Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: A number of odd issues

  1. #1
    Junior Member
    Join Date
    Jun 2017
    Posts
    11

    Default A number of odd issues

    I have very recently gained possession of this machine. Technically it's shared between myself and the former owner, however, she has a new one so rarely uses this one. It's having issues and doing weird things. She is the one who advised me to come here and get it checked out. I do know that the other day while watching hulu, I received a BSOD with wdf_violation error and the machine had to restart. I looked up said error on my phone while waiting for the reboot and it stated it's usually revolving around itunes and such. i dont think this machine has itunes on it and i dont personally use it myself or even have an iphone or ipad/ipod (android for life!). when the machine restarted, i noticed a brand new icon on my task bar by the name of Turno.net Launcher. I also noticed a spoon-console.exe thing in my task manager. I had no idea where they came from and though the internet claimed spoon-console.exe as "safe", it also listed it as a key logger/mouse tracker thing which made me super uncomfortable so i went to my programs and uninstalled. it worried me greatly though.

    Had to attach Addition.txt as a zip because it was too big otherwise? if that is wrong im sorry

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
    Ran by Owner (administrator) on 7360BE7 (26-06-2017 20:54:44)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 8 (X64) Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
    () C:\Windows\System32\valWBFPolicyService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    (Flux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
    () C:\Users\Owner\Downloads\MonitorES.exe
    (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
    (Octoshape ApS) C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    (Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (ALCPU) C:\Program Files\Core Temp\Core Temp.exe
    (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
    (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
    (Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
    (Hammer & Chisel, Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\furc_on.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
    HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [MonitorES] => C:\Users\Owner\Downloads\MonitorES.exe [32768 2010-09-16] ()
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {8ae1db9c-54db-11e4-be96-082e5f79e668} - "G:\ToolLauncher-Bootstrap.exe"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b03b2a49-3f65-11e5-bed8-082e5f79e668} - "E:\CMADownloader.exe"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b4418b01-b416-11e3-be74-082e5f79e668} - "F:\autorun.exe"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {f67dbadf-862b-11e6-bf07-082e5f79e668} - "G:\VerizonWirelessUpgradeAssistantSetup.exe" -a
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
    AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
    SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2015-10-08]
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-12-07]
    ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2017-06-25]
    ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{46A9D7A3-BA03-426C-BC76-F9A4C3EB1832}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{E3015422-23A8-485B-81DA-8FE3412980B8}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-10] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-10] (Oracle Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

    FireFox:
    ========
    FF DefaultProfile: zy6ct8pm.default-1408609993675
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 [2017-06-26]
    FF DefaultSearchUrl: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/search
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> Google
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> Google
    FF Homepage: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/
    FF Keyword.URL: Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675 -> hxxps://www.google.com/search
    FF Extension: (LavaFox V2-Blue) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\djziggy@gmail.com [2017-05-18]
    FF Extension: (Pin It button) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-05-08]
    FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-08]
    FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zy6ct8pm.default-1408609993675\searchplugins\google-avast.xml [2014-11-20]
    FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-07-11] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-10] (Oracle Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
    FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-07] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-04-22] (Octoshape ApS)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.rprepository.com/c/tenebris
    CHR StartupUrls: Default -> "hxxp://www.rprepository.com/c/tenebris","hxxps://cdn.discordapp.com/attachments/166346126662828033/288502705272389633/20170306_214618.jpg"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
    CHR Extension: (Flash Video Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-25]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (OpticRed Hubble1-1600 Theme) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmpcjpbnfggoobceakkkcojmnnhkehom [2016-06-18]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-25]
    CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-06-16]
    CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
    CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-06-01]
    CHR Extension: (Linkclump) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-06-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
    CHR Extension: (Senet Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcegikaljcfolenjkadbbaicbgjcpb [2015-05-13]
    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-18]
    CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
    S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
    S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-07-09] (CyberLink)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [234856 2016-01-04] (EasyAntiCheat Ltd)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2016-01-21] (GOG.com)
    S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-29] (Electronic Arts)
    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
    S3 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
    S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
    R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
    R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-07-18] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AIDA64Driver; C:\Users\Owner\Downloads\aida64extreme520\kerneld.x64 [34136 2015-03-23] ()
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-28] (Disc Soft Ltd)
    S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
    R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-07-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
    S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-04-23] ()
    R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43648 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-11] (Microsoft Corporation)
    R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
    R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
    R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
    S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
    R3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    S3 VBoxDrv; \??\C:\Program Files\Oracle\VirtualBox\VBoxDrv.sys [X]
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-26 20:54 - 2017-06-26 20:56 - 00026004 _____ C:\Users\Owner\Desktop\FRST.txt
    2017-06-26 20:53 - 2017-06-26 20:53 - 00013721 _____ C:\Users\Owner\Downloads\FRST.txt
    2017-06-26 20:52 - 2017-06-26 20:52 - 02441216 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2017-06-26 20:50 - 2017-06-26 20:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-7360BE7-Windows-8-(64-bit).dat
    2017-06-26 20:48 - 2017-06-26 20:48 - 00002239 _____ C:\Users\Owner\Desktop\Tweaking.com - Registry Backup.lnk
    2017-06-26 20:48 - 2017-06-26 20:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2017-06-26 20:46 - 2017-06-26 20:46 - 05766144 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
    2017-06-25 04:37 - 2017-06-25 04:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
    2017-06-25 04:32 - 2017-06-25 04:32 - 00280752 _____ C:\Windows\Minidump\062517-81089-01.dmp
    2017-06-25 04:31 - 2017-06-25 04:31 - 540046701 _____ C:\Windows\MEMORY.DMP
    2017-06-18 20:00 - 2017-06-18 20:00 - 02329859 _____ C:\Users\Owner\Downloads\SMAPI-1.14.1.zip
    2017-06-18 20:00 - 2017-06-18 20:00 - 00000000 ____D C:\Users\Owner\Downloads\SMAPI-1.14.1
    2017-06-18 15:18 - 2017-06-18 15:18 - 00000139 _____ C:\Users\Owner\Desktop\CAT CONTACT.txt
    2017-06-18 13:25 - 2017-06-18 13:25 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
    2017-06-18 13:20 - 2017-06-18 13:20 - 00000000 ____D C:\Users\Owner\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
    2017-06-18 13:18 - 2017-06-18 13:19 - 140742472 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
    2017-06-18 03:27 - 2017-06-18 03:27 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Owner\Downloads\AVG_Protection_Free_1606.exe
    2017-05-31 14:08 - 2017-05-31 14:08 - 06754944 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu (1).exe
    2017-05-29 13:17 - 2017-05-29 13:17 - 30931000 _____ (Open Media LLC ) C:\Users\Owner\Downloads\4kvideodownloader_4.2 (1).exe
    2017-05-29 13:15 - 2017-05-29 13:15 - 30931000 _____ (Open Media LLC ) C:\Users\Owner\Downloads\4kvideodownloader_4.2.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-26 20:53 - 2014-06-05 12:44 - 00000000 ____D C:\FRST
    2017-06-26 20:48 - 2014-12-01 02:33 - 00034815 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2017-06-26 20:47 - 2017-01-15 12:30 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
    2017-06-26 20:47 - 2014-03-21 21:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
    2017-06-26 11:57 - 2016-02-22 14:17 - 00003162 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
    2017-06-26 11:57 - 2016-02-22 14:17 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
    2017-06-26 11:57 - 2014-02-09 03:52 - 00000000 ____D C:\Users\Owner
    2017-06-26 10:25 - 2016-10-31 17:44 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-06-26 10:20 - 2014-07-03 08:34 - 00000000 ____D C:\Program Files\SoftEther VPN Client
    2017-06-25 22:06 - 2016-03-02 04:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\StardewValley
    2017-06-25 19:31 - 2014-02-09 03:59 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4167589968-2693423342-2315446607-1002
    2017-06-25 04:45 - 2016-01-23 13:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
    2017-06-25 04:43 - 2014-07-17 03:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Spoon
    2017-06-25 04:34 - 2014-02-09 03:52 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\AuthenTec
    2017-06-25 04:33 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-25 04:31 - 2016-01-20 15:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG
    2017-06-25 04:31 - 2016-01-20 15:19 - 00000000 ____D C:\ProgramData\Avg
    2017-06-25 04:31 - 2016-01-20 15:19 - 00000000 ____D C:\Program Files (x86)\AVG
    2017-06-25 04:30 - 2014-03-21 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-24 20:37 - 2014-03-21 18:12 - 00000000 ___RD C:\Users\Owner\Desktop\PHOENIX
    2017-06-24 18:54 - 2017-04-17 23:42 - 00000000 ____D C:\Users\Owner\Desktop\RP FILES
    2017-06-21 11:57 - 2016-04-09 23:45 - 00000000 ____D C:\Users\Owner\Desktop\altnamecheck
    2017-06-21 11:55 - 2014-03-21 19:21 - 00000000 ____D C:\Users\Owner\Documents\Furcadia
    2017-06-18 14:02 - 2016-01-20 15:18 - 00000000 ____D C:\Users\Owner\AppData\Local\AvgSetupLog
    2017-06-18 13:57 - 2014-06-13 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2017-06-18 13:27 - 2014-03-21 22:54 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
    2017-06-18 13:27 - 2014-03-21 22:54 - 00001112 _____ C:\Users\Public\Desktop\WinRAR.lnk
    2017-06-18 13:27 - 2014-03-21 22:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-06-18 13:27 - 2014-03-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-06-18 13:27 - 2014-03-21 22:53 - 00000000 ____D C:\Program Files\WinRAR
    2017-06-18 13:25 - 2017-03-09 00:51 - 00000000 ____D C:\Program Files (x86)\Minecraft
    2017-06-18 13:25 - 2014-03-21 15:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2017-06-18 13:24 - 2016-04-08 04:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IMVU
    2017-06-18 13:24 - 2016-03-24 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania
    2017-06-18 13:24 - 2016-01-19 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB
    2017-06-18 13:24 - 2014-11-21 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
    2017-06-18 13:24 - 2014-06-23 17:42 - 00000000 ____D C:\Windows\Minidump
    2017-06-18 13:24 - 2014-03-22 17:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net
    2017-06-18 13:24 - 2014-03-07 16:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqlog
    2017-06-18 13:24 - 2014-02-09 01:39 - 00000000 ____D C:\ProgramData\Temp
    2017-06-18 13:24 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\Sysprep
    2017-06-18 13:24 - 2012-07-25 23:37 - 00000000 ____D C:\Windows\Inf
    2017-06-18 13:07 - 2016-08-15 22:20 - 00001065 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alt Existance Checker.lnk
    2017-06-18 12:58 - 2016-01-20 15:18 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
    2017-06-18 02:06 - 2012-07-26 02:12 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-06-18 02:06 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2017-06-17 23:43 - 2014-03-21 17:51 - 00000000 ___RD C:\Users\Owner\Desktop\PHOENIX PICTURES
    2017-06-14 16:31 - 2017-02-01 01:21 - 00000992 _____ C:\Users\Owner\Desktop\Core Temp.lnk
    2017-06-10 19:24 - 2016-03-27 17:52 - 00000000 ____D C:\Users\Owner\Desktop\FURC CHARA STUFF
    2017-06-10 19:12 - 2015-05-06 20:13 - 00000000 ____D C:\Users\Owner\Desktop\FF CONVERT
    2017-06-04 14:25 - 2014-03-21 21:38 - 00000000 ___RD C:\Users\Owner\Desktop\VIDEO
    2017-06-02 21:16 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
    2017-06-02 20:33 - 2014-03-21 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-06-02 20:30 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\BBI
    2017-05-29 13:18 - 2015-08-09 03:04 - 00001264 _____ C:\Users\Owner\Desktop\4K Video Downloader.lnk
    2017-05-29 13:18 - 2015-08-09 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download

