View Full Version : A number of odd issues
I have very recently gained possession of this machine. Technically it's shared between myself and the former owner, however, she has a new one so rarely uses this one. It's having issues and doing weird things. She is the one who advised me to come here and get it checked out. I do know that the other day while watching hulu, I received a BSOD with wdf_violation error and the machine had to restart. I looked up said error on my phone while waiting for the reboot and it stated it's usually revolving around itunes and such. i dont think this machine has itunes on it and i dont personally use it myself or even have an iphone or ipad/ipod (android for life!). when the machine restarted, i noticed a brand new icon on my task bar by the name of Turno.net Launcher. I also noticed a spoon-console.exe thing in my task manager. I had no idea where they came from and though the internet claimed spoon-console.exe as "safe", it also listed it as a key logger/mouse tracker thing which made me super uncomfortable so i went to my programs and uninstalled. it worried me greatly though.
Had to attach Addition.txt as a zip because it was too big otherwise? if that is wrong im sorry
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Owner (administrator) on 7360BE7 (26-06-2017 20:54:44)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Owner\Downloads\MonitorES.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
(Octoshape ApS) C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\furc_on.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
(Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [MonitorES] => C:\Users\Owner\Downloads\MonitorES.exe [32768 2010-09-16] ()
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {8ae1db9c-54db-11e4-be96-082e5f79e668} - "G:\ToolLauncher-Bootstrap.exe"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b03b2a49-3f65-11e5-bed8-082e5f79e668} - "E:\CMADownloader.exe"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b4418b01-b416-11e3-be74-082e5f79e668} - "F:\autorun.exe"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {f67dbadf-862b-11e6-bf07-082e5f79e668} - "G:\VerizonWirelessUpgradeAssistantSetup.exe" -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2015-10-08]
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-12-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2017-06-25]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{46A9D7A3-BA03-426C-BC76-F9A4C3EB1832}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E3015422-23A8-485B-81DA-8FE3412980B8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-10] (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF DefaultProfile: zy6ct8pm.default-1408609993675
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 [2017-06-26]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> Google
FF Homepage: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/search
FF Extension: (LavaFox V2-Blue) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\djziggy@gmail.com [2017-05-18]
FF Extension: (Pin It button) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-05-08]
FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-08]
FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\searchplugins\google-avast.xml [2014-11-20]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-07-11] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-10] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-04-22] (Octoshape ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.rprepository.com/c/tenebris
CHR StartupUrls: Default -> "hxxp://www.rprepository.com/c/tenebris","hxxps://cdn.discordapp.com/attachments/166346126662828033/288502705272389633/20170306_214618.jpg"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Flash Video Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (OpticRed Hubble1-1600 Theme) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmpcjpbnfggoobceakkkcojmnnhkehom [2016-06-18]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-25]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-06-16]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-06-01]
CHR Extension: (Linkclump) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Senet Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcegikaljcfolenjkadbbaicbgjcpb [2015-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-18]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-07-09] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [234856 2016-01-04] (EasyAntiCheat Ltd)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2016-01-21] (GOG.com)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-29] (Electronic Arts)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S3 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-07-18] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AIDA64Driver; C:\Users\Owner\Downloads\aida64extreme520\kerneld.x64 [34136 2015-03-23] ()
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-28] (Disc Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-07-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-04-23] ()
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43648 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-11] (Microsoft Corporation)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 VBoxDrv; \??\C:\Program Files\Oracle\VirtualBox\VBoxDrv.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 20:54 - 2017-06-26 20:56 - 00026004 _____ C:\Users\Owner\Desktop\FRST.txt
2017-06-26 20:53 - 2017-06-26 20:53 - 00013721 _____ C:\Users\Owner\Downloads\FRST.txt
2017-06-26 20:52 - 2017-06-26 20:52 - 02441216 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-06-26 20:50 - 2017-06-26 20:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-7360BE7-Windows-8-(64-bit).dat
2017-06-26 20:48 - 2017-06-26 20:48 - 00002239 _____ C:\Users\Owner\Desktop\Tweaking.com - Registry Backup.lnk
2017-06-26 20:48 - 2017-06-26 20:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-26 20:46 - 2017-06-26 20:46 - 05766144 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2017-06-25 04:37 - 2017-06-25 04:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
2017-06-25 04:32 - 2017-06-25 04:32 - 00280752 _____ C:\Windows\Minidump\062517-81089-01.dmp
2017-06-25 04:31 - 2017-06-25 04:31 - 540046701 _____ C:\Windows\MEMORY.DMP
2017-06-18 20:00 - 2017-06-18 20:00 - 02329859 _____ C:\Users\Owner\Downloads\SMAPI-1.14.1.zip
2017-06-18 20:00 - 2017-06-18 20:00 - 00000000 ____D C:\Users\Owner\Downloads\SMAPI-1.14.1
2017-06-18 15:18 - 2017-06-18 15:18 - 00000139 _____ C:\Users\Owner\Desktop\CAT CONTACT.txt
2017-06-18 13:25 - 2017-06-18 13:25 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-06-18 13:20 - 2017-06-18 13:20 - 00000000 ____D C:\Users\Owner\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-06-18 13:18 - 2017-06-18 13:19 - 140742472 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-06-18 03:27 - 2017-06-18 03:27 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Owner\Downloads\AVG_Protection_Free_1606.exe
2017-05-31 14:08 - 2017-05-31 14:08 - 06754944 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu (1).exe
2017-05-29 13:17 - 2017-05-29 13:17 - 30931000 _____ (Open Media LLC ) C:\Users\Owner\Downloads\4kvideodownloader_4.2 (1).exe
2017-05-29 13:15 - 2017-05-29 13:15 - 30931000 _____ (Open Media LLC ) C:\Users\Owner\Downloads\4kvideodownloader_4.2.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 20:53 - 2014-06-05 12:44 - 00000000 ____D C:\FRST
2017-06-26 20:48 - 2014-12-01 02:33 - 00034815 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-06-26 20:47 - 2017-01-15 12:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-06-26 20:47 - 2014-03-21 21:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-06-26 11:57 - 2016-02-22 14:17 - 00003162 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2017-06-26 11:57 - 2016-02-22 14:17 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
2017-06-26 11:57 - 2014-02-09 03:52 - 00000000 ____D C:\Users\Owner
2017-06-26 10:25 - 2016-10-31 17:44 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-26 10:20 - 2014-07-03 08:34 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-06-25 22:06 - 2016-03-02 04:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\StardewValley
2017-06-25 19:31 - 2014-02-09 03:59 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4167589968-2693423342-2315446607-1002
2017-06-25 04:45 - 2016-01-23 13:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2017-06-25 04:43 - 2014-07-17 03:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Spoon
2017-06-25 04:34 - 2014-02-09 03:52 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\AuthenTec
2017-06-25 04:33 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 04:31 - 2016-01-20 15:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2017-06-25 04:31 - 2016-01-20 15:19 - 00000000 ____D C:\ProgramData\Avg
2017-06-25 04:31 - 2016-01-20 15:19 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-25 04:30 - 2014-03-21 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-24 20:37 - 2014-03-21 18:12 - 00000000 ___RD C:\Users\Owner\Desktop\PHOENIX
2017-06-24 18:54 - 2017-04-17 23:42 - 00000000 ____D C:\Users\Owner\Desktop\RP FILES
2017-06-21 11:57 - 2016-04-09 23:45 - 00000000 ____D C:\Users\Owner\Desktop\altnamecheck
