420D}C:\games\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\games\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{D1647714-56E4-44AE-A423-6F291413E96A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wanderlust Rebirth\Wanderlust.exe
FirewallRules: [{13D28917-3126-4FCB-8B7B-8E545DE59380}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wanderlust Rebirth\Wanderlust.exe
FirewallRules: [TCP Query User{578A2A9F-CE11-4639-B928-7BBA0E0E7A20}C:\games\magicite\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite\magicite.exe
FirewallRules: [UDP Query User{A87B5380-3F91-4A52-B466-15553491B04B}C:\games\magicite\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite\magicite.exe
FirewallRules: [TCP Query User{A6788C99-A6A4-42DB-A4B4-99FAC5C4E23E}C:\games\magicite 12\magicite\magicite.exe] => (Allow) C:\games\magicite 12\magicite\magicite.exe
FirewallRules: [UDP Query User{8051AFDA-2F7A-4925-B8D6-6F113EFF5D5F}C:\games\magicite 12\magicite\magicite.exe] => (Allow) C:\games\magicite 12\magicite\magicite.exe
FirewallRules: [{3506D53D-87DF-4512-BDB8-38F427CFDE69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{B12CE886-9E07-42BA-9F0F-2096CAB9E664}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{42A2CAE5-A411-4ED5-B7F3-264C4D2AD01E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{410D73BA-7B40-44BB-95A4-53F3351B7863}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{74826088-848F-4083-B484-A87A65C7D3B8}C:\games\hero siege t\hero_siege_v1.1.0.4-fas\hero_siege_v1.1.0.4-fas\hero siege.exe] => (Allow) C:\games\hero siege t\hero_siege_v1.1.0.4-fas\hero_siege_v1.1.0.4-fas\hero siege.exe
FirewallRules: [UDP Query User{AC36C439-7325-4233-8C7F-8A8E73006A90}C:\games\hero siege t\hero_siege_v1.1.0.4-fas\hero_siege_v1.1.0.4-fas\hero siege.exe] => (Allow) C:\games\hero siege t\hero_siege_v1.1.0.4-fas\hero_siege_v1.1.0.4-fas\hero siege.exe
FirewallRules: [TCP Query User{FFC386B7-8032-44F5-AC33-55D8FCAD92BE}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [UDP Query User{B4DF6F33-BF36-47C8-A59F-0BB6700E8294}C:\programdata\battle.net\agent\agent.3182\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [{8BAF8D04-947B-46BA-922D-98A362BEDFEF}] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [{052D2A63-4680-4CBA-B6EE-4E00B370487D}] => (Allow) C:\programdata\battle.net\agent\agent.3182\agent.exe
FirewallRules: [TCP Query User{77463DCD-D021-4FD3-900E-3AC4D7827C2A}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [UDP Query User{92732A89-365B-4D60-8D6D-667B98E14588}C:\programdata\battle.net\agent\agent.3235\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3235\agent.exe
FirewallRules: [{9B622B11-5CF1-4A9A-BD75-CDB1AAE3115A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{5D1F8F2D-EBD5-4770-B66A-9B971701F968}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [TCP Query User{1D0D18A3-437C-499C-8438-54B77883010A}C:\games\cs 1.6\hl.exe] => (Allow) C:\games\cs 1.6\hl.exe
FirewallRules: [UDP Query User{716F6F61-4841-4F88-9C82-F0904C80E7F0}C:\games\cs 1.6\hl.exe] => (Allow) C:\games\cs 1.6\hl.exe
FirewallRules: [{50ACC004-A3E4-493F-8281-1A66FC807026}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{5B553C7A-2F59-42D6-B9BD-6CF40C7486BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{BBFFD0EB-F6A6-47A4-B755-85310C046BB8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CF3878E7-47A9-42DA-A077-3B706292EFD6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD83575C-60B2-479B-A133-4A3B5D22611C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3DFE2AD9-B6BC-4A59-8A2B-719E2552DC58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5BAC8A66-72A9-4B70-94FC-1518C7D957BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4467D1C3-F40D-4FE2-AA9E-E3E03B5B02DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{01D3F8AD-E707-498F-9048-A6924578E3CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E0C1A15F-A131-4895-A990-6C0EBB627D10}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [TCP Query User{9424D2FE-6788-4188-9B65-AE0A468E2D1B}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [UDP Query User{359CEA8C-F27D-4FC2-BB9B-911E0F27E7E2}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [TCP Query