    ==================== Files in the root of some directories =======

    2014-11-20 01:51 - 2014-11-20 01:51 - 0000046 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2014-03-21 16:41 - 2017-04-10 18:40 - 0007605 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
    2014-10-17 16:33 - 2014-10-17 16:35 - 0000000 _____ () C:\Users\Owner\AppData\Local\{32E64994-79B7-45FD-9074-C147C167A2F4}

    Files to move or delete:
    ====================
    C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-06-19 04:15

    ==================== End of FRST.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-06-26 21:12:35
    -----------------------------
    21:12:35.107 OS Version: Windows x64 6.2.9200
    21:12:35.107 Number of processors: 4 586 0x1001
    21:12:35.108 ComputerName: 7360BE7 UserName: Owner
    21:12:36.309 Initialize success
    21:12:36.310 VM: initialized successfully
    21:12:36.312 VM: Amd CPU BiosDisabled
    21:14:37.094 AVAST engine defs: 17030301
    21:14:43.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000044
    21:14:43.728 Disk 0 Vendor: ST640LM001_HN-M640MBB 2AR10002 Size: 610480MB BusType: 11
    21:14:43.928 Disk 0 MBR read successfully
    21:14:43.933 Disk 0 MBR scan
    21:14:43.961 Disk 0 unknown MBR code
    21:14:43.964 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    21:14:44.653 Disk 0 scanning C:\Windows\system32\drivers
    21:15:06.544 Service scanning
    21:15:41.091 Modules scanning
    21:15:41.104 Disk 0 trace - called modules:
    21:15:41.148 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    21:15:41.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ff060]
    21:15:41.163 3 CLASSPNP.SYS[fffff8800153ce0a] -> nt!IofCallDriver -> [0xfffffa8006579b10]
    21:15:41.168 5 hpdskflt.sys[fffff88001d8b339] -> nt!IofCallDriver -> [0xfffffa8006384600]
    21:15:41.173 7 amd_xata.sys[fffff8800128d634] -> nt!IofCallDriver -> \Device\00000044[0xfffffa8006386060]
    21:15:42.258 AVAST engine scan C:\Windows
    21:15:44.920 AVAST engine scan C:\Windows\system32
    21:19:39.959 AVAST engine scan C:\Windows\system32\drivers
    21:19:58.640 AVAST engine scan C:\Users\Owner
    22:30:08.954 AVAST engine scan C:\ProgramData
    22:33:43.169 Disk 0 statistics 5471843/0/0 @ 0.63 MB/s
    22:33:43.170 Scan finished successfully
    22:40:07.576 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    22:40:07.580 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,297

    Default

    Hi and welcome

    If you can please, find/locate the Addition.txt and post it in your next reply.
    I can't open a zip file/folder, then we can continue.

    if you need to make multiple post that is OK too.
    Last edited by Juliet; 2017-06-27 at 13:27. Reason: typo
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Jun 2017
    Posts
    11