2017-06-21 11:55 - 2014-03-21 19:21 - 00000000 ____D C:\Users\Owner\Documents\Furcadia
2017-06-18 14:02 - 2016-01-20 15:18 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
2017-06-18 13:57 - 2014-06-13 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-18 13:27 - 2014-03-21 22:54 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-06-18 13:27 - 2014-03-21 22:54 - 00001112 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-06-18 13:27 - 2014-03-21 22:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-18 13:27 - 2014-03-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-18 13:27 - 2014-03-21 22:53 - 00000000 ____D C:\Program Files\WinRAR
2017-06-18 13:25 - 2017-03-09 00:51 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-18 13:25 - 2014-03-21 15:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-06-18 13:24 - 2016-04-08 04:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IMVU
2017-06-18 13:24 - 2016-03-24 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania
2017-06-18 13:24 - 2016-01-19 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB
2017-06-18 13:24 - 2014-11-21 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-06-18 13:24 - 2014-06-23 17:42 - 00000000 ____D C:\Windows\Minidump
2017-06-18 13:24 - 2014-03-22 17:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2017-06-18 13:24 - 2014-03-07 16:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqlog
2017-06-18 13:24 - 2014-02-09 01:39 - 00000000 ____D C:\ProgramData\Temp
2017-06-18 13:24 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\Sysprep
2017-06-18 13:24 - 2012-07-25 23:37 - 00000000 ____D C:\Windows\Inf
2017-06-18 13:07 - 2016-08-15 22:20 - 00001065 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alt Existance Checker.lnk
2017-06-18 12:58 - 2016-01-20 15:18 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2017-06-18 02:06 - 2012-07-26 02:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-18 02:06 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-06-17 23:43 - 2014-03-21 17:51 - 00000000 ___RD C:\Users\Owner\Desktop\PHOENIX PICTURES
2017-06-14 16:31 - 2017-02-01 01:21 - 00000992 _____ C:\Users\Owner\Desktop\Core Temp.lnk
2017-06-10 19:24 - 2016-03-27 17:52 - 00000000 ____D C:\Users\Owner\Desktop\FURC CHARA STUFF
2017-06-10 19:12 - 2015-05-06 20:13 - 00000000 ____D C:\Users\Owner\Desktop\FF CONVERT
2017-06-04 14:25 - 2014-03-21 21:38 - 00000000 ___RD C:\Users\Owner\Desktop\VIDEO
2017-06-02 21:16 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2017-06-02 20:33 - 2014-03-21 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-02 20:30 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-29 13:18 - 2015-08-09 03:04 - 00001264 _____ C:\Users\Owner\Desktop\4K Video Downloader.lnk
2017-05-29 13:18 - 2015-08-09 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
==================== Files in the root of some directories =======
2014-11-20 01:51 - 2014-11-20 01:51 - 0000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-03-21 16:41 - 2017-04-10 18:40 - 0007605 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-10-17 16:33 - 2014-10-17 16:35 - 0000000 _____ () C:\Users\Owner\AppData\Local\{32E64994-79B7-45FD-9074-C147C167A2F4}
Files to move or delete:
====================
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-19 04:15
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-06-26 21:12:35
-----------------------------
21:12:35.107 OS Version: Windows x64 6.2.9200
21:12:35.107 Number of processors: 4 586 0x1001
21:12:35.108 ComputerName: 7360BE7 UserName: Owner
21:12:36.309 Initialize success
21:12:36.310 VM: initialized successfully
21:12:36.312 VM: Amd CPU BiosDisabled
21:14:37.094 AVAST engine defs: 17030301
21:14:43.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000044
21:14:43.728 Disk 0 Vendor: ST640LM001_HN-M640MBB 2AR10002 Size: 610480MB BusType: 11
21:14:43.928 Disk 0 MBR read successfully
21:14:43.933 Disk 0 MBR scan
21:14:43.961 Disk 0 unknown MBR code
21:14:43.964 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
21:14:44.653 Disk 0 scanning C:\Windows\system32\drivers
21:15:06.544 Service scanning
21:15:41.091 Modules scanning
21:15:41.104 Disk 0 trace - called modules:
21:15:41.148 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
21:15:41.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ff060]
21:15:41.163 3 CLASSPNP.SYS[fffff8800153ce0a] -> nt!IofCallDriver -> [0xfffffa8006579b10]
21:15:41.168 5 hpdskflt.sys[fffff88001d8b339] -> nt!IofCallDriver -> [0xfffffa8006384600]
21:15:41.173 7 amd_xata.sys[fffff8800128d634] -> nt!IofCallDriver -> \Device\00000044[0xfffffa8006386060]
21:15:42.258 AVAST engine scan C:\Windows
21:15:44.920 AVAST engine scan C:\Windows\system32
21:19:39.959 AVAST engine scan C:\Windows\system32\drivers
21:19:58.640 AVAST engine scan C:\Users\Owner
22:30:08.954 AVAST engine scan C:\ProgramData
22:33:43.169 Disk 0 statistics 5471843/0/0 @ 0.63 MB/s
22:33:43.170 Scan finished successfully
22:40:07.576 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
22:40:07.580 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
Hi and welcome
If you can please, find/locate the Addition.txt and post it in your next reply.
I can't open a zip file/folder, then we can continue.
if you need to make multiple post that is OK too.
Thank you Juliet for replying, sorry about the zip, figured it was the only way it would work. here is the addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Owner (26-06-2017 20:57:42)
Running from C:\Users\Owner\Desktop
Windows 8 (X64) (2014-02-09 09:51:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4167589968-2693423342-2315446607-500 - Administrator - Disabled)
Guest (S-1-5-21-4167589968-2693423342-2315446607-501 - Limited - Disabled)
Owner (S-1-5-21-4167589968-2693423342-2315446607-1002 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)
4K YouTube to MP3 3.1 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.1.1.1707 - Open Media LLC)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{74734DC8-A8FD-6240-5517-DE4C8B14C341}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Battle for Wesnoth 1.12.1 (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Battle for Wesnoth 1.12.1) (Version: 1.12.1 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Eternal Card Game (HKLM\...\Steam App 531640) (Version: - Dire Wolf Digital)
Evoland (HKLM\...\Steam App 233470) (Version: - Shiro Games)
f.lux (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Flux) (Version: - )
FATE (HKLM-x32\...\WT015792) (Version: WT015792 - WildTangent)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hand of Fate (HKLM\...\Steam App 266510) (Version: - Defiant Development)
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version: - Defiant Development)
Hero of the Kingdom (HKLM\...\Steam App 259550) (Version: - Lonely Troops)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IconPackager (HKLM-x32\...\IconPackager) (Version: - Stardock Corporation)
IconPackager (x32 Version: 5.00 - Stardock Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IMVU Avatar Chat Software (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\IMVU Avatar chat client software BETA) (Version: - )
Infinite HD™ App (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
mscomctl 6.1.97.86 (HKLM-x32\...\mscomctl 6.1.97.86_is1) (Version: 6.1.97.86 - Microsoft Visual Basic Controls)
msstdfmt 6.1.97.82 (HKLM-x32\...\msstdfmt 6.1.97.82_is1) (Version: 6.1.97.82 - Microsoft Visual Basic Controls)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
PatchFusion (HKLM-x32\...\{36B685BD-AC67-4EFE-9EFF-EB004CD6297D}_is1) (Version: 2.6.4 - Mercenary Enclave Productions)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Pixelmon Launcher (Beta) (HKLM-x32\...\Pixelmon Launcher (Beta) 2.1.7) (Version: 2.1.7 - Ikara Software Limited)
Pixelmon Launcher (Beta) (x32 Version: 2.1.7 - Ikara Software Limited) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Saints Row IV (HKLM\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.0.84 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.3 - Prolific Publishing, Inc.)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.17 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Pirates! (HKLM\...\Steam App 3920) (Version: - Firaxis Games)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis Games)
Skyperious 3.2 (HKLM-x32\...\Skyperious) (Version: 3.2 - Erki Suurjaak)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Stardew Valley (HKLM-x32\...\Steam App 413150) (Version: - ConcernedApe)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.56 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM\...\Steam App 313120) (Version: - Beam Team Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Talisman: Digital Edition (HKLM\...\Steam App 247000) (Version: - Nomad Games)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Book of Legends (HKLM-x32\...\Steam App 277470) (Version: - Aldorlea Games)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims(tm) Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.14.49.1020 - Electronic Arts Inc.)
Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Validity WBF DDK (HKLM\...\{3820B6F2-2F6B-4237-9EE9-F0AC9A2185BC}) (Version: 4.4.227.0 - Validity Sensors, Inc.)