User{3EAF8646-1C03-4BE0-AC8A-4E7D291FBE50}C:\games\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{CF094545-0E5A-431D-8BDB-20F18489CC97}C:\games\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\games\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{B1A9F863-0642-498D-9C74-061F52A67E25}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{5FCFB569-074A-4EEA-BF87-49A7303A92F3}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{A6DFD4A7-5CDE-41D4-85A9-D91110D466C3}] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [{A3705A51-4B9E-47F1-AFE6-A5B3E5AFA8EA}] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [{E957D6CC-1B20-494B-A842-F9135DE2926F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{F9216A16-6213-43E4-8D39-1EEA17510732}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{2C6D715F-895B-4448-8A06-ED58A8E3AE39}C:\games\borderlands presequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\borderlands presequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{2F195F5D-C15B-4A08-9F24-53032C6518B8}C:\games\borderlands presequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\borderlands presequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{4231845D-506F-4645-90EF-69F12521659C}C:\games\don't starve together v115992\dont starve together\bin\dontstarve_steam.exe] => (Allow) C:\games\don't starve together v115992\dont starve together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{F75F6822-DA3F-48F5-91A8-BEC7F03C11A9}C:\games\don't starve together v115992\dont starve together\bin\dontstarve_steam.exe] => (Allow) C:\games\don't starve together v115992\dont starve together\bin\dontstarve_steam.exe
FirewallRules: [{B3290235-F81D-48D2-B1B4-53B86F110077}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{64D4EF5E-7048-4F9D-8C44-BFCC55AB88A7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{6F1AC09E-8A45-4AD4-AF81-302D157FB12F}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{062D9D03-ADFD-45E2-8EEB-BD39301BA25B}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7FB8804F-6BB4-44B7-90AA-92E6399DE970}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{491D63AF-4DAB-4756-B55D-8BE10407194A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{FAE5A09E-F4DF-41C9-AA0F-6BBB63833ABA}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C6217F6B-2BF7-4E94-B48F-D12572163878}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{02613B15-0187-46E8-A36B-ADB29804F3E2}C:\games\age of mythology extended edition\aomx.exe] => (Allow) C:\games\age of mythology extended edition\aomx.exe
FirewallRules: [UDP Query User{3BF8F60A-35A0-4AA1-913A-0960AA38B46D}C:\games\age of mythology extended edition\aomx.exe] => (Allow) C:\games\age of mythology extended edition\aomx.exe
FirewallRules: [{A62348FA-7F91-4A41-BCBC-BD8A4437265F}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{137C71D0-E5B1-4B90-A25F-E2803AA39FBC}] => (Allow) C:\games\UT 2004\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [TCP Query User{6BE1EFD8-BD9A-4DEC-BA2A-2A6C9AF2852D}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [UDP Query User{C7028AAE-1350-4BEC-8B6C-35D4E70002B2}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [TCP Query User{BC6D73DB-0754-4A04-A2FE-9984E6FC70FE}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [UDP Query User{BF39B73F-E778-42EE-97F2-39C040992469}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [TCP Query User{E439550B-A63D-4EC9-9C45-78AEBFA22B14}C:\games\wyv.and.keep.v2.0.1\wyv and keep.exe] => (Allow) C:\games\wyv.and.keep.v2.0.1\wyv and keep.exe
FirewallRules: [UDP Query User{58275121-2CB4-4B31-9C9A-2326454E9C5D}C:\games\wyv.and.keep.v2.0.1\wyv and keep.exe] => (Allow) C:\games\wyv.and.keep.v2.0.1\wyv and keep.exe
FirewallRules: [{C607B369-3940-488F-99C0-6040A70544E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5DECC87E-1CAE-4C6D-AD3A-0C553B29825F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{1A978BC2-CC3C-4E59-94C9-62146BFCB3A1}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E4B18E12-6080-4CFE-BA20-603A0886002B}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{015EAFD8-1E63-4728-B7E1-8D628494A397}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{6784BE87-C674-43C5-B79C-1B756B6851FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{7C0D4D7F-A2C5-431C-A01A-B74CA4FA302A}C:\games\brood war\starcraft.exe] => (Block) C:\games\brood war\starcraft.exe
FirewallRules: [UDP Query User{C94FBB07-60FB-45C4-A176-341889953B96}C:\games\brood war\starcraft.exe] => (Block) C:\games\brood war\starcraft.exe
FirewallRules: [TCP Query User{4DC1AC46-400C-4028-B03B-62D07B8D65CA}C:\games\factorio\bin\x64\factorio.exe] => (Allow) C:\games\factorio\bin\x64\factorio.exe