    Default

    Thank you Juliet for replying, sorry about the zip, figured it was the only way it would work. here is the addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
    Ran by Owner (26-06-2017 20:57:42)
    Running from C:\Users\Owner\Desktop
    Windows 8 (X64) (2014-02-09 09:51:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4167589968-2693423342-2315446607-500 - Administrator - Disabled)
    Guest (S-1-5-21-4167589968-2693423342-2315446607-501 - Limited - Disabled)
    Owner (S-1-5-21-4167589968-2693423342-2315446607-1002 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)
    4K YouTube to MP3 3.1 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.1.1.1707 - Open Media LLC)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
    AMD Catalyst Install Manager (HKLM\...\{74734DC8-A8FD-6240-5517-DE4C8B14C341}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
    Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
    Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
    Battle for Wesnoth 1.12.1 (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Battle for Wesnoth 1.12.1) (Version: 1.12.1 - )
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
    Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation)
    CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Discord (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Eternal Card Game (HKLM\...\Steam App 531640) (Version: - Dire Wolf Digital)
    Evoland (HKLM\...\Steam App 233470) (Version: - Shiro Games)
    f.lux (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Flux) (Version: - )
    FATE (HKLM-x32\...\WT015792) (Version: WT015792 - WildTangent)
    FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
    Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Hand of Fate (HKLM\...\Steam App 266510) (Version: - Defiant Development)
    Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version: - Defiant Development)
    Hero of the Kingdom (HKLM\...\Steam App 259550) (Version: - Lonely Troops)
    Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.7.22.13 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
    IconPackager (HKLM-x32\...\IconPackager) (Version: - Stardock Corporation)
    IconPackager (x32 Version: 5.00 - Stardock Corporation) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
    IMVU Avatar Chat Software (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\IMVU Avatar chat client software BETA) (Version: - )
    Infinite HD™ App (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
    IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
    mscomctl 6.1.97.86 (HKLM-x32\...\mscomctl 6.1.97.86_is1) (Version: 6.1.97.86 - Microsoft Visual Basic Controls)
    msstdfmt 6.1.97.82 (HKLM-x32\...\msstdfmt 6.1.97.82_is1) (Version: 6.1.97.82 - Microsoft Visual Basic Controls)
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
    PatchFusion (HKLM-x32\...\{36B685BD-AC67-4EFE-9EFF-EB004CD6297D}_is1) (Version: 2.6.4 - Mercenary Enclave Productions)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    Pixelmon Launcher (Beta) (HKLM-x32\...\Pixelmon Launcher (Beta) 2.1.7) (Version: 2.1.7 - Ikara Software Limited)
    Pixelmon Launcher (Beta) (x32 Version: 2.1.7 - Ikara Software Limited) Hidden
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
    PSPPro64 (Version: 16.0.0.113 - Corel Corporation) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
    Saints Row IV (HKLM\...\Steam App 206420) (Version: - Deep Silver Volition)
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
    Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
    Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
    Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.0.84 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
    SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.3 - Prolific Publishing, Inc.)
    Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
    Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.17 - Firaxis Games)
    Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
    Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
    Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
    Sid Meier's Pirates! (HKLM\...\Steam App 3920) (Version: - Firaxis Games)
    Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis Games)
    Skyperious 3.2 (HKLM-x32\...\Skyperious) (Version: 3.2 - Erki Suurjaak)
    SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
    Stardew Valley (HKLM-x32\...\Steam App 413150) (Version: - ConcernedApe)
    Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.56 - Stardock Software, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Stranded Deep (HKLM\...\Steam App 313120) (Version: - Beam Team Games)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
    Talisman: Digital Edition (HKLM\...\Steam App 247000) (Version: - Nomad Games)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    TeamSpeak 3 Client (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
    The Book of Legends (HKLM-x32\...\Steam App 277470) (Version: - Aldorlea Games)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
    The Sims(tm) Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.14.49.1020 - Electronic Arts Inc.)
    Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games)
    Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    Validity WBF DDK (HKLM\...\{3820B6F2-2F6B-4237-9EE9-F0AC9A2185BC}) (Version: 4.4.227.0 - Validity Sensors, Inc.)
    VideoDownloaderUltimate (HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.35 - Link64)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07A67AB7-C046-4411-9E1E-02CBE7AE1E73} - System32\Tasks\{57FDA626-3D95-4C08-AF4D-1E7EFC5940E5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall
    Task: {3154756B-2AAF-43A8-8E66-36ADB77AF772} - System32\Tasks\{09A7C1D0-477A-41BF-9643-3DE50C76327D} => pcalua.exe -a "C:\Program Files (x86)\Furcadia\_uninst.exe"
    Task: {36018778-865B-47B5-BC40-09196BF7D0DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
    Task: {3888EE4E-8B1B-461F-A545-BADF347B9E03} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {41EFB613-0E11-41F5-85EE-2489FDAE375C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
    Task: {6556A942-1F3E-49C7-9840-A3D0D0600216} - System32\Tasks\avastBCLRestartS-1-5-21-4167589968-2693423342-2315446607-1002 => Chrome.exe
    Task: {6D1C6171-B004-4F4C-8F00-45BCD7D66778} - System32\Tasks\Core Temp Autostart Owner => C:\Program Files\Core Temp\Core Temp.exe [2017-03-18] (ALCPU)
    Task: {6E79DA85-94EE-4061-8B0C-99016357D106} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {718BC725-5166-4328-90B0-0C3C1A32CFB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {8276B388-3C13-4EED-8B37-61157FA8D08D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {8841ED01-4B89-4F35-AF35-6E10C434B6BB} - System32\Tasks\{65CDD781-04AB-4759-ABB9-386F0839F92D} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
    Task: {9957BEE9-ED6B-4301-B3C1-8D8A90ACC64C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2012-08-10] (Hewlett-Packard Company)
    Task: {B0DD1AF7-3795-4A3A-9DC2-567342B3678A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
    Task: {B59F8635-A312-4A44-83EB-CC17D4DE9AC0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: {B5CBC79D-214C-447B-82E3-8C9E238BCAD3} - System32\Tasks\{F4FA0356-DA9C-4A8C-B4D0-80D8D1936A6A} => pcalua.exe -a C:\Users\Owner\Downloads\SMS2003-SP3-KB937882-X86-ENU.exe -d C:\Users\Owner\Downloads
    Task: {C22743EC-E2BD-433B-ABC7-1995F9853A78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-15] (Adobe Systems Incorporated)
    Task: {CF2BDCC4-7181-41F7-B4E3-4D3B7DE87884} - System32\Tasks\{A8A76758-4F04-422A-81CC-5C071B6DED10} => pcalua.exe -a C:\Users\Owner\Downloads\forge-1.7.10-10.13.2.1230-installer-win.exe -d C:\Users\Owner\Downloads
    Task: {DDEBA022-3B8B-4FA9-BCAD-8073884A60C3} - System32\Tasks\{85046818-0B6B-4667-B629-CEADB65D16D5} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/en/abandoninstall?page=tsProgressBar
    Task: {E1245B7B-63F7-45B1-A164-43B032150038} - System32\Tasks\{4881F0FC-9422-43B9-99F4-C7583BB7BBBD} => pcalua.exe -a "C:\Program Files (x86)\Gravity\RO\Setup.exe" -d "C:\Program Files (x86)\Gravity\RO"
    Task: {EB01FBE6-81C6-463A-B5D7-843F0FEABC02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {FB9D7FA9-F8F2-412A-BFB0-4B5DDC726F8B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb

    ==================== Loaded Modules (Whitelisted) ==============

    2012-09-18 03:12 - 2012-09-18 03:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-07-18 09:55 - 2012-07-18 09:55 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
    2012-07-26 01:55 - 2012-07-26 01:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2015-05-14 04:54 - 2010-09-16 12:13 - 00032768 _____ () C:\Users\Owner\Downloads\MonitorES.exe
    2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    2012-09-18 03:11 - 2012-09-18 03:11 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2017-05-15 23:54 - 2017-05-09 03:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
    2017-05-15 23:54 - 2017-05-09 03:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
    2012-08-10 03:36 - 2012-08-10 03:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
    2014-02-09 01:45 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2017-01-11 15:44 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
    2017-01-11 18:26 - 2017-01-11 18:26 - 01082880 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
    2017-01-11 18:26 - 2017-01-11 18:26 - 03750400 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
    2017-01-11 18:26 - 2017-01-11 18:26 - 00914432 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
    2017-01-11 18:26 - 2017-01-11 18:26 - 01127424 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
    2017-01-11 15:44 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\libglesv2.dll
    2017-01-11 15:44 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.297\libegl.dll
    2017-06-25 04:45 - 2017-06-25 04:45 - 00148992 _____ () \\?\C:\Users\Owner\AppData\Local\Temp\226E.tmp.node
    2017-01-11 18:26 - 2017-04-26 15:27 - 02658296 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
    2017-01-11 18:26 - 2017-03-22 15:20 - 02665976 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
    2016-08-03 21:53 - 2016-08-03 21:53 - 00987136 _____ () C:\Program Files (x86)\Furcadia\libxml2.dll
    2016-08-03 21:54 - 2016-08-03 21:54 - 00077824 _____ () C:\Program Files (x86)\Furcadia\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
    HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\aeriagames.com -> hxxps://aeriagames.com
    IE trusted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\aeriagames.com -> hxxp://aeriagames.com
    IE restricted site: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\skype.com -> hxxps://apps.skype.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 23:26 - 2014-09-14 04:03 - 00001075 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 rad.msn.com
    127.0.0.1 live.rads.msn.com
    127.0.0.1 ads1.msn.com
    127.0.0.1 static.2mdn.net
    127.0.0.1 g.msn.com
    127.0.0.1 a.ads2.msads.net
    127.0.0.1 b.ads2.msads.net
    127.0.0.1 ac3.msn.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Desktop\PHOENIX PICTURES\GALAXY & SPACE\rsz_1ta06za.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: WSearch => 2
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
    HKLM\...\StartupApproved\Run32: => "RazerCortex"
    HKLM\...\StartupApproved\Run32: => "AvgUi"
    HKLM\...\StartupApproved\Run32: => "AVG_UI"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\StartupFolder: => "Launch Utility Application.lnk"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "Facebook Update"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615pit"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "join.me.launcher"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "BlueStacks Agent"
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\StartupApproved\Run: => "GalaxyClient"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{FDDA6392-0A61-4149-9DFE-ADE8E96DD4CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{7ECF8E98-0B21-475A-B3C4-25BA88C22569}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [TCP Query User{8CEE99DA-AA09-4166-8AB6-AA1E61241929}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [UDP Query User{1BB02B3F-4E9A-4040-8263-48469C24F190}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [TCP Query User{3A0B3D99-61CA-4E70-B2FB-F3CD1A7A8F5E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{7DD4E246-8D73-4F8D-BBFE-7483642DD9BE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{6FA1F28E-F576-45E9-9C30-1CBE52A56E14}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [UDP Query User{625A509D-2FD7-4FC2-8D11-1EDE203704E4}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [{E25EAFF7-7EC4-4051-B94E-DF5EBAA9A645}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{47BC71B8-59D6-4401-AC1A-EB4AB286DC31}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{9C1C799C-D237-482D-94EA-41372E92274F}] => (Allow) %ProgramFiles% (x86)\Stardock\Object Desktop\IconPackager\Activate.exe
    FirewallRules: [{08CDBA64-E1BA-4958-B69D-E664A82AC4CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{975EFD86-43E0-4979-BFA0-CE3308DDCB83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{974D8DF2-3F43-4AE4-969D-A58D17E1A3B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{0F635F0D-F5C6-4767-B8A8-062F590134B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{FC5F30F3-F27A-4A59-B9BB-9A4D53D9A5C5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
    FirewallRules: [{46D1099C-57A8-457F-9782-0C213448004B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
    FirewallRules: [{3FF1BFDF-A86D-4F26-8718-4D83C0C17828}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
    FirewallRules: [{8983ACD8-B2FA-4EF8-814D-41034BC0742C}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
    FirewallRules: [{90C316C3-7F64-4A5D-8FCD-5E3669151C63}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
    FirewallRules: [{335C8AF1-02BC-4366-893A-E34964318FFA}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
    FirewallRules: [{9A2CA9CA-1396-4201-B016-58E18D7A01EE}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
    FirewallRules: [{D8D0A395-966F-40BD-A784-02516DFB1063}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
    FirewallRules: [{55CEB6BA-E4E6-4EE1-AF83-3EB089AF06A9}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{C23B5D9B-3154-4D19-B6DA-477158A72CF3}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{A7C647BF-541D-45CA-989C-6DAED04D5A3D}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
    FirewallRules: [{AB423E01-A7FF-4EFF-B2A6-639DCAAC33C2}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
    FirewallRules: [TCP Query User{37F040AF-DEA7-4B52-BB7A-28B9ECE82ED9}C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
    FirewallRules: [UDP Query User{FF024338-0177-4193-B297-984170B87AC5}C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
    FirewallRules: [{1525A57E-64E2-4154-95B0-124F0AAB91B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{F71E5893-CF42-45AD-97FB-2B22C89F7931}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{7FF333F9-DF56-47E1-9730-CB778D4BE34B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{25065224-1D8F-493D-A1E7-6732E429F359}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{1EE56E19-04EB-4E74-B140-884C12D1C760}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{4A58756D-7453-46A6-918B-4618AA904CE9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{0B9D497B-245D-46AA-BE7F-E9ECD8939250}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{9044FEB3-5BBD-4A0D-9643-F270D9CFAC98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{A6FDF7DB-44D7-4A69-A3F9-940D21E63F35}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{823D27EA-B014-4504-A63B-9AB4C3A7BBFA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{3612DB22-AA97-41D7-847E-0561031FDED2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{0FDEF4B1-FE55-41C3-A3B3-B667305E30BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{3A59AC31-D801-468C-B0C6-A404979FF793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{570805D3-5A7E-41A7-9453-FA80AD13C89D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
    FirewallRules: [{C6CBC3E9-333C-4766-8A03-E79A1978A4BF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{E844F90D-9E14-4652-AE82-744AD4D55A6F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{31B91068-FE14-416E-B46B-2D05118D8D4C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{024E8CB9-B30F-4241-8BF9-DFFCC90CFE4E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{D5495F02-CBB1-4DE4-A97E-BDA3FF59C958}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{AD84BA49-3FC8-4FE9-917F-714090C06701}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [{17E66E2F-FF73-46CC-8638-6D5DEEC1E483}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{D887A475-F4F8-44AF-8459-8BCC26F1EF46}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{DA6435D7-8EFD-41D9-91C7-B2F551B6A7EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{34237578-7E6D-4B8A-881A-0A9BA498D957}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{F4F8D607-F971-4BCE-962C-106E9F9A592C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{99B6A0B6-7567-42CF-8C79-39E45311C6E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{ED13E1AE-E6B1-4AC3-8623-0385240F3F5F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{320F6522-DF1B-4A14-9858-8030AAB63623}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{B0A2FF7F-E414-4DDC-BCB0-7E78F8A4AF47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{7F0E7C97-2E32-4FF1-8AC2-02A59ED3D7D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{CF659B52-14BC-496C-B16F-3023F7E2E6B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{99F2560D-78AE-4907-8B0C-46E0030292A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{4D1027A3-CA47-479D-9802-44786C924E13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{B94F0F59-08B7-4F5F-9C16-6E4C5C425337}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{AE83794D-AFFF-4E02-89FB-8DF194F7760F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FDAFA933-6CCB-4E3A-B07B-5054A70C5C59}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{5F661311-FFE8-4668-B148-D107D53973A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