VideoDownloaderUltimate (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.35 - Link64)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07A67AB7-C046-4411-9E1E-02CBE7AE1E73} - System32\Tasks\{57FDA626-3D95-4C08-AF4D-1E7EFC5940E5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {3154756B-2AAF-43A8-8E66-36ADB77AF772} - System32\Tasks\{09A7C1D0-477A-41BF-9643-3DE50C76327D} => pcalua.exe -a "C:\Program Files (x86)\Furcadia\_uninst.exe"
Task: {36018778-865B-47B5-BC40-09196BF7D0DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {3888EE4E-8B1B-461F-A545-BADF347B9E03} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {41EFB613-0E11-41F5-85EE-2489FDAE375C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
Task: {6556A942-1F3E-49C7-9840-A3D0D0600216} - System32\Tasks\avastBCLRestartS-1-5-21-4167589968-2693423342-2315446607-1002 => Chrome.exe
Task: {6D1C6171-B004-4F4C-8F00-45BCD7D66778} - System32\Tasks\Core Temp Autostart Owner => C:\Program Files\Core Temp\Core Temp.exe [2017-03-18] (ALCPU)
Task: {6E79DA85-94EE-4061-8B0C-99016357D106} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {718BC725-5166-4328-90B0-0C3C1A32CFB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {8276B388-3C13-4EED-8B37-61157FA8D08D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8841ED01-4B89-4F35-AF35-6E10C434B6BB} - System32\Tasks\{65CDD781-04AB-4759-ABB9-386F0839F92D} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {9957BEE9-ED6B-4301-B3C1-8D8A90ACC64C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B0DD1AF7-3795-4A3A-9DC2-567342B3678A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {B59F8635-A312-4A44-83EB-CC17D4DE9AC0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {B5CBC79D-214C-447B-82E3-8C9E238BCAD3} - System32\Tasks\{F4FA0356-DA9C-4A8C-B4D0-80D8D1936A6A} => pcalua.exe -a C:\Users\Owner\Downloads\SMS2003-SP3-KB937882-X86-ENU.exe -d C:\Users\Owner\Downloads
Task: {C22743EC-E2BD-433B-ABC7-1995F9853A78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-15] (Adobe Systems Incorporated)
Task: {CF2BDCC4-7181-41F7-B4E3-4D3B7DE87884} - System32\Tasks\{A8A76758-4F04-422A-81CC-5C071B6DED10} => pcalua.exe -a C:\Users\Owner\Downloads\forge-1.7.10-10.13.2.1230-installer-win.exe -d C:\Users\Owner\Downloads
Task: {DDEBA022-3B8B-4FA9-BCAD-8073884A60C3} - System32\Tasks\{85046818-0B6B-4667-B629-CEADB65D16D5} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/en/abandoninstall?page=tsProgressBar
Task: {E1245B7B-63F7-45B1-A164-43B032150038} - System32\Tasks\{4881F0FC-9422-43B9-99F4-C7583BB7BBBD} => pcalua.exe -a "C:\Program Files (x86)\Gravity\RO\Setup.exe" -d "C:\Program Files (x86)\Gravity\RO"
Task: {EB01FBE6-81C6-463A-B5D7-843F0FEABC02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FB9D7FA9-F8F2-412A-BFB0-4B5DDC726F8B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb
==================== Loaded Modules (Whitelisted) ==============
2012-09-18 03:12 - 2012-09-18 03:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-18 09:55 - 2012-07-18 09:55 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-07-26 01:55 - 2012-07-26 01:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-05-14 04:54 - 2010-09-16 12:13 - 00032768 _____ () C:\Users\Owner\Downloads\MonitorES.exe
2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-09-18 03:11 - 2012-09-18 03:11 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-05-15 23:54 - 2017-05-09 03:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 23:54 - 2017-05-09 03:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2012-08-10 03:36 - 2012-08-10 03:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2014-02-09 01:45 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-01-11 15:44 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 18:26 - 2017-01-11 18:26 - 01082880 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 18:26 - 2017-01-11 18:26 - 03750400 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 18:26 - 2017-01-11 18:26 - 00914432 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 18:26 - 2017-01-11 18:26 - 01127424 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-11 15:44 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 15:44 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-06-25 04:45 - 2017-06-25 04:45 - 00148992 _____ () \\?\C:\Users\Owner\AppData\Local\Temp\226E.tmp.node
2017-01-11 18:26 - 2017-04-26 15:27 - 02658296 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 18:26 - 2017-03-22 15:20 - 02665976 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-08-03 21:53 - 2016-08-03 21:53 - 00987136 _____ () C:\Program Files (x86)\Furcadia\libxml2.dll
2016-08-03 21:54 - 2016-08-03 21:54 - 00077824 _____ () C:\Program Files (x86)\Furcadia\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\aeriagames.com -> hxxp://aeriagames.com
IE restricted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\skype.com -> hxxps://apps.skype.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 23:26 - 2014-09-14 04:03 - 00001075 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Desktop\PHOENIX PICTURES\GALAXY & SPACE\rsz_1ta06za.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\StartupFolder: => "Launch Utility Application.lnk"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615pit"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "join.me.launcher"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "GalaxyClient"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FDDA6392-0A61-4149-9DFE-ADE8E96DD4CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7ECF8E98-0B21-475A-B3C4-25BA88C22569}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{8CEE99DA-AA09-4166-8AB6-AA1E61241929}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{1BB02B3F-4E9A-4040-8263-48469C24F190}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{3A0B3D99-61CA-4E70-B2FB-F3CD1A7A8F5E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7DD4E246-8D73-4F8D-BBFE-7483642DD9BE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6FA1F28E-F576-45E9-9C30-1CBE52A56E14}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{625A509D-2FD7-4FC2-8D11-1EDE203704E4}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{E25EAFF7-7EC4-4051-B94E-DF5EBAA9A645}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{47BC71B8-59D6-4401-AC1A-EB4AB286DC31}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{9C1C799C-D237-482D-94EA-41372E92274F}] => (Allow) %ProgramFiles% (x86)\Stardock\Object Desktop\IconPackager\Activate.exe
FirewallRules: [{08CDBA64-E1BA-4958-B69D-E664A82AC4CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{975EFD86-43E0-4979-BFA0-CE3308DDCB83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{974D8DF2-3F43-4AE4-969D-A58D17E1A3B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0F635F0D-F5C6-4767-B8A8-062F590134B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FC5F30F3-F27A-4A59-B9BB-9A4D53D9A5C5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [{46D1099C-57A8-457F-9782-0C213448004B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [{3FF1BFDF-A86D-4F26-8718-4D83C0C17828}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{8983ACD8-B2FA-4EF8-814D-41034BC0742C}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{90C316C3-7F64-4A5D-8FCD-5E3669151C63}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
FirewallRules: [{335C8AF1-02BC-4366-893A-E34964318FFA}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
FirewallRules: [{9A2CA9CA-1396-4201-B016-58E18D7A01EE}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{D8D0A395-966F-40BD-A784-02516DFB1063}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{55CEB6BA-E4E6-4EE1-AF83-3EB089AF06A9}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{C23B5D9B-3154-4D19-B6DA-477158A72CF3}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{A7C647BF-541D-45CA-989C-6DAED04D5A3D}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
FirewallRules: [{AB423E01-A7FF-4EFF-B2A6-639DCAAC33C2}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
FirewallRules: [TCP Query User{37F040AF-DEA7-4B52-BB7A-28B9ECE82ED9}C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
FirewallRules: [UDP Query User{FF024338-0177-4193-B297-984170B87AC5}C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
FirewallRules: [{1525A57E-64E2-4154-95B0-124F0AAB91B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{F71E5893-CF42-45AD-97FB-2B22C89F7931}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{7FF333F9-DF56-47E1-9730-CB778D4BE34B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{25065224-1D8F-493D-A1E7-6732E429F359}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1EE56E19-04EB-4E74-B140-884C12D1C760}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4A58756D-7453-46A6-918B-4618AA904CE9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0B9D497B-245D-46AA-BE7F-E9ECD8939250}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9044FEB3-5BBD-4A0D-9643-F270D9CFAC98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A6FDF7DB-44D7-4A69-A3F9-940D21E63F35}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{823D27EA-B014-4504-A63B-9AB4C3A7BBFA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3612DB22-AA97-41D7-847E-0561031FDED2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0FDEF4B1-FE55-41C3-A3B3-B667305E30BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{3A59AC31-D801-468C-B0C6-A404979FF793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{570805D3-5A7E-41A7-9453-FA80AD13C89D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{C6CBC3E9-333C-4766-8A03-E79A1978A4BF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{E844F90D-9E14-4652-AE82-744AD4D55A6F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{31B91068-FE14-416E-B46B-2D05118D8D4C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{024E8CB9-B30F-4241-8BF9-DFFCC90CFE4E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