FirewallRules: [UDP Query User{F8194725-836A-4DE4-80AC-06462CC265B5}C:\games\factorio\bin\x64\factorio.exe] => (Allow) C:\games\factorio\bin\x64\factorio.exe
FirewallRules: [{DE97977E-BDD3-4768-A01B-6F6616377D35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5D1A203-57D6-44B3-8D76-37F9477CEB57}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9C81B964-D74B-40EC-AA30-8B59F0C9EA4A}C:\games\starcraft ii - legacy of the void beta\versions\base35032\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base35032\sc2_x64.exe
FirewallRules: [UDP Query User{02E86342-A845-46DB-BFF7-CD82C578A63D}C:\games\starcraft ii - legacy of the void beta\versions\base35032\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base35032\sc2_x64.exe
FirewallRules: [{A23B99A9-8491-407E-BB34-CAA357CAF7CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{54F8EB32-0691-4CFE-8F03-B4C2D3236412}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{34DE93A9-7B1E-4EA0-9574-725629CB85C6}C:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ADD9446F-8587-4F0B-9CC8-4E6F4994A0A5}C:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{B7EAD03F-4344-4E30-90DC-2CB6C0BA8432}] => (Allow) C:\Users\ndjokic\AppData\Local\Temp\nst38B5.tmp\CnetInstaller-10067444.exe
FirewallRules: [{8464FD0B-51B4-45CC-89AF-B73AAD192B48}] => (Allow) C:\Users\ndjokic\AppData\Local\Temp\nst38B5.tmp\CnetInstaller-10067444.exe
FirewallRules: [{F009D32E-D740-46E4-AF32-24ACD731BB2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{5DA16E8D-2384-44D5-B704-AB4BA593C28E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{383E8D9B-F6B3-43E8-88C1-4155C9DC43F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{10D099A6-438E-4D6C-AD6B-4B0D86E9834F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{0F844BDD-7F0D-4CC0-8FC7-D529083A4EDA}C:\games\starcraft ii - legacy of the void beta\versions\base36442\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base36442\sc2_x64.exe
FirewallRules: [UDP Query User{14E1EAC3-6809-4729-8576-99D389BBCE19}C:\games\starcraft ii - legacy of the void beta\versions\base36442\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base36442\sc2_x64.exe
FirewallRules: [TCP Query User{D49C218A-B44E-4342-A22C-554A45932F71}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [UDP Query User{9D7311D2-FD28-40E8-880E-4CA4E0307F65}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [TCP Query User{4C100076-6D7E-4CFE-9341-9689D43C18CB}C:\games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [UDP Query User{D8514578-850A-49DE-8700-9F0EE1093871}C:\games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => (Allow) C:\games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [{34AB0D5F-152C-40FC-A38B-48CA30FFE6CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wanderlust Adventures\Wanderlust.exe
FirewallRules: [{F268455A-0707-41F2-9108-2FCC25942ACE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wanderlust Adventures\Wanderlust.exe
FirewallRules: [{62EFC204-6E31-4ABB-8FA1-B693388B3CFD}] => (Block) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{C1AB60ED-302C-4905-94B7-193CB7F271B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{45297671-DD76-43B4-82C1-6B343296F58F}] => (Block) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{4C2E981D-81A6-40BA-BFC5-F1DCD418DDA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{17C0BDF5-49AE-49FB-A617-7E0E3F6CC178}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{E76B4C0A-3BC4-438C-9CA6-C1BF7747F0CC}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{BE2F2893-C1FF-4133-8F05-2288A9E1C71C}] => (Allow) LPort=8317
FirewallRules: [{E3EE3217-871E-4ACA-AE14-70567C7C5C98}] => (Block) %ProgramFiles% (x86)\Camtasia\CamtasiaStudio.exe
FirewallRules: [{A62F4CAC-7304-4910-9B46-31A712A4B375}] => (Block) %ProgramFiles% (x86)\Camtasia\CamtasiaStudio.exe
FirewallRules: [{760326AE-CE68-475D-9A0C-5F315D11C6A0}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A08A83C-D61B-485F-AABA-4813DCAFABD6}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E8F486D-FE06-4FA3-B487-4443C5704D60}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F335B8AB-9BB8-4A06-9578-6EF40D6C051C}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{81A2147D-50C5-4C4D-94D0-AD985BAC7071}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97A72FA2-E323-483F-A4B8-A23E8F0EF4BF}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37ECB1E3-8A52-48B0-8812-ACE63860FDA5}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56DD3052-EF6E-40DB-AD4B-A31725501CD4}] => (Allow) C:\Users\ndjokic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E475786A-7078-4B92-A918-95DC8E073992}C:\users\ndjokic\desktop\sbmb\mubox.quicklaunch.exe] => (Allow) C:\users\ndjokic\desktop\sbmb\mubox.quicklaunch.exe