    FirewallRules: [{F21B7FC2-7986-4457-98B3-1AA4AE4C1B72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
    FirewallRules: [{FA97AA3B-2D97-4CFE-82D6-954D80A04384}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{C6752541-13DB-416F-9BB0-C677C7261D33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{ED9DC762-06E3-4F24-8E25-1DE8B598718C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{A3DEED43-F27D-4285-898D-FB2DD86B9D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{BF67B821-9655-43FE-9F7C-5B26223329E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{FFCFE106-DBDF-45AC-8A9A-539F63057940}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{B6EB32B2-CFFF-4AE2-90F5-769B957FFE13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{B5969EB5-EEFD-4F4E-85AF-8FE91CF1D758}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{C5B42509-9537-4B56-A6B2-15DD54D48163}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{7609974B-BB86-441A-86EB-866D5802A5D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{1A215C06-DBB1-4B0B-8D48-D83AF20DD937}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{22D70D2E-4DAF-4433-B3C6-DC36E13BDDE5}] => (Allow) LPort=2869
    FirewallRules: [{B8856F0B-FC2D-4030-8961-CF5F8B23BEAE}] => (Allow) LPort=1900
    FirewallRules: [{822788E8-0AAB-417C-B046-A429379E9B8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{A57A515C-060F-4A12-8D9C-A6A7E34F066F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{1876C747-5D54-4A66-BD7D-05329198E2A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{5CDE5D54-7049-4BB1-9F46-229326D56366}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{654B7C96-C0A3-40B3-BD58-5BF40D3D933F}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
    FirewallRules: [{EB7C48BD-DA27-480E-820F-A3E6C69830BC}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
    FirewallRules: [{B7A4BD09-B980-4046-BDD0-F02E5CAEB28B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{D5EC8B76-4F54-4773-AD2B-81CE36F743E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{752F8D1E-2C48-4EFC-B7AB-447A3E08D3C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{528CB57D-6C8A-48BB-914C-B5347D5CC917}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{F733D89D-8A98-4EBE-8881-33E752058CCF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{D2566577-6C99-45FC-B03E-2C1A3BA81847}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{82C1553B-B5DC-4C20-B397-8C7F2BA25FE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{D332830B-4581-4EDD-A8EE-E360C7A81ABF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{36D407D8-0F1F-4B39-8AE4-D636FF721489}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{E975320C-5308-4611-8669-92C4405ACD00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{13A11369-1ED0-480B-BBC8-C12898326B19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{2772FAE7-78DE-4565-8C3D-500D0460A043}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{88790F8E-5D98-45F2-A661-F91FDE0C12F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{B18E0B12-6CB4-473E-B565-FA53EDECBD71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{842142CB-B3ED-490D-B026-C7669ED1110A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{A2A3DBBB-B1D7-466D-9438-945AC6A297AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{3452AA21-98CC-4D91-B8D6-93057C20B8AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{88D1BDAE-3835-4E13-BA50-159C80F8C18B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{C8B0F06B-3F4E-43AC-BF4F-357CD42657C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EE2C9709-EE36-4501-BF72-4F2A3781EAF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{592632D7-43F3-4151-8CFD-E72F799F7129}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{FE963C6E-FE0F-4D58-B655-F124FCD4C90E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{7F70C1F3-88B0-4808-8796-5599BB1444B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{BB986EBE-D340-423F-85D9-97C5B24A748B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{D0258E54-C9B3-41E3-9F73-4BE7D30E488C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
    FirewallRules: [{4EC1BD60-772B-4B6A-9E77-721B8D5C8C84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
    FirewallRules: [{6D6E2295-30E4-4348-B2C6-8327FE194973}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
    FirewallRules: [{EA13A790-3A2F-4CBA-A392-40F8EB51F7A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
    FirewallRules: [{FB090C07-EACB-4783-9FAC-C80F766F7D61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
    FirewallRules: [{DA0AAB90-40E7-4417-A8EA-673B6E699EBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
    FirewallRules: [{849BDF77-5E3C-45C9-9826-E58E3FA26D24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
    FirewallRules: [{5DF52370-C197-49D7-9C75-B9582E86F89C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
    FirewallRules: [{3BE33BE0-AA86-4B84-95D8-FA960FF9F001}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
    FirewallRules: [{485D2AA7-27FA-4C54-87D5-CD5719FD0F16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
    FirewallRules: [{63896BE7-BD78-459E-B95F-B714452FFFAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
    FirewallRules: [{80CAD038-5D27-49F5-A781-22B330FC49F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic 2015 Demo\DotP_D15.exe
    FirewallRules: [{E9941161-A483-48AC-98C7-EF1204740385}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{7BD7F0D2-C6D2-4DD2-93F0-859B6777C2A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{DA7B37A3-126D-4B95-B4DB-3CBD0E308673}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{BD6E1989-639C-441F-8E22-80B00159F0ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{BDE513EE-8A95-4563-8CEC-34702E62E296}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{F91D3BCE-9687-4D46-89B9-8CF5F9304130}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{6FB747BC-664D-487E-9650-7BDE1FFCA824}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{64629C8E-89FC-4CF0-84BC-853AFBEAF546}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{32B3371A-8CB1-40D6-9207-B68CEC514EE2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0FCA499F-0A45-4320-9820-1E4E183B8DDE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{370C008E-4440-435B-820B-06FF53818034}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{85CCDA74-567A-4B69-8D6A-9D0369251378}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{66188E8C-43CF-463E-90E6-FFCED9924667}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{CDA06A9B-E618-47BB-BFFD-C01FD3BBAEE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{13AA4776-3BD2-49A4-A792-D231AB905860}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{461F4B01-804B-4255-A683-46194F7C6F86}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{C6D597B5-D5FB-4822-9A69-5143AFD0699D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{DFB31B15-FA28-49A3-A917-ADF8A308BA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{819135D9-6AEA-451A-A78B-93CD37FCD441}] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [{DFB8FD01-060A-45FA-9AD7-F07823B7E8EA}] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [{8EDEBEE6-FEA5-4D1C-9519-A7C6C3410957}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{4648A95E-EB07-4FC4-8C52-9B83749A9BC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
    FirewallRules: [{39982F30-208A-4AF9-BC58-740E3EBBB00C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{560B6E40-20D3-4EFC-B957-9F4F1A8D7825}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{AD9DA93D-165A-4A24-BF2C-F2D7FEC99F8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{B3181F26-8EEF-4F2A-A842-63F3118686F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{DD336240-7730-4CCC-B8A1-E7DD15115AF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{055A2EBE-89E6-4A73-8545-1E38E81348B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{42A04F18-6CB1-47AA-B3CC-E778232C673D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{8CAD6D97-8173-435A-8011-7430CB9A93D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
    FirewallRules: [{81DC9A5A-B406-4FB4-962C-17888DD8DEBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{440BFA44-32FD-4C04-A15E-BCE762837DF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{0F47EE47-1855-4416-8C6F-8105820F5C0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{92D42F62-22B7-4CEC-8C84-EFAD4A017714}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
    FirewallRules: [{6B5C016E-E825-437C-AFDD-FCCCE80AEBEE}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
    FirewallRules: [{8115A914-75FA-4869-A703-6F2B8DF16486}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
    FirewallRules: [{5EDA9B72-4683-4E8E-B42A-9428F80F1AD7}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{3C01F7DA-D05D-4F2A-ACC6-3A4698B478E5}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{A3F0537E-6530-4683-947B-0ED848E25CAA}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
    FirewallRules: [{57D5D575-32FD-4882-B11B-ABCBBB366046}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe
    FirewallRules: [{6BF0F442-2716-4512-824F-A2A5BC720D0F}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
    FirewallRules: [{14270A4D-E395-4E9E-B4C8-04B9658F7CF6}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe
    FirewallRules: [{AA5B2C44-698E-4FF0-B871-5AD1A1BB6357}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
    FirewallRules: [{9869FC05-C75D-4371-A547-5F0C983D4202}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe
    FirewallRules: [{FAFE3989-5397-4F1F-B484-D82ABBD8A0CA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{3EF0F099-34CD-49EA-B82F-6AFA10334CE4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{211135A4-7F8E-44F2-BA8F-0ED510376E53}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{04156DC9-2F89-43AB-9F2E-70541BAE47ED}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{36ABB77B-652F-45DE-B2B2-268CA9923DC1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{2E2F06D2-F920-47F1-89D4-21E15414D17E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{6ECDC8FF-3820-4C38-AFD6-7532A9053A2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{13C38FC3-9F3E-47AD-90B0-5C958BAF0705}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{A257BFA1-E5A7-4353-ACA3-67445F3A85A7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{CD6F721F-C030-4E40-9FDA-53F1F0ABCFC5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{6D075C51-1103-4B44-972C-E91A41A1C8BC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [{6C6BED3F-5139-4995-A4DA-544EDB01E3C0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [{B46D9D45-0BC1-41D5-B120-CFB7947FD44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{055A2A29-B5B4-4469-9B06-4897285CBBE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{69FEC7E7-B6F8-4F42-80AE-80D5E109408A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A38779D2-AD1B-42C7-BDFE-8AAA94F58B7C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{78909037-1F95-4EE0-89C4-A62F789E8234}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
    FirewallRules: [{C266CBA7-B7CE-4A07-BD10-161664968313}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Legends\TheBookOfLegends.exe
    FirewallRules: [{3A41E08D-E69A-4D6F-A437-C8866A83F216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{2728CA3F-E4F8-4352-A312-5F3A6F9A8426}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{AF001E51-EAE2-4BAF-8EDA-26EAE7B48978}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
    FirewallRules: [{CC9554F4-80D1-486B-93D5-9475C68915BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
    FirewallRules: [{284BC23D-8B4E-46D0-920B-0912B331CC83}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{6E3BBAF4-F534-47F1-87DB-4FF6DC79CF25}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{C1BEBF47-6871-4CA7-BFFB-A325D3A8881F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
    FirewallRules: [{94321FB5-81BF-49FC-A640-69D3A8E70089}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe
    FirewallRules: [{7A2EAAE8-6910-4E87-A776-492A910E879A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{E078DF36-870D-4A05-8445-66208AE2406D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{7B9CB91D-88D9-4CB7-AEAF-0BCFD878ACBC}] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
    FirewallRules: [{826A23B5-7553-44EE-91C9-B960B7DD4101}] => (Block) C:\program files\vlc-2.1.3-win64\vlc-2.1.3\vlc.exe
    FirewallRules: [{1DC83114-A48C-499F-A930-9E2560AE7109}] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [{97C5051F-9A53-40BD-9879-362B80B401E9}] => (Allow) C:\program files\winamp\winamp.exe
    FirewallRules: [{B6F8781F-6937-4B5A-B2EA-6CC3BD49B83D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{1D3C3A9B-8C2A-4471-A717-49A97050E2DB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{C2B38F49-35BB-401B-8F02-CE48CD4C2215}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{04AD6843-A102-4223-8407-58B0094A4488}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{81B7F71D-E0D6-4D7F-98E5-E2397E588F5B}] => (Allow) LPort=1900
    FirewallRules: [{416BA6AB-9560-4CD3-8F36-A29075F3ECE3}] => (Allow) LPort=1900
    FirewallRules: [{C6C3E389-B397-4B1F-87FD-3E8FC695DA60}] => (Allow) LPort=2869
    FirewallRules: [{C4D0C9E3-6F2F-49A2-9AD5-9E5B7D79ED70}] => (Allow) LPort=2869
    FirewallRules: [{7FD37F5A-E976-49C9-800A-A5CF1DAE53D8}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{81FE6317-3441-4B3B-A656-93B4602D6C15}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{7DA40EF6-1C02-4751-AFB4-5E597FB4AB0A}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{6C7066DF-913C-42F0-8FE2-4F367013D451}] => (Allow) C:\Users\Owner\Downloads\uTorrent.exe
    FirewallRules: [{81CA386A-895F-47E1-91ED-FAB7616F75F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3081CAAE-B1B3-4C3A-A6DF-D9311D629C91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{5D2A22E5-2FD6-440A-8854-53F162B20555}] => (Allow) C:\Users\Owner\AppData\Roaming\Andy\Setup.exe
    FirewallRules: [{0CC0393C-C2CF-4CC1-A2EC-9CC8399FC1CD}] => (Allow) C:\Users\Owner\AppData\Roaming\Andy\Setup.exe
    FirewallRules: [{8478A81A-3DE9-4529-9677-03424A64CF3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{C3C9D809-A416-40F9-A509-324CD8756F56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{049A6A8D-7236-44FE-93F7-7A4B13D16383}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9D546FC3-5DD5-4D6B-B6DA-CB750CC4B79E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{655A401C-7A9D-44E7-BAD8-90C93ACC78F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{08D78459-3445-449A-9DFD-68163C7B3BF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{51CB2D73-BB44-4A8F-AEEB-0DB10727CCB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Pirates!\Pirates!.exe
    FirewallRules: [{277EA691-C7B2-4019-890B-D4EAA5343A7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Pirates!\Pirates!.exe
    FirewallRules: [{83579DC1-5E72-474F-AF7B-915A3F8DE4F3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
    FirewallRules: [{A1D962C4-4682-4683-8B75-39C8CDDB1599}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
    FirewallRules: [{8254B3E2-6280-47A6-B2BD-94D09BFB32E9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
    FirewallRules: [{4DDFB3C6-FC6D-4DF6-A297-EA4AA5BD50E0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
    FirewallRules: [{1AFB2F0F-AD2B-4F45-9721-960B014D1625}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{594C1553-336D-47CC-A3E0-42AC7CBE2137}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{9A9BF29B-94D0-45EE-92C0-2C07EE608D68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{B33A0E3C-F804-431C-9A23-1983A1520B0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{CFAA0C1E-F229-46F4-8B6E-35D5D95FEDE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{3F2B2BB1-E293-4D9D-A585-C4C0193B2F46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{DA47F99C-363B-412D-94B0-4279B41DE5CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{B1B08F64-C8F0-4989-9FB2-BF166BBA5A5E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{E27E7772-7538-455C-B563-496B7E1287D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{99618F47-D703-4983-ABF8-DE2970CC00B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{24BFB17B-CE41-446F-AB0A-F10C16389D62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{92C90FB4-5D85-40DA-97CD-C0AA2C243E46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{71263DF2-428A-477A-A07B-7FA4292C46CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
    FirewallRules: [{DE0D0FB7-78E2-4042-9BFA-D48685976555}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
    FirewallRules: [{8CCF89AB-42E9-49B7-84E6-E907CF67B316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{4821772B-00C3-4EC0-AA81-AD0161DADC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{FE8D9558-B4F2-461B-8583-B5C185526C5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{A291DB22-CDF8-4F73-B7FD-7ECD03BC647A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{2E66E617-AE79-4224-82AA-4C39D534BAF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
    FirewallRules: [{CB257B5D-1E03-4E18-A8A5-704D9D36F488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
    FirewallRules: [TCP Query User{D7F5A69B-0437-4C2F-8366-7CF977B76B5D}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\owner\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{A752413F-53E8-457E-A4E7-F26D1B1004D3}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\owner\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{67B8D69A-15C8-4C95-A3E4-47D4453603CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe
    FirewallRules: [{2028AAE2-039A-4BAF-8180-93199AE9A978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eternal Card Game\Eternal.exe
    FirewallRules: [{7D2C2EA2-A988-49E3-9007-42AB42F24A6C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    FirewallRules: [{51E98D69-C460-4D55-AC69-30794B1B9E5C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
    FirewallRules: [{A0E6D530-4580-47D7-9909-7BCEE4FDF7CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{D7B931FC-8F11-4ABB-98E7-9A311773A14F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{6268A89B-670E-4461-B71A-0C822456B644}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{A7D11F67-D818-4CEE-A807-3B02065AF9F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
    FirewallRules: [{D614E900-CB85-46BA-9BFB-CD4CBF5B1F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
    FirewallRules: [{AC254A11-2009-4284-AACA-B644F98398B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{43BCDBBE-5E2E-4F37-972C-14114180DC80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