D5495F02-CBB1-4DE4-A97E-BDA3FF59C958}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{AD84BA49-3FC8-4FE9-917F-714090C06701}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{17E66E2F-FF73-46CC-8638-6D5DEEC1E483}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D887A475-F4F8-44AF-8459-8BCC26F1EF46}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{DA6435D7-8EFD-41D9-91C7-B2F551B6A7EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{34237578-7E6D-4B8A-881A-0A9BA498D957}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{F4F8D607-F971-4BCE-962C-106E9F9A592C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{99B6A0B6-7567-42CF-8C79-39E45311C6E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{ED13E1AE-E6B1-4AC3-8623-0385240F3F5F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{320F6522-DF1B-4A14-9858-8030AAB63623}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{B0A2FF7F-E414-4DDC-BCB0-7E78F8A4AF47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{7F0E7C97-2E32-4FF1-8AC2-02A59ED3D7D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CF659B52-14BC-496C-B16F-3023F7E2E6B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{99F2560D-78AE-4907-8B0C-46E0030292A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{4D1027A3-CA47-479D-9802-44786C924E13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{B94F0F59-08B7-4F5F-9C16-6E4C5C425337}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{AE83794D-AFFF-4E02-89FB-8DF194F7760F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FDAFA933-6CCB-4E3A-B07B-5054A70C5C59}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F661311-FFE8-4668-B148-D107D53973A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{F21B7FC2-7986-4457-98B3-1AA4AE4C1B72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{FA97AA3B-2D97-4CFE-82D6-954D80A04384}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{C6752541-13DB-416F-9BB0-C677C7261D33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{ED9DC762-06E3-4F24-8E25-1DE8B598718C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{A3DEED43-F27D-4285-898D-FB2DD86B9D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{BF67B821-9655-43FE-9F7C-5B26223329E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{FFCFE106-DBDF-45AC-8A9A-539F63057940}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{B6EB32B2-CFFF-4AE2-90F5-769B957FFE13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{B5969EB5-EEFD-4F4E-85AF-8FE91CF1D758}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{C5B42509-9537-4B56-A6B2-15DD54D48163}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7609974B-BB86-441A-86EB-866D5802A5D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{1A215C06-DBB1-4B0B-8D48-D83AF20DD937}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{22D70D2E-4DAF-4433-B3C6-DC36E13BDDE5}] => (Allow) LPort=2869
FirewallRules: [{B8856F0B-FC2D-4030-8961-CF5F8B23BEAE}] => (Allow) LPort=1900
FirewallRules: [{822788E8-0AAB-417C-B046-A429379E9B8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{A57A515C-060F-4A12-8D9C-A6A7E34F066F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1876C747-5D54-4A66-BD7D-05329198E2A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{5CDE5D54-7049-4BB1-9F46-229326D56366}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{654B7C96-C0A3-40B3-BD58-5BF40D3D933F}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
FirewallRules: [{EB7C48BD-DA27-480E-820F-A3E6C69830BC}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
FirewallRules: [{B7A4BD09-B980-4046-BDD0-F02E5CAEB28B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{D5EC8B76-4F54-4773-AD2B-81CE36F743E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{752F8D1E-2C48-4EFC-B7AB-447A3E08D3C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{528CB57D-6C8A-48BB-914C-B5347D5CC917}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{F733D89D-8A98-4EBE-8881-33E752058CCF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D2566577-6C99-45FC-B03E-2C1A3BA81847}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{82C1553B-B5DC-4C20-B397-8C7F2BA25FE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{D332830B-4581-4EDD-A8EE-E360C7A81ABF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{36D407D8-0F1F-4B39-8AE4-D636FF721489}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{E975320C-5308-4611-8669-92C4405ACD00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{13A11369-1ED0-480B-BBC8-C12898326B19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{2772FAE7-78DE-4565-8C3D-500D0460A043}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{88790F8E-5D98-45F2-A661-F91FDE0C12F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{B18E0B12-6CB4-473E-B565-FA53EDECBD71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{842142CB-B3ED-490D-B026-C7669ED1110A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{A2A3DBBB-B1D7-466D-9438-945AC6A297AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{3452AA21-98CC-4D91-B8D6-93057C20B8AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{88D1BDAE-3835-4E13-BA50-159C80F8C18B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{C8B0F06B-3F4E-43AC-BF4F-357CD42657C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE2C9709-EE36-4501-BF72-4F2A3781EAF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{592632D7-43F3-4151-8CFD-E72F799F7129}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{FE963C6E-FE0F-4D58-B655-F124FCD4C90E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{7F70C1F3-88B0-4808-8796-5599BB1444B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{BB986EBE-D340-423F-85D9-97C5B24A748B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D0258E54-C9B3-41E3-9F73-4BE7D30E488C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{4EC1BD60-772B-4B6A-9E77-721B8D5C8C84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{6D6E2295-30E4-4348-B2C6-8327FE194973}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{EA13A790-3A2F-4CBA-A392-40F8EB51F7A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{FB090C07-EACB-4783-9FAC-C80F766F7D61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{DA0AAB90-40E7-4417-A8EA-673B6E699EBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{849BDF77-5E3C-45C9-9826-E58E3FA26D24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
FirewallRules: [{5DF52370-C197-49D7-9C75-B9582E86F89C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
FirewallRules: [{3BE33BE0-AA86-4B84-95D8-FA960FF9F001}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{485D2AA7-27FA-4C54-87D5-CD5719FD0F16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{63896BE7-BD78-459E-B95F-B714452FFFAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
FirewallRules: [{80CAD038-5D27-49F5-A781-22B330FC49F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
FirewallRules: [{E9941161-A483-48AC-98C7-EF1204740385}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7BD7F0D2-C6D2-4DD2-93F0-859B6777C2A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DA7B37A3-126D-4B95-B4DB-3CBD0E308673}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{BD6E1989-639C-441F-8E22-80B00159F0ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{BDE513EE-8A95-4563-8CEC-34702E62E296}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{F91D3BCE-9687-4D46-89B9-8CF5F9304130}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6FB747BC-664D-487E-9650-7BDE1FFCA824}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{64629C8E-89FC-4CF0-84BC-853AFBEAF546}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{32B3371A-8CB1-40D6-9207-B68CEC514EE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FCA499F-0A45-4320-9820-1E4E183B8DDE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{370C008E-4440-435B-820B-06FF53818034}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85CCDA74-567A-4B69-8D6A-9D0369251378}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66188E8C-43CF-463E-90E6-FFCED9924667}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CDA06A9B-E618-47BB-BFFD-C01FD3BBAEE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{13AA4776-3BD2-49A4-A792-D231AB905860}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{461F4B01-804B-4255-A683-46194F7C6F86}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C6D597B5-D5FB-4822-9A69-5143AFD0699D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{DFB31B15-FA28-49A3-A917-ADF8A308BA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{819135D9-6AEA-451A-A78B-93CD37FCD441}] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{DFB8FD01-060A-45FA-9AD7-F07823B7E8EA}] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{8EDEBEE6-FEA5-4D1C-9519-A7C6C3410957}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{4648A95E-EB07-4FC4-8C52-9B83749A9BC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{39982F30-208A-4AF9-BC58-740E3EBBB00C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{560B6E40-20D3-4EFC-B957-9F4F1A8D7825}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AD9DA93D-165A-4A24-BF2C-F2D7FEC99F8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{B3181F26-8EEF-4F2A-A842-63F3118686F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DD336240-7730-4CCC-B8A1-E7DD15115AF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{055A2EBE-89E6-4A73-8545-1E38E81348B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{42A04F18-6CB1-47AA-B3CC-E778232C673D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{8CAD6D97-8173-435A-8011-7430CB9A93D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{81DC9A5A-B406-4FB4-962C-17888DD8DEBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{440BFA44-32FD-4C04-A15E-BCE762837DF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{0F47EE47-1855-4416-8C6F-8105820F5C0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{92D42F62-22B7-4CEC-8C84-EFAD4A017714}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{6B5C016E-E825-437C-AFDD-FCCCE80AEBEE}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{8115A914-75FA-4869-A703-6F2B8DF16486}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{5EDA9B72-4683-4E8E-B42A-9428F80F1AD7}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{3C01F7DA-D05D-4F2A-ACC6-3A4698B478E5}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{A3F0537E-6530-4683-947B-0ED848E25CAA}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