FirewallRules: [UDP Query User{FCEE75D6-0265-4D69-BC92-3B4A7B5C9090}C:\users\ndjokic\desktop\sbmb\mubox.quicklaunch.exe] => (Allow) C:\users\ndjokic\desktop\sbmb\mubox.quicklaunch.exe
FirewallRules: [TCP Query User{AAEB0049-F6E4-4931-9B63-383054D78F69}C:\users\ndjokic\desktop\multibox\starbreakmultibox\z-server\node.exe] => (Allow) C:\users\ndjokic\desktop\multibox\starbreakmultibox\z-server\node.exe
FirewallRules: [UDP Query User{29DD4DE3-0F0F-4127-B5B1-37966AF16155}C:\users\ndjokic\desktop\multibox\starbreakmultibox\z-server\node.exe] => (Allow) C:\users\ndjokic\desktop\multibox\starbreakmultibox\z-server\node.exe
FirewallRules: [TCP Query User{C08DEAAD-1566-434C-B66F-1878E8092FD1}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AF942E43-23B9-4E19-9035-7B0D209D4881}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{6023F515-883D-4AC5-9FC8-8D5649F8B941}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JumpJetRex\JumpJetRex.exe
FirewallRules: [{A88B2F8A-2CAD-4702-A9D4-E1561B127FFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JumpJetRex\JumpJetRex.exe
FirewallRules: [{5FE29B9F-8194-47F3-B999-A51C8FE7ECCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FightTheDragon\FightTheDragon.exe
FirewallRules: [{A7044A7B-4E36-4F41-806B-9F9FD2249325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FightTheDragon\FightTheDragon.exe
FirewallRules: [TCP Query User{033EAECF-0CE9-4B81-B257-94367168FDB0}C:\users\ndjokic\desktop\multibox\starbreakmultiboxfull1\z-server\node.exe] => (Allow) C:\users\ndjokic\desktop\multibox\starbreakmultiboxfull1\z-server\node.exe
FirewallRules: [UDP Query User{A4C6247A-2F9D-4B96-993C-4241322ED1E2}C:\users\ndjokic\desktop\multibox\starbreakmultiboxfull1\z-server\node.exe] => (Allow) C:\users\ndjokic\desktop\multibox\starbreakmultiboxfull1\z-server\node.exe
FirewallRules: [{C4C9995F-0BBD-421F-A91D-1E07EDD1ED55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{70B304B9-CF47-4DF8-B231-18E78D105572}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{81421BD9-1790-490C-AF05-07456B991BF8}C:\games\factorio v1226inst\bin\x64\factorio.exe] => (Allow) C:\games\factorio v1226inst\bin\x64\factorio.exe
FirewallRules: [UDP Query User{6EE526FB-3D96-4A06-B24F-4E121132815C}C:\games\factorio v1226inst\bin\x64\factorio.exe] => (Allow) C:\games\factorio v1226inst\bin\x64\factorio.exe
FirewallRules: [{B47DD6FD-2112-4EF1-BC28-DE87A4C53347}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarBreak\mvmmoclient.exe
FirewallRules: [{67CFA376-0042-4433-8646-8F23FBE8E089}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarBreak\mvmmoclient.exe
FirewallRules: [TCP Query User{A2F87792-6E7D-4EAA-AF7A-7E685A251435}C:\games\tmnationsforever\tmforever.exe] => (Allow) C:\games\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{084CEC79-BB82-42E3-97FF-2EE20D26B23B}C:\games\tmnationsforever\tmforever.exe] => (Allow) C:\games\tmnationsforever\tmforever.exe
FirewallRules: [{6891C70E-23CA-4FE8-89CB-6AAAC67F2DC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{8B23EF82-A648-4762-AD21-02FC713D47A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{C2DF032B-B95D-4432-9E24-EE7A016B5582}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{6DA7F943-C39B-4559-967A-D09DCB17D4E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{E406EBBB-75DE-4756-86A4-DB953AC3F216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Steambirds Alliance\Steambirds.exe
FirewallRules: [{873E1A57-7EA6-48BE-9871-671CCB6F48DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Steambirds Alliance\Steambirds.exe
FirewallRules: [{AAE64B3E-373E-4116-B83D-97EA326F99B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9F15EA48-C498-41D6-99CE-D82EC85D2413}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{85DE1639-831D-4037-8655-3991730F0D13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-04-2016 13:19:02 Windows Update
16-04-2016 17:14:05 Restore Point Created by FRST
16-04-2016 23:45:35 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2016 11:45:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8e9ba6c3-87d4-4311-b8ea-4c9877c11559}