    ==================== Restore Points =========================

    08-06-2017 03:24:02 Scheduled Checkpoint
    16-06-2017 15:05:22 Scheduled Checkpoint
    18-06-2017 13:22:45 Installed OpenOffice 4.1.3
    26-06-2017 06:52:28 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/25/2017 04:43:51 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

    Error: (06/25/2017 04:34:30 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_4188b989718cf1c6.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17359_none_8935f06086091acc.manifest.

    Error: (06/18/2017 02:01:56 PM) (Source: MsiInstaller) (EventID: 11409) (User: 7360BE7)
    Description: Product: FMW 1 -- Error 1409. Could not read security information for key System\CurrentControlSet\Services\avgsvc\Common. System error 1018. Verify that you have sufficient access to that key, or contact your support personnel.

    Error: (06/18/2017 01:23:56 PM) (Source: MsiInstaller) (EventID: 1013) (User: 7360BE7)
    Description: Product: OpenOffice 4.1.3 -- Please exit OpenOffice 4.1.3 and the OpenOffice 4.1.3 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice 4.1.3 open.

    Error: (06/15/2017 12:54:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 7360BE7)
    Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/15/2017 12:54:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: 7360BE7)
    Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

    Error: (06/15/2017 12:54:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 7360BE7)
    Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (06/15/2017 12:54:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: 7360BE7)
    Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

    Error: (06/09/2017 01:42:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: fc4

    Start Time: 01d2dc1246c43795

    Termination Time: 4294967295

    Application Path: C:\Users\Owner\AppData\Local\Discord\app-0.0.297\Discord.exe

    Report Id: be475666-4d4b-11e7-bf36-082e5f79e668

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (06/04/2017 01:51:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 58.0.3029.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1550

    Start Time: 01d2dc9cdb8e50f5

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: 339adda2-495f-11e7-bf36-082e5f79e668

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (06/25/2017 04:36:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/25/2017 04:36:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

    Error: (06/25/2017 04:35:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    Error: (06/25/2017 04:35:30 AM) (Source: DCOM) (EventID: 10005) (User: 7360BE7)
    Description: DCOM got error "1053" attempting to start the service hpqwmiex with arguments "Unavailable" in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}

    Error: (06/25/2017 04:35:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Software Framework Service service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.

    Error: (06/25/2017 04:35:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

    Error: (06/25/2017 04:33:45 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
    Description: 0x8000002a29\??\C:\Users\Owner\NtUser.Dat

    Error: (06/25/2017 04:33:15 AM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (06/25/2017 04:33:45 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 4:32:01 AM on ‎6/‎25/‎2017 was unexpected.

    Error: (06/16/2017 01:13:33 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:04:47 PM on ‎6/‎16/‎2017 was unexpected.


    ==================== Memory info ===========================

    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 48%
    Total physical RAM: 5594.25 MB
    Available physical RAM: 2896.89 MB
    Total Virtual: 7066.25 MB
    Available Virtual: 3435.34 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:569.34 GB) (Free:196.58 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:26.06 GB) (Free:3.09 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: A50E1C7D)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,297

    Default

    Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

    Right click on the highlighted text below and select Copy.[beginning with Start:: and finishing with End::]


    Start::
    EndProcesses:
    CreateRestorePoint:
    C:\Program Files (x86)\Popcorn Time\Updater.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
    AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
    CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
    C:\Users\Owner\AppData\Local\Spoon
    C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb
    HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
    HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION
    EmptyTemp:
    Hosts:
    End::


    **
    Now click on the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes AdwCleaner
    • Please download Malwarebytes AdwCleaner and save the file to your Desktop
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click [img=http://i.imgur.com/MqHawIb.png] Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Zemana AntiMalware Free
    download it from here:


    Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.
    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.

    When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
    without changing any options, press Scan
    When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
    Zemana AntiMalware will now start to remove all the malicious programs from your computer.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • open Zemana AntiMalware again and locate the latest report
    • please paste the contents into your reply


    When the process is complete, you can close Zemana AntiMalware.

    ~~~~

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Jun 2017
    Posts
    11

    Default

    Here are the logs. If it's ok i included an attachment which is a screenshot. not sure if it's a big issue but Spoon-Console.exe still shows as something I can "customize" into my toolbar/notification area. I still don't know what it is and if it's completely gone. The other thing I mentioned in my first post was Turbo.net Launcher but i typod it. if search for that, it still shows something in my search but i dont know what that means. if i search for "spoon", nothing for spoon-console shows up.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
    Ran by Owner (27-06-2017 16:58:44) Run:3
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    EndProcesses:
    CreateRestorePoint:
    C:\Program Files (x86)\Popcorn Time\Updater.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-02-15] (Link64 GmbH) <==== ATTENTION
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
    AppInit_DLLs-x32: _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
    ShortcutTarget: TurboLauncher.lnk -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe (No File)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002 -> {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4167589968-2693423342-2315446607-1002: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll [No File]
    CHR HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx <not found>
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
    C:\Users\Owner\AppData\Local\Spoon
    C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb
    HKLM\...\regfile\DefaultIcon: C:\Windows\regedit.exe,1 <==== ATTENTION
    HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKLM\...\cmdfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile: <==== ATTENTION
    EmptyTemp:
    Hosts:

    *****************

    EndProcesses: => Error: No automatic fix found for this entry.
    Restore point was successfully created.
    C:\Program Files (x86)\Popcorn Time\Updater.exe => moved successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => value removed successfully
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
    "_C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
    HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
    HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
    HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
    C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\Spoon-Console.exe => not found.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66F8021A-0B2E-4DE4-B753-12504A711C26} => key removed successfully
    HKLM\Software\Classes\CLSID\{66F8021A-0B2E-4DE4-B753-12504A711C26} => key not found.
    HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
    HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33 => key removed successfully
    C:\Users\Owner\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll => not found.
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\MozillaPlugins\@turbo.net/Turbo.net Plugin 3.33 => key removed successfully
    C:\Users\Owner\AppData\Local\Spoon\3.33.1538.0\npMozillaSpoonPlugin.dll => not found.
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo => key removed successfully
    Update service => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\Update service => key removed successfully
    Update service => service removed successfully
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net => moved successfully
    C:\Users\Owner\AppData\Local\Spoon => moved successfully
    C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe => moved successfully
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk => Shortcut argument removed successfully.
    HKLM\Software\Classes\regfile\DefaultIcon\\Default => value restored successfully
    HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <==== ATTENTION => Error: No automatic fix found for this entry.
    HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
    HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Classes\exefile => key removed successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12437159 B
    Java, Flash, Steam htmlcache => 128409809 B
    Windows/system/drivers => 32443722 B
    Edge => 0 B
    Chrome => 705724794 B
    Firefox => 483469028 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 0 B
    LocalService => 745052 B
    NetworkService => 449856 B
    Owner => 704767214 B

    RecycleBin => 83962485 B
    EmptyTemp: => 2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 17:02:20 ====

    # AdwCleaner v6.047 - Logfile created 27/06/2017 at 17:38:42
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-06-26.1 [Server]
    # Operating System : Windows 8 (X64)
    # Username : Owner - 7360BE7
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\ProgramData\apn
    [-] Folder deleted: C:\ProgramData\VideoDownloaderUltimateWinApp
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp


    ***** [ Files ] *****

    [-] File deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
    [-] File deleted: C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Link64
    [#] Key deleted on reboot: HKCU\Software\Link64
    [-] Key deleted: HKLM\SOFTWARE\SPPDCOM
    [#] Key deleted on reboot: [x64] HKCU\Software\Link64
    [-] Value deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
    [-] Value deleted: HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VideoDownloaderUltimate]
    [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm


    ***** [ Web browsers ] *****

    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: blmchfpimpbbdmgpcieclabeafkljbhm


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2391 Bytes] - [27/06/2017 17:38:42]
    C:\AdwCleaner\AdwCleaner[R0].txt - [1995 Bytes] - [05/06/2014 11:54:54]
    C:\AdwCleaner\AdwCleaner[R1].txt - [343 Bytes] - [07/06/2014 20:03:14]
    C:\AdwCleaner\AdwCleaner[R2].txt - [1896 Bytes] - [09/06/2014 06:49:07]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1956 Bytes] - [09/06/2014 06:56:28]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2035 Bytes] - [09/06/2014 06:58:50]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4214 Bytes] - [05/05/2017 00:07:13]
    C:\AdwCleaner\AdwCleaner[S2].txt - [3200 Bytes] - [27/06/2017 17:34:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2974 Bytes] ##########