FirewallRules: [{57D5D575-32FD-4882-B11B-ABCBBB366046}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
FirewallRules: [{6BF0F442-2716-4512-824F-A2A5BC720D0F}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{14270A4D-E395-4E9E-B4C8-04B9658F7CF6}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{AA5B2C44-698E-4FF0-B871-5AD1A1BB6357}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
FirewallRules: [{9869FC05-C75D-4371-A547-5F0C983D4202}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
FirewallRules: [{FAFE3989-5397-4F1F-B484-D82ABBD8A0CA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{3EF0F099-34CD-49EA-B82F-6AFA10334CE4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{211135A4-7F8E-44F2-BA8F-0ED510376E53}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{04156DC9-2F89-43AB-9F2E-70541BAE47ED}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{36ABB77B-652F-45DE-B2B2-268CA9923DC1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{2E2F06D2-F920-47F1-89D4-21E15414D17E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{6ECDC8FF-3820-4C38-AFD6-7532A9053A2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{13C38FC3-9F3E-47AD-90B0-5C958BAF0705}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{A257BFA1-E5A7-4353-ACA3-67445F3A85A7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{CD6F721F-C030-4E40-9FDA-53F1F0ABCFC5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6D075C51-1103-4B44-972C-E91A41A1C8BC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{6C6BED3F-5139-4995-A4DA-544EDB01E3C0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{B46D9D45-0BC1-41D5-B120-CFB7947FD44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{055A2A29-B5B4-4469-9B06-4897285CBBE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69FEC7E7-B6F8-4F42-80AE-80D5E109408A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A38779D2-AD1B-42C7-BDFE-8AAA94F58B7C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{78909037-1F95-4EE0-89C4-A62F789E8234}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
FirewallRules: [{C266CBA7-B7CE-4A07-BD10-161664968313}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
FirewallRules: [{3A41E08D-E69A-4D6F-A437-C8866A83F216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2728CA3F-E4F8-4352-A312-5F3A6F9A8426}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{AF001E51-EAE2-4BAF-8EDA-26EAE7B48978}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{CC9554F4-80D1-486B-93D5-9475C68915BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{284BC23D-8B4E-46D0-920B-0912B331CC83}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{6E3BBAF4-F534-47F1-87DB-4FF6DC79CF25}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{C1BEBF47-6871-4CA7-BFFB-A325D3A8881F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [{94321FB5-81BF-49FC-A640-69D3A8E70089}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
FirewallRules: [{7A2EAAE8-6910-4E87-A776-492A910E879A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{E078DF36-870D-4A05-8445-66208AE2406D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{7B9CB91D-88D9-4CB7-AEAF-0BCFD878ACBC}] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
FirewallRules: [{826A23B5-7553-44EE-91C9-B960B7DD4101}] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
FirewallRules: [{1DC83114-A48C-499F-A930-9E2560AE7109}] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{97C5051F-9A53-40BD-9879-362B80B401E9}] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{B6F8781F-6937-4B5A-B2EA-6CC3BD49B83D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1D3C3A9B-8C2A-4471-A717-49A97050E2DB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C2B38F49-35BB-401B-8F02-CE48CD4C2215}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{04AD6843-A102-4223-8407-58B0094A4488}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{81B7F71D-E0D6-4D7F-98E5-E2397E588F5B}] => (Allow) LPort=1900
FirewallRules: [{416BA6AB-9560-4CD3-8F36-A29075F3ECE3}] => (Allow) LPort=1900
FirewallRules: [{C6C3E389-B397-4B1F-87FD-3E8FC695DA60}] => (Allow) LPort=2869
FirewallRules: [{C4D0C9E3-6F2F-49A2-9AD5-9E5B7D79ED70}] => (Allow) LPort=2869
FirewallRules: [{7FD37F5A-E976-49C9-800A-A5CF1DAE53D8}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{81FE6317-3441-4B3B-A656-93B4602D6C15}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{7DA40EF6-1C02-4751-AFB4-5E597FB4AB0A}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{6C7066DF-913C-42F0-8FE2-4F367013D451}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
FirewallRules: [{81CA386A-895F-47E1-91ED-FAB7616F75F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3081CAAE-B1B3-4C3A-A6DF-D9311D629C91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D2A22E5-2FD6-440A-8854-53F162B20555}] => (Allow) C:\Users\Owner\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{0CC0393C-C2CF-4CC1-A2EC-9CC8399FC1CD}] => (Allow) C:\Users\Owner\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{8478A81A-3DE9-4529-9677-03424A64CF3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{C3C9D809-A416-40F9-A509-324CD8756F56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{049A6A8D-7236-44FE-93F7-7A4B13D16383}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D546FC3-5DD5-4D6B-B6DA-CB750CC4B79E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{655A401C-7A9D-44E7-BAD8-90C93ACC78F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08D78459-3445-449A-9DFD-68163C7B3BF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51CB2D73-BB44-4A8F-AEEB-0DB10727CCB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [{277EA691-C7B2-4019-890B-D4EAA5343A7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [{83579DC1-5E72-474F-AF7B-915A3F8DE4F3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A1D962C4-4682-4683-8B75-39C8CDDB1599}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8254B3E2-6280-47A6-B2BD-94D09BFB32E9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{4DDFB3C6-FC6D-4DF6-A297-EA4AA5BD50E0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{1AFB2F0F-AD2B-4F45-9721-960B014D1625}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{594C1553-336D-47CC-A3E0-42AC7CBE2137}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9A9BF29B-94D0-45EE-92C0-2C07EE608D68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{B33A0E3C-F804-431C-9A23-1983A1520B0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CFAA0C1E-F229-46F4-8B6E-35D5D95FEDE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{3F2B2BB1-E293-4D9D-A585-C4C0193B2F46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{DA47F99C-363B-412D-94B0-4279B41DE5CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B1B08F64-C8F0-4989-9FB2-BF166BBA5A5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{E27E7772-7538-455C-B563-496B7E1287D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99618F47-D703-4983-ABF8-DE2970CC00B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24BFB17B-CE41-446F-AB0A-F10C16389D62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92C90FB4-5D85-40DA-97CD-C0AA2C243E46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71263DF2-428A-477A-A07B-7FA4292C46CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
FirewallRules: [{DE0D0FB7-78E2-4042-9BFA-D48685976555}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
FirewallRules: [{8CCF89AB-42E9-49B7-84E6-E907CF67B316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{4821772B-00C3-4EC0-AA81-AD0161DADC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{FE8D9558-B4F2-461B-8583-B5C185526C5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{A291DB22-CDF8-4F73-B7FD-7ECD03BC647A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{2E66E617-AE79-4224-82AA-4C39D534BAF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
FirewallRules: [{CB257B5D-1E03-4E18-A8A5-704D9D36F488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
FirewallRules: [TCP Query User{D7F5A69B-0437-4C2F-8366-7CF977B76B5D}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A752413F-53E8-457E-A4E7-F26D1B1004D3}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [{67B8D69A-15C8-4C95-A3E4-47D4453603CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{2028AAE2-039A-4BAF-8180-93199AE9A978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{7D2C2EA2-A988-49E3-9007-42AB42F24A6C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{51E98D69-C460-4D55-AC69-30794B1B9E5C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{A0E6D530-4580-47D7-9909-7BCEE4FDF7CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{D7B931FC-8F11-4ABB-98E7-9A311773A14F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{6268A89B-670E-4461-B71A-0C822456B644}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A7D11F67-D818-4CEE-A807-3B02065AF9F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{D614E900-CB85-46BA-9BFB-CD4CBF5B1F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{AC254A11-2009-4284-AACA-B644F98398B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{43BCDBBE-5E2E-4F37-972C-14114180DC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Restore Points =========================
08-06-2017 03:24:02 Scheduled Checkpoint
16-06-2017 15:05:22 Scheduled Checkpoint
18-06-2017 13:22:45 Installed OpenOffice 4.1.3
26-06-2017 06:52:28 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/25/2017 04:43:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.
Error: (06/25/2017 04:34:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.
Error: (06/18/2017 02:01:56 PM) (Source: MsiInstaller) (EventID: 11409) (User: 7360BE7)
Description: Product: FMW 1 -- Error 1409. Could not read security information for key System\CurrentControlSet\Services\avgsvc\Common. System error 1018. Verify that you have sufficient access to that key, or contact your support personnel.
Error: (06/18/2017 01:23:56 PM) (Source: MsiInstaller) (EventID: 1013) (User: 7360BE7)
Description: Product: OpenOffice 4.1.3 -- Please exit OpenOffice 4.1.3 and the OpenOffice 4.1.3 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice 4.1.3 open.
Error: (06/15/2017 12:54:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 7360BE7)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/15/2017 12:54:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: 7360BE7)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
Error: (06/15/2017 12:54:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 7360BE7)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/15/2017 12:54:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: 7360BE7)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.
Error: (06/09/2017 01:42:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: fc4
Start Time: 01d2dc1246c43795
Termination Time: 4294967295
Application Path: C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
Report Id: be475666-4d4b-11e7-bf36-082e5f79e668
Faulting package full name:
Faulting package-relative application ID:
Error: (06/04/2017 01:51:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 58.0.3029.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1550
Start Time: 01d2dc9cdb8e50f5
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 339adda2-495f-11e7-bf36-082e5f79e668
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/25/2017 04:36:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/25/2017 04:36:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
Error: (06/25/2017 04:35:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
Error: (06/25/2017 04:35:30 AM) (Source: DCOM) (EventID: 10005) (User: 7360BE7)
Description: DCOM got error "1053" attempting to start the service hpqwmiex with arguments "Unavailable" in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}
Error: (06/25/2017 04:35:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (06/25/2017 04:35:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
Error: (06/25/2017 04:33:45 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a29\??\C:\Users\Owner\NtUser.Dat
Error: (06/25/2017 04:33:15 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (06/25/2017 04:33:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:32:01 AM on 6/25/2017 was unexpected.
Error: (06/16/2017 01:13:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:04:47 PM on 6/16/2017 was unexpected.
==================== Memory info ===========================
Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 5594.25 MB
Available physical RAM: 2896.89 MB
Total Virtual: 7066.25 MB
Available Virtual: 3435.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:569.34 GB) (Free:196.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.06 GB) (Free:3.09 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt ============================
Start FRST (Please double-click on FRST/FRST64) with Administrator privileges
Right click on the highlighted text below and select Copy.Start:: and finishing with End::]
Start::
EndProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
C:\Users\Owner\AppData\Local\Spoon
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb
HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION
EmptyTemp:
Hosts:
End::
**
Now click on the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i.imgur.com/h3qKPnn.png Malwarebytes AdwCleaner
Please download Malwarebytes AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click [img=http://i.imgur.com/MqHawIb.png] [b]Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.
[b]-- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Zemana AntiMalware Free
download it from here (https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe):
Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.
You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan
When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
Zemana AntiMalware will now start to remove all the malicious programs from your computer.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
open Zemana AntiMalware again and locate the latest report
please paste the contents into your reply
When the process is complete, you can close Zemana AntiMalware.
~~~~
Please post these 3 logs when finished.
Here are the logs. If it's ok i included an attachment which is a screenshot. not sure if it's a big issue but Spoon-Console.exe still shows as something I can "customize" into my toolbar/notification area. I still don't know what it is and if it's completely gone. The other thing I mentioned in my first post was Turbo.net Launcher but i typod it. if search for that, it still shows something in my search but i dont know what that means. if i search for "spoon", nothing for spoon-console shows up.
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Owner (27-06-2017 16:58:44) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
EndProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
C:\Users\Owner\AppData\Local\Spoon
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb
HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION
EmptyTemp:
Hosts:
*****************
EndProcesses: => Error: No automatic fix found for this entry.
Restore point was successfully created.
C:\Program Files (x86)\Popcorn Time\Updater.exe => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"_C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe => not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66F8021A-0B2E-4DE4-B753-12504A711C26} => key removed successfully
HKLM\Software\Classes\CLSID\{66F8021A-0B2E-4DE4-B753-12504A711C26} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33 => key removed successfully
C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll => not found.
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\MozillaPlugins\@turbo.net/Turbo.net Plugin 3.33 => key removed successfully
C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll => not found.
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo => key removed successfully
Update service => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Update service => key removed successfully
Update service => service removed successfully
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net => moved successfully
C:\Users\Owner\AppData\Local\Spoon => moved successfully
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe => moved successfully
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk => Shortcut argument removed successfully.
HKLM\Software\Classes\regfile\DefaultIcon\\Default => value restored successfully
HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12437159 B
Java, Flash, Steam htmlcache => 128409809 B
Windows/system/drivers => 32443722 B
Edge => 0 B
Chrome => 705724794 B
Firefox => 483469028 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 745052 B
NetworkService => 449856 B
Owner => 704767214 B
RecycleBin => 83962485 B
EmptyTemp: => 2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:02:20 ====
# AdwCleaner v6.047 - Logfile created 27/06/2017 at 17:38:42
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-26.1 [Server]
# Operating System : Windows 8 (X64)
# Username : Owner - 7360BE7
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\VideoDownloaderUltimateWinApp
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp
***** [ Files ] *****
[-] File deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File deleted: C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Link64
[#] Key deleted on reboot: HKCU\Software\Link64
[-] Key deleted: HKLM\SOFTWARE\SPPDCOM
[#] Key deleted on reboot: [x64] HKCU\Software\Link64
[-] Value deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
[-] Value deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VideoDownloaderUltimate]
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
***** [ Web browsers ] *****
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: blmchfpimpbbdmgpcieclabeafkljbhm
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2391 Bytes] - [27/06/2017 17:38:42]
C:\AdwCleaner\AdwCleaner[R0].txt - [1995 Bytes] - [05/06/2014 11:54:54]
C:\AdwCleaner\AdwCleaner[R1].txt - [343 Bytes] - [07/06/2014 20:03:14]
C:\AdwCleaner\AdwCleaner[R2].txt - [1896 Bytes] - [09/06/2014 06:49:07]
C:\AdwCleaner\AdwCleaner[R3].txt - [1956 Bytes] - [09/06/2014 06:56:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [2035 Bytes] - [09/06/2014 06:58:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [4214 Bytes] - [05/05/2017 00:07:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [3200 Bytes] - [27/06/2017 17:34:48]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2974 Bytes] ##########
Zemana AntiMalware 2.74.2.76 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/6/27
Operating System : Windows 8 64-bit
Processor : 4X AMD A8-4500M APU with Radeon(tm) HD Graphics
BIOS Mode : UEFI
CUID : 12C37476182734E3238EC6
Scan Type : System Scan
Duration : 63m 51s
Scanned Objects : 255607
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Chrome Startup Url
Status : Scanned
Object : https://cdn.discordapp.com/attachments/166346126662828033/288502705272389633/20170306_214618.jpg
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Report as safe
Related Objects :
Browser Setting - Chrome Startup Url
Chrome Startup Url
Status : Scanned
Object : http://www.rprepository.com/c/tenebris
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Report as safe
Related Objects :
Browser Setting - Chrome Startup Url
Chrome Homepage
Status : Scanned
Object : http://www.rprepository.com/c/tenebris
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Report as safe
Related Objects :
Browser Setting - Chrome Homepage
avastbclrestarts-1-5-21-4167589968-2693423342-2315446607-1002
Status : Scanned
Object : NE->c:\windows\system32\tasks\avastbclrestarts-1-5-21-4167589968-2693423342-2315446607-1002
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
{57fda626-3d95-4c08-af4d-1e7efc5940e5}
Status : Scanned
Object : NE->c:\windows\system32\tasks\{57fda626-3d95-4c08-af4d-1e7efc5940e5}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
{65cdd781-04ab-4759-abb9-386f0839f92d}
Status : Scanned
Object : NE->c:\windows\system32\tasks\{65cdd781-04ab-4759-abb9-386f0839f92d}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
{85046818-0b6b-4667-b629-ceadb65d16d5}
Status : Scanned
Object : NE->c:\windows\system32\tasks\{85046818-0b6b-4667-b629-ceadb65d16d5}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 3
Failed : 0
https://en.wikipedia.org/wiki/Turbo_(software)
Spoon.net runs applications in isolated 'sandboxes,
Spoon is often used by professionals who work from multiple desktops
Spoon.net Sandbox Manager 3.33 by Code Systems Corporation
**
It's not a malicious application. I need to do a search for all files/folders related so they can be removed.
Start FRST and type the following text in the Search box
Spoon-Console.exe;Spoon.net Console
Click the Search Files button.
When finished, a log file (Search.txt) will open and is saved where FRST was run from, on the Desktop.
Please post that log in your next reply.
Also, how is the computer?
Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Owner (28-06-2017 22:37:52)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
================== Search Files: "Spoon-Console.exe;Spoon.net Console" =============
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
[2014-03-31 10:29][2014-03-31 10:23] 11503760 _____ (Code Systems Corporation) EE8226C3B04A36713077D84861D29A6E [File is digitally signed]
====== End of Search ======
I had just never noticed the thing before. As far as how the computer is running, it seems to be running well? Aside from other issues that a scan can't fix, like a dying fan and a broken hinge. i know that google chrome has an issue where it'll tell me that "google is unresponsive. relaunch now?" even though it'll be working fine. i tend to get that when im clicking on links talking to a friend in discord. they are links i trust. she does art and will post me links to updates and this is when i receive this stupid notice. sometimes i get it while clicking twitch stream links or music video links. but thats an issue with chrome thats not just isolated to this machine.
is there any way that you can tell me what the turbo.net launcher was? it really freaked me out when it showed up out of nowhere.
I had just never noticed the thing before. As far as how the computer is running, it seems to be running well? Aside from other issues that a scan can't fix, like a dying fan and a broken hinge. i know that google chrome has an issue where it'll tell me that "google is unresponsive. relaunch now?" even though it'll be working fine. i tend to get that when im clicking on links talking to a friend in discord. they are links i trust. she does art and will post me links to updates and this is when i receive this stupid notice. sometimes i get it while clicking twitch stream links or music video links. but thats an issue with chrome thats not just isolated to this machine.
is there any way that you can tell me what the turbo.net launcher was? it really freaked me out when it showed up out of nowhere.
Fans and hinges I can't fix.
**
Now the issues with Chrome, seems this is an ongoing thing that doesn't appear to have a solid fix.
Some say the Chrome error is from to many chrome processes open at one time.
If you open task manager and end task on all chrome.exe's in theory.
Right click on the google chrome icon and select run as administrator
https://stackoverflow.com/questions/31706009/google-chrome-is-unresponsive-relaunch-now
**
Website, turbo.net. Turbo (formerly Spoon and Xenocode) is a set of software products
https://en.wikipedia.org/wiki/Turbo_(software)
http://windowsitpro.com/windows/review-spoonnet
http://www.shouldiremoveit.com/Spoon-net-Sandbox-Manager-99991-program.aspx
former owner, Downloads ==> 2014-03-31 10:29
might want to locate this in the downloads folder to see if you can delete it out from there, since I'm not finding the uninstall string.
Start FRST (Please double-click on FRST/FRST64) with Administrator privileges
Right click on the text below and select Copy.
Start::
EndProcesses:
CreateRestorePoint:
C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe
C:\Program Files\Spoon
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
Emptytemp:
End::
Press the [b]Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
i'm aware that you can't fix fans or hinges? but you did ask how the machine was running so i was just rambling. the google chrome thing, i kind of read that it was a bit of a weird glitch. the thing is, i only had one other tab open at the time with this recent episode with it.
i have one other question and im sorry if it's not something you can answer or "fix". there are 18 different things for Microsoft Visual C++ listed in my programs/features list in control panel. i've read that this is a massive amount and they are not all needed. however, since i believe they are something needed to run the OS or such, i do need them. i just dont think they are all necessary and i am not that computer literate to go around and start uninstalling or removing versions. id probably break something. http://i.imgur.com/DOx9QY4.png
i did not find the "former owner, Downloads ==> 2014-03-31 10:29" that you told me to. i searched for the specific date as well in the downloads and still nothing. if it was something that was installed back then, why did it just randomly decide to show the icon? when it happened i talked to the former owner and she claims she had no idea and had never seen it before either when i showed her a screenshot of the icon.
anyway thank you for your help so far its greatly appreciated. i like this site and its very helpful.
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Owner (29-06-2017 22:45:07) Run:4
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
EndProcesses:
CreateRestorePoint:
C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe
C:\Program Files\Spoon
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
Emptytemp:
*****************
EndProcesses: => Error: No automatic fix found for this entry.
Restore point was successfully created.
"C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe" => not found.
"C:\Program Files\Spoon" => not found.
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4402595 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 60411 B
Edge => 0 B
Chrome => 871433211 B
Firefox => 18781667 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14276 B
NetworkService => 0 B
Owner => 13746791 B
RecycleBin => 43032 B
EmptyTemp: => 874.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:46:25 ====
i have one other question and im sorry if it's not something you can answer or "fix". there are 18 different things for Microsoft Visual C++ listed
It is something Microsoft placed on the computer. I tried to read over a couple of articles to see if I could understand just what it all applies to and to tell the truth it is over my head. I'm afraid if I try to explain it, what they try to assist with, I would be incorrect.
But, in the end it seems that all comments were to leave it alone.
**
i talked to the former owner and she claims she had no idea and had never seen it before either when i showed her a screenshot of the icon.
It could had come in pre-installed, or bundled with a different application.
I don't know.
Is it still present?
The machine run well, besides having that Turbo app.?
yeah it's running good. the issues may not have even been from turbo or the spoon thing, i just assumed they were because they showed up after the bsod and such. i live in a house with other people, but we all keep to ourselves. if im not here this and my other main computer are always locked and i dont share passwords. im hoping someone didnt somehow hack into it and try to put something on it, i just dont know. i would hope they werent those kinds of people, they seem cool.
i tried reading about the c++ things. it was beyond me. i read somewhere that i could just uninstall the past versions or the ones not in use. but, i have no idea which exactly are past ones other than the date listed and which are and are not still in use so, ill just leave them be. just odd that there are so many of them.
anyway, thank you for your help and if i have any other issues can i come back or is this a one time help thing?
yeah it's running good. the issues may not have even been from turbo or the spoon thing, i just assumed they were because they showed up after the bsod and such. i live in a house with other people, but we all keep to ourselves. if im not here this and my other main computer are always locked and i dont share passwords. im hoping someone didnt somehow hack into it and try to put something on it, i just dont know. i would hope they werent those kinds of people, they seem cool.
i tried reading about the c++ things. it was beyond me. i read somewhere that i could just uninstall the past versions or the ones not in use. but, i have no idea which exactly are past ones other than the date listed and which are and are not still in use so, ill just leave them be. just odd that there are so many of them.
anyway, thank you for your help and if i have any other issues can i come back or is this a one time help thing?
Glad it's running better.
A couple of things came to mind about downloads.
check temp files for last urls used
http://www.thewindowsclub.com/temporary-internet-files-folder-location
Managing the Internet Cache
check your downloads folder. From here you can see what was downloaded last, and other useful info.
If your computer is password protected thats your first line of good defense. If your computers are turned off while your not using them, if I'm correct, nothing can come in or go out.
10 ways to protect against hackers
https://blog.malwarebytes.com/101/2015/10/10-ways-to-protect-against-hackers/
~~
We hope you don't run into problems in the future but, if it does we understand.
If it's malware related we will help and this is not a one time thing....
**
Let's remove tools and quarantine folders.
DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
************************************
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
before i do the last bit, i think i made a mistake. i was playing a steam game earlier and accidentally deleted my game. i was reading online how i could maybe go about recovering the save file. it'd been suggested to attempt a system restore. so, i did a system restore. it restored this machine to the 29th of june a bit after 10:30 pm...and I can't recall what fixes or cleaning we did that might have been affected. i know i shouldnt have done, but i wasnt thinking and wanted my save file back. sadly, the restore didnt bring it back either so it was pointless but...now the computer is lagging some and i am not sure why.
no idea why it would be lagging, could be updates related to antivirus or windows or some other apps on the machine.
Open Malwarebytes Anti-Malware
On the Dashboard click on Update Now
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
Then click on POST
Exit Malwarebytes
So something weird happened when I was trying to do this step. malwarebytes was on the desktop at one point in time, but i couldn't find the shortcut/icon so i went to search for it. i found it fine, and when i went to open it, it acted like it opened but nothing showed up. i went to my task manager to see what was going on. apparently in my task manager it was running, but there was nothing showing as far as the program goes. i did this a few times with the same result. i went to uninstall it to reinstall it thinking that would fix it, and i got some error that the .dat file could not be found? i included screenshots of all of this. it was weird. so i just went to the mwb website and redownloaded it. while it was installing, that same uninstall error came up (the one in the screenshot attached) but it reinstalled just fine? it was strange. i dont remember removing the program from the machine.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/2/17
Scan Time: 9:18 PM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2280
License: Trial
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: 7360BE7\Owner
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363667
Threats Detected: 35
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 19 min, 12 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 3
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr, No Action By User, [5571], [244209],1.0.2280
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, No Action By User, [2296], [253643],1.0.2280
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, No Action By User, [2296], [253644],1.0.2280
Registry Value: 8
PUP.Optional.Groovorio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, No Action By User, [12336], [238916],1.0.2280
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [5571], [244209],1.0.2280
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [5571], [244208],1.0.2280
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [5571], [244208],1.0.2280
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [5571], [244208],1.0.2280
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, No Action By User, [5571], [244208],1.0.2280
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [2296], [-1],0.0.0
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, [2296], [-1],0.0.0
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZY6CT8PM.DEFAULT-1408609993675\NSPDLGRVRIO, No Action By User, [12336], [177519],1.0.2280
File: 22
PUP.Optional.Spigot, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8VZLBXQ.DEFAULT\PREFS.JS, No Action By User, [669], [301667],1.0.2280
PUP.Optional.Groovorio, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8VZLBXQ.DEFAULT\PREFS.JS, No Action By User, [12336], [303136],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\00feb9f2abfd1abacab0292e418401b1, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\0920e41053b90fe3421d9ad43de83d55, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\0d9ed45691e3498827b0068294a216bd, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\1890567c4cd95516e278d5645028ec05, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\3476b288e6d957058f8532b66524d8fb, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\54ad8eeb67aa132c7d22ba3ef0708589, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\6159fe41cd9a9896238469bbd92d80f2, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\6a64e2ef7c7beb0bad6b0c3fa0538b7e, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\7e43b451715caf8b3011e99ce7562bfb, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\8ecba8f64c4f1ef3378cc86087b16d20, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\a26a6b96a7c0d4649fa284f4449bb379, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\b0a0c1eb6b43f112ab1c602844ac6b1f, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\c1ce54b43977bd2375d18771135bee4c, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\e0203a02e8f7e79846c9b2759ee68e49, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav_thumbs\f4bcef45ff381dec64d71729a7dcc9a1, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\fav-groups, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\favs##25da263315d8d5d72d63fb230b8f4523, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\nspdlgrvrio\redirects, No Action By User, [12336], [177519],1.0.2280
PUP.Optional.Groovorio, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8VZLBXQ.DEFAULT\SEARCHPLUGINS\GROOVORIO.XML, No Action By User, [12336], [238904],1.0.2280
PUP.Optional.Spigot, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H8VZLBXQ.DEFAULT\SEARCHPLUGINS\YAHOO_FF.XML, No Action By User, [669], [243427],1.0.2280
Physical Sector: 0
(No malicious items detected)
(end)
Don't know what went after the uninstall string for the tool, did you run the Delfix tool?, and I think you did very well to get it re-downloaded.
Computers are a strange thing....
It seemed to show that it was running in task manager?, in one of the pictures.
I leave my task manager open all the while I'm on my computer, if your trying to use a tool, always check there first to see if it loaded, if it did and not working end task on it first.
Let me supply you with a couple of links they suggest a MBAM removal tool to help with the installation of it again.
https://forums.malwarebytes.com/topic/122284-mbam-clean-removal-process/
https://support.malwarebytes.com/customer/portal/articles/1835311-how-do-i-uninstall-malwarebytes-anti-malware-?b_id=6438
****
The computer still acting up?
Not really acting up no. im also a little confused, am i supposed to uninstall/remove malwarebytes now or?
Not really acting up no. im also a little confused, am i supposed to uninstall/remove malwarebytes now or?
post #15 you spoke of issues MBAM was having but that it finally reinstalled.
I was providing a link of a removal tool to use in case you still had the problem.
I would keep malwarebytes, update and scan with it often.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply
===============
Click Scan at the top
Click On scan completion
Im sorry my response took so long. work and all. im having issues completeing this request as i cannot find one of the steps you suggest. there is nothing that says "on scan completion" or "scan completion". there is only "online scan" "malware scan" "custom scan" "scanner settings" and "manage exclusions"
there's been a few times in your directions in past posts where youre directions werent entirely thorough and clean, but i could still figure it out. this time im a bit lost in the left field. i would assume i just use one of the scan options, but, i dont want to select the wrong one and post the logs and have to do it all over again
I'm sorry, I didn't stay on top of it being changed slightly.
After you have downloaded
After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop and post the contents in your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
ok im just confused. i dont know what to do or if i should do anything if the steps you stated didnt happen like that. at the end of the scan, the only thing that popped up was something asking if my previous virus protector let me down, whatever the thing was i just x'd out of it. nothing popped up before the scan asking if i wanted to scan for potentially unwanted programs so...i dont get what im doing wrong or if im missing another step or what.
other than what i just stated (the thing that asked if my previous virus protector let me down, im sure it was some form of advert for eek) nothing else popped up and this is the only thing that shows after the scan
http://i.imgur.com/qA9wUXh.png
i appreciate the help but im getting somewhat frustrated at the fact that i dont know what to do here. im being directed to do things i cant or steps that arent there to follow? i know you said it only pops up if it finds something but
1) never asked me to scan potentially unwated programs
2) in the event it doesnt find anything..what should i have done??? that was never stated
3) from the screenshot it appears to have found something? one thing i guess, so, why didnt the other steps you told me to follow appear? or is the ability to do so there but the directions not correct?
im sorry im just really really confused right now
I'm sorry your frustrated I'll assure it's not intentional.
If that window is still open click on the quarantine tab and see if it will take care of it. Then see if it will allow you to click and open the Quarantine log, it doesn't show what it found. (Maybe copy and paste that log for me to view?
Very possible it's minor.
Is the computer any better?
You might want to try this version
ESET Online Scanner using Internet Explorer:
Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here (http://support.eset.com/kb2921/).
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here (http://www.bleepingcomputer.com/forums/topic114351.html).
Download esetsmartinstaller_enu.exe (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save it to your Desktop.
Double click the icon.
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Then select: "Enable detection of potentially unwanted applications" - Yes.
Click Advanced settings.
Check the following items.
Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click Change next to Current scan targets:
Place a check mark in any additional drive you wish to scan then click OK.
Click Start.
ESET will then download updates and begin scanning your computer.
If no threats are found simply click Uninstall application on close and hit Finish.
If threats are found click List of found threats.
Click Export to text file.
Save the file on your Desktop as ESET.txt.
Click Back.
Check Uninstall application on close and Delete quarantined files.
Click Finish.
Close the ESET Online Scanner window.
Copy and paste the contents of ESET.txt into your reply, if any threats were detected.
Don't forget to re-enable your antivirus when finished!
.
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.