Error: (04/16/2016 01:46:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/15/2016 10:17:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/15/2016 10:17:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/15/2016 09:54:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/15/2016 09:53:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/15/2016 12:20:45 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (04/15/2016 12:20:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.19135, time stamp: 0x56a1ba55
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x0026f885
Faulting process id: 0xdec
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (04/10/2016 05:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CamtasiaStudio.exe, version: 8.6.0.2054, time stamp: 0x55d3d620
Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348961e
Exception code: 0xc0000005
Fault offset: 0x00019a1e
Faulting process id: 0xf94
Faulting application start time: 0xCamtasiaStudio.exe0
Faulting application path: CamtasiaStudio.exe1
Faulting module path: CamtasiaStudio.exe2
Report Id: CamtasiaStudio.exe3

Error: (04/10/2016 05:25:05 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: CamtasiaStudio.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 60E39A1E (60E20000) with exit code 80131506.


System errors:
=============
Error: (04/18/2016 10:37:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.

Error: (04/17/2016 04:49:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/17/2016 01:06:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/17/2016 01:06:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/17/2016 01:04:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/16/2016 11:46:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (04/16/2016 11:46:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/16/2016 11:46:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/16/2016 11:45:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/16/2016 11:45:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 38%
Total physical RAM: 8142.36 MB
Available physical RAM: 4984.29 MB
Total Virtual: 16282.93 MB
Available Virtual: 13324.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.6 GB) (Free:49.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5893164C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt ============================



aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-18 18:36:11
-----------------------------
18:36:11.089 OS Version: Windows x64 6.1.7601 Service Pack 1
18:36:11.089 Number of processors: 4 586 0x2A07
18:36:11.091 ComputerName: NDJOKIC-PC UserName: ndjokic
18:36:13.303 Initialize success
18:36:13.415 VM: initialized successfully
18:36:13.416 VM: Intel CPU supported
18:37:08.953 VM: supported disk I/O iaStor.sys
18:41:11.715 AVAST engine defs: 16033102
18:43:46.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:43:46.566 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
18:43:47.730 VM: Disk 0 MBR read successfully
18:43:47.733 Disk 0 MBR scan
18:43:47.805 Disk 0 Windows 7 default MBR code
18:43:47.808 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
18:43:47.811 Disk 0 default boot code
18:43:47.834 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455269 MB offset 616448
18:43:47.874 Disk 0 Partition 3 00 07 HPFS/NTFS 16247 MB offset 933007360
18:43:47.895 Disk 0 Partition 4 00 0C FAT32 LBA 5115 MB offset 966281216
18:43:50.294 Disk 0 scanning C:\Windows\system32\drivers
18:44:13.163 Service scanning
18:45:05.517 Modules scanning
18:45:05.518 Disk 0 trace - called modules:
18:45:07.211 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
18:45:07.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800977c060]
18:45:07.212 3 CLASSPNP.SYS[fffff88001b4943f] -> nt!IofCallDriver -> [0xfffffa80095d4b10]
18:45:07.212 5 hpdskflt.sys[fffff88001af0361] -> nt!IofCallDriver -> [0xfffffa8007c175f0]
18:45:07.212 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800790c050]
18:45:08.724 AVAST engine scan C:\Windows
18:45:12.582 AVAST engine scan C:\Windows\system32
18:50:37.170 AVAST engine scan C:\Windows\system32\drivers
18:51:09.213 AVAST engine scan C:\Users\ndjokic
19:19:31.267 AVAST engine scan C:\ProgramData
19:54:39.445 Disk 0 statistics 4682148/0/26 @ 0.65 MB/s
19:54:39.445 Scan finished successfully
19:58:07.007 Disk 0 MBR has been saved successfully to "C:\Users\ndjokic\Desktop\MBR.dat"
19:58:07.046 The log file has been saved successfully to "C:\Users\ndjokic\Desktop\aswMBR.txt"

Juliet
2016-04-19, 02:26
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~~~~~~~~~~~~`
Do you connect to the internet by
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
FF NetworkProxy: "socks_remote_dns", true

Google doesn't appear too.

~~~~~~~~~~~~~~~~~~~

Let's try to reset your browsers.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)


~~~

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)


~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.[/*]
Click [img=http://i.imgur.com/MqHawIb.png] Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

[i]-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.


~~~~~~~~~~~~

http://s24.photobucket.com/user/ken545/media/Capture_zpsge1t2tk9.jpg
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


please post
AdwCleaner[C1].txt
JRT.txt

W4yneb0t
2016-04-19, 15:52
I don't need the twitch.pac thing anymore, shall I remove it? I don't know what socks_remote_dns is.


# AdwCleaner v5.112 - Logfile created 19/04/2016 at 14:26:43
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : ndjokic - NDJOKIC-PC
# Running from : C:\Users\ndjokic\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Ninight
[-] Folder Deleted : C:\Program Files (x86)\yesbnd

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [813 bytes] - [19/04/2016 14:26:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [862 bytes] - [19/04/2016 14:20:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [957 bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Professional x64
Ran by ndjokic (Administrator) on 19/04/2016 at 14:35:43.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\ndjokic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38YIKXTX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ndjokic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJUTRUX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38YIKXTX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJJUTRUX (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/04/2016 at 14:41:45.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-04-19, 19:32
I don't need the twitch.pac thing anymore, shall I remove it?
Yes

It appears AdwCleaner was able to clean the 2 folders associated with the infection
[-] Folder Deleted : C:\Program Files (x86)\Ninight
[-] Folder Deleted : C:\Program Files (x86)\yesbnd

Let's do an online scan to ensure it's all gone.

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click http://i.imgur.com/SzOC1p0.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

W4yneb0t
2016-04-20, 18:49
I can't seem to locate those NetworkProxy settings, please help :S

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Juliet
2016-04-20, 19:12
I can't seem to locate those NetworkProxy settings
They wont be there if you removed twitch.pac

I don't need the twitch.pac thing anymore, shall I remove it?
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"

~~~~~~~~~~~~~~~

What Eset found was a Google Toolbar and in itself isn't a threat but more something you didn't intentionally download but came in as bundled.
When downloading any item always check off anything added and isn't necessary.

What's the computer doing now?

Time to remove tools and quarantine folders?

W4yneb0t
2016-04-20, 22:47
I meant I can't find how to remove twitch.pac either.

I'm usually careful about unselecting bundled garbage, I guess I missed one.

The computer isn't showing any symptoms, but then again, it stopped showing symptoms about 9 posts ago.

Juliet
2016-04-20, 23:01
The computer isn't showing any symptoms, but then again, it stopped showing symptoms about 9 posts ago.

LOL, well thats a good thing!


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
FF NetworkProxy: "socks_remote_dns", true
RemoveProxy:
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

This should take care of it. Please post this when done.

W4yneb0t
2016-04-21, 16:59
Ok, done.

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by ndjokic (2016-04-21 15:34:09) Run:1
Running from C:\Users\ndjokic\Desktop
Loaded Profiles: ndjokic (Available Profiles: ndjokic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
FF NetworkProxy: "socks_remote_dns", true
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac" => not found
FF NetworkProxy: "socks_remote_dns", true => not found

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-132009455-2026092721-3990303557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-132009455-2026092721-3990303557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 947 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:35:37 ====

Juliet
2016-04-21, 17:35
Unless there are other issues, your good to go. Good job!

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet
2016-04-28, 03:57
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.