    Zemana AntiMalware 2.74.2.76 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/6/27
    Operating System : Windows 8 64-bit
    Processor : 4X AMD A8-4500M APU with Radeon(tm) HD Graphics
    BIOS Mode : UEFI
    CUID : 12C37476182734E3238EC6
    Scan Type : System Scan
    Duration : 63m 51s
    Scanned Objects : 255607
    Detected Objects : 7
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Chrome Startup Url
    Status : Scanned
    Object : https://cdn.discordapp.com/attachmen...306_214618.jpg
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Report as safe
    Related Objects :
    Browser Setting - Chrome Startup Url

    Chrome Startup Url
    Status : Scanned
    Object : http://www.rprepository.com/c/tenebris
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Report as safe
    Related Objects :
    Browser Setting - Chrome Startup Url

    Chrome Homepage
    Status : Scanned
    Object : http://www.rprepository.com/c/tenebris
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Report as safe
    Related Objects :
    Browser Setting - Chrome Homepage

    avastbclrestarts-1-5-21-4167589968-2693423342-2315446607-1002
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\avastbclrestarts-1-5-21-4167589968-2693423342-2315446607-1002
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {57fda626-3d95-4c08-af4d-1e7efc5940e5}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{57fda626-3d95-4c08-af4d-1e7efc5940e5}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {65cdd781-04ab-4759-abb9-386f0839f92d}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{65cdd781-04ab-4759-abb9-386f0839f92d}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)

    {85046818-0b6b-4667-b629-ceadb65d16d5}
    Status : Scanned
    Object : NE->c:\windows\system32\tasks\{85046818-0b6b-4667-b629-ceadb65d16d5}
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
    Cleaning Action : Quarantine
    Related Objects :
    (null) - (null)


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 4
    Reported as safe : 3
    Failed : 0
    Attached Images Attached Images

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,297

    Default

    https://en.wikipedia.org/wiki/Turbo_(software)

    Spoon.net runs applications in isolated 'sandboxes,
    Spoon is often used by professionals who work from multiple desktops

    Spoon.net Sandbox Manager 3.33 by Code Systems Corporation

    **
    It's not a malicious application. I need to do a search for all files/folders related so they can be removed.

    Start FRST and type the following text in the Search box

    Spoon-Console.exe;Spoon.net Console
    Click the Search Files button.

    When finished, a log file (Search.txt) will open and is saved where FRST was run from, on the Desktop.

    Please post that log in your next reply.

    Also, how is the computer?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Jun 2017
    Posts
    11

    Default

    Farbar Recovery Scan Tool (x64) Version: 29-06-2017
    Ran by Owner (28-06-2017 22:37:52)
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal

    ================== Search Files: "Spoon-Console.exe;Spoon.net Console" =============

    C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
    [2014-03-31 10:29][2014-03-31 10:23] 11503760 _____ (Code Systems Corporation) EE8226C3B04A36713077D84861D29A6E [File is digitally signed]

    ====== End of Search ======



    I had just never noticed the thing before. As far as how the computer is running, it seems to be running well? Aside from other issues that a scan can't fix, like a dying fan and a broken hinge. i know that google chrome has an issue where it'll tell me that "google is unresponsive. relaunch now?" even though it'll be working fine. i tend to get that when im clicking on links talking to a friend in discord. they are links i trust. she does art and will post me links to updates and this is when i receive this stupid notice. sometimes i get it while clicking twitch stream links or music video links. but thats an issue with chrome thats not just isolated to this machine.

    is there any way that you can tell me what the turbo.net launcher was? it really freaked me out when it showed up out of nowhere.

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,297

    Default

    Quote Originally Posted by Luciel View Post
    I had just never noticed the thing before. As far as how the computer is running, it seems to be running well? Aside from other issues that a scan can't fix, like a dying fan and a broken hinge. i know that google chrome has an issue where it'll tell me that "google is unresponsive. relaunch now?" even though it'll be working fine. i tend to get that when im clicking on links talking to a friend in discord. they are links i trust. she does art and will post me links to updates and this is when i receive this stupid notice. sometimes i get it while clicking twitch stream links or music video links. but thats an issue with chrome thats not just isolated to this machine.

    is there any way that you can tell me what the turbo.net launcher was? it really freaked me out when it showed up out of nowhere.
    Fans and hinges I can't fix.
    **
    Now the issues with Chrome, seems this is an ongoing thing that doesn't appear to have a solid fix.
    Some say the Chrome error is from to many chrome processes open at one time.
    If you open task manager and end task on all chrome.exe's in theory.

    Right click on the google chrome icon and select run as administrator
    https://stackoverflow.com/questions/...e-relaunch-now

    **
    Website, turbo.net. Turbo (formerly Spoon and Xenocode) is a set of software products

    https://en.wikipedia.org/wiki/Turbo_(software)
    http://windowsitpro.com/windows/review-spoonnet
    http://www.shouldiremoveit.com/Spoon...1-program.aspx

    former owner, Downloads ==> 2014-03-31 10:29
    might want to locate this in the downloads folder to see if you can delete it out from there, since I'm not finding the uninstall string.



    Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

    Right click on the text below and select Copy.[beginning with Start:: and finishing with End::]


    Start::
    EndProcesses:
    CreateRestorePoint:
    C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe
    C:\Program Files\Spoon
    C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Jun 2017
    Posts
    11

    Default

    i'm aware that you can't fix fans or hinges? but you did ask how the machine was running so i was just rambling. the google chrome thing, i kind of read that it was a bit of a weird glitch. the thing is, i only had one other tab open at the time with this recent episode with it.
    i have one other question and im sorry if it's not something you can answer or "fix". there are 18 different things for Microsoft Visual C++ listed in my programs/features list in control panel. i've read that this is a massive amount and they are not all needed. however, since i believe they are something needed to run the OS or such, i do need them. i just dont think they are all necessary and i am not that computer literate to go around and start uninstalling or removing versions. id probably break something. http://i.imgur.com/DOx9QY4.png

    i did not find the "former owner, Downloads ==> 2014-03-31 10:29" that you told me to. i searched for the specific date as well in the downloads and still nothing. if it was something that was installed back then, why did it just randomly decide to show the icon? when it happened i talked to the former owner and she claims she had no idea and had never seen it before either when i showed her a screenshot of the icon.

    anyway thank you for your help so far its greatly appreciated. i like this site and its very helpful.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
    Ran by Owner (29-06-2017 22:45:07) Run:4
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    EndProcesses:
    CreateRestorePoint:
    C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe
    C:\Program Files\Spoon
    C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe
    Emptytemp:

    *****************

    EndProcesses: => Error: No automatic fix found for this entry.
    Restore point was successfully created.
    "C:\Program Files\Spoon\3.33.1109.0\Spoon-Sandbox.exe" => not found.
    "C:\Program Files\Spoon" => not found.
    C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Spoon.net Plugin\3.33.6.270\2014.03.31T16.30\local\modified\@PROFILE@\Downloads\Spoon-Console.exe => moved successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4402595 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 60411 B
    Edge => 0 B
    Chrome => 871433211 B
    Firefox => 18781667 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 14276 B
    NetworkService => 0 B
    Owner => 13746791 B

    RecycleBin => 43032 B
    EmptyTemp: => 874.4 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 22:46:25 ====

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,297

    Default

    i have one other question and im sorry if it's not something you can answer or "fix". there are 18 different things for Microsoft Visual C++ listed
    It is something Microsoft placed on the computer. I tried to read over a couple of articles to see if I could understand just what it all applies to and to tell the truth it is over my head. I'm afraid if I try to explain it, what they try to assist with, I would be incorrect.
    But, in the end it seems that all comments were to leave it alone.

    **

    i talked to the former owner and she claims she had no idea and had never seen it before either when i showed her a screenshot of the icon.
    It could had come in pre-installed, or bundled with a different application.
    I don't know.

    Is it still present?
    The machine run well, besides having that Turbo app.?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •