Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Sep 2016
    Posts
    4
    Points
    1

    Default Investigating my computer for malware after fraudulent use of my debit card

    Hi there,

    I had a message from my bank yesterday informing me that my debit card had been used fraudulently over the weekend. I haven't let the physical card out of my sight, but after talking with their fraud team I was able to confirm that this wasn't a false alarm – there had indeed been fraudulent transactions.

    The card's been stopped and the bank is investigating, but I'm concerned as to how criminals were able to get my card details.
    There are a number of ways this could have happened including ones that are nothing to do with my PC, but one possibility is that my computer is infected with some sort of malware. I mostly use my credit card when I shop online, but I did recently use the debit card to order a new computer online and I imagine that malware could have taken my card details then.

    If there is malware on my machine then that's a major worry as there's lots of potential bad things that malware could cause beyond just this one instance of debit-card fraud.
    I've run a number of scans: Avast, Avast boot-time scan, malwarebytes and Superantispyware. However, none of them have found anything except some tracking cookies, which I removed before re-running the scan.
    However, the help2go detective reports that there are "suspicious" items in my hijackthis log. I also ran it through hijackthis.de but it wasn't obvious what the issue was (other than IE being out-of-date. I'll probably uninstall that, but I figured I shouldn't remove it just yet in case leaving it helps diagnosis of my system).

    I've attached logs from malwarebytes, superAntiSpyware and HijackThis. Would it be possible for someone to have a look and let me know if my PC seems to be clean or not?


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/05/2016 at 02:55 PM

    Application Version : 6.0.1224
    Database Version : 12996

    Scan type : Complete Scan
    Total Scan Time : 00:30:31

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 599
    Memory threats detected : 0
    Registry items scanned : 67811
    Registry threats detected : 0
    File items scanned : 24255
    File threats detected : 0

    ============
    End of Log


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05/09/2016
    Scan Time: 14:56
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.09.04.08
    Rootkit Database: v2016.08.15.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Nick

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 322992
    Time Elapsed: 13 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 15:58:44, on 05/09/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18427)

    FIREFOX: 48.0.2 (x86 en-GB)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Razer\SurroundRedist\bin\RzMonitor.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Nick\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcspecialist.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcspecialist.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\Run: [Razer Surround Redist] C:\Program Files (x86)\Razer\SurroundRedist\bin\RzMonitor.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Razer Surround Audio Service (RzMaelstromVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10591 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi! My name is zep516 and Welcome to
    Help2Go!

    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. 64Bit for you. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  3. #3
    Member
    Join Date
    Sep 2016
    Posts
    4
    Points
    1

    Default

    Thanks zep516, I've run the tool and the results are posted below.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by Nick (administrator) on NEW-HEDGEHOG (05-09-2016 20:00:20)
    Running from C:\Users\Nick\Desktop
    Loaded Profiles: Nick (Available Profiles: Nick)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\SurroundRedist\bin\RzMonitor.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Nick\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-28] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-28] (Atheros Commnucations)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-01] (AVAST Software)
    HKLM-x32\...\Run: [Razer Surround Redist] => C:\Program Files (x86)\Razer\SurroundRedist\bin\RzMonitor.exe [199480 2014-06-05] (Razer Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\RunOnce: [NCInstallQueue] => C:\Windows\system32\netman.dll [360448 2009-07-14] (Microsoft Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: {ccdca43a-0251-11e1-ae35-f46d0447170f} - K:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A550BE3C-D75E-4A5F-9A07-7CBF8984B1E6}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pcspecialist.co.uk/
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.pcspecialist.co.uk/
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-10] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-30] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-10] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-10] (Oracle Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-28] (Atheros Commnucations)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-30] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-10] (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0oo1qppd.default
    FF DefaultSearchEngine: Bing
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-10] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-10] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
    FF Plugin HKU\S-1-5-21-2688956959-2497820592-655373506-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-06] (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Extension: (S3.Google Translator) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0oo1qppd.default\extensions\s3google@translator.xpi [2016-07-23]
    FF Extension: (Adblock Plus) - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0oo1qppd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

    Chrome:
    =======
    CHR HKU\S-1-5-21-2688956959-2497820592-655373506-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
    S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-18] (IBM Corp.)
    R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-05-23] (A-Volute) [File not signed]
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-30] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-04] (DT Soft Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
    S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
    R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-22] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-18] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-09-16] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-09-16] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-18] (IBM Corp.)
    R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 uxddrv; \??\C:\pcspro\uxddrv64.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-05 20:00 - 2016-09-05 20:00 - 00017411 _____ C:\Users\Nick\Desktop\FRST.txt
    2016-09-05 19:31 - 2016-09-05 19:31 - 02397696 _____ (Farbar) C:\Users\Nick\Desktop\FRST64(1).exe
    2016-09-05 15:29 - 2016-09-05 20:00 - 00000000 ____D C:\FRST
    2016-09-05 14:55 - 2016-09-05 16:35 - 00025351 _____ C:\Users\Nick\Desktop\Post.odt
    2016-09-05 03:17 - 2016-09-05 03:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-09-05 03:17 - 2016-09-05 03:17 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-09-05 03:17 - 2016-09-05 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-09-04 22:18 - 2016-09-04 22:18 - 00000000 ____D C:\SUPERDelete
    2016-09-04 22:17 - 2016-09-04 22:17 - 00000000 ____D C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
    2016-09-04 22:17 - 2016-09-04 22:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-09-04 22:16 - 2016-09-05 19:59 - 00000000 ____D C:\Users\Nick\Downloads\backups
    2016-09-04 21:48 - 2016-09-04 21:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nick\Downloads\HijackThis(1).exe
    2016-09-04 18:11 - 2016-09-04 18:35 - 00001325 _____ C:\Users\Nick\Desktop\FRAUD.txt
    2016-08-30 20:20 - 2016-08-30 20:38 - 00000722 _____ C:\Users\Nick\Desktop\TAX.txt
    2016-08-30 02:36 - 2016-08-30 02:36 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-08-30 02:36 - 2016-08-30 02:36 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-08-25 14:46 - 2016-08-26 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-08-23 15:23 - 2016-08-23 15:36 - 00000000 ____D C:\Users\Nick\AppData\Local\Arms_Dealer
    2016-08-17 13:34 - 2016-07-08 16:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-08-17 13:34 - 2016-07-08 16:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-08-17 03:12 - 2016-08-17 03:12 - 00000206 _____ C:\Users\Nick\Desktop\Fallout Shelter.url
    2016-08-14 21:34 - 2016-09-04 18:28 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
    2016-08-14 21:34 - 2016-08-14 21:36 - 00000000 ____D C:\Users\Nick\AppData\Local\Bethesda.net Launcher
    2016-08-14 21:34 - 2016-08-14 21:34 - 00001152 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
    2016-08-14 21:34 - 2016-08-14 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
    2016-08-13 03:54 - 2016-08-13 03:54 - 00000000 ____D C:\Users\Nick\Documents\HardWest
    2016-08-10 15:53 - 2016-08-02 15:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-08-10 15:53 - 2016-08-02 15:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-08-10 15:53 - 2016-08-02 07:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-08-10 15:53 - 2016-08-02 07:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-08-10 15:53 - 2016-08-02 07:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-08-10 15:53 - 2016-08-02 07:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-08-10 15:53 - 2016-08-02 07:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-08-10 15:53 - 2016-08-02 07:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-08-10 15:53 - 2016-08-02 07:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-08-10 15:53 - 2016-08-02 07:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-08-10 15:53 - 2016-08-02 07:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-08-10 15:53 - 2016-08-02 07:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-08-10 15:53 - 2016-08-02 07:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-08-10 15:53 - 2016-08-02 07:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-08-10 15:53 - 2016-08-02 07:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-08-10 15:53 - 2016-08-02 07:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-08-10 15:53 - 2016-08-02 07:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-08-10 15:53 - 2016-08-02 07:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-08-10 15:53 - 2016-08-02 07:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-08-10 15:53 - 2016-08-02 07:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-08-10 15:53 - 2016-08-02 07:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-08-10 15:53 - 2016-08-02 07:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-08-10 15:53 - 2016-08-02 07:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-08-10 15:53 - 2016-08-02 06:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-08-10 15:53 - 2016-08-02 06:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-08-10 15:53 - 2016-08-02 06:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-08-10 15:53 - 2016-08-02 06:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-08-10 15:53 - 2016-08-02 06:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-08-10 15:53 - 2016-08-02 06:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-08-10 15:53 - 2016-08-02 06:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-08-10 15:53 - 2016-08-02 06:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-08-10 15:53 - 2016-08-02 06:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-08-10 15:53 - 2016-08-02 06:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-08-10 15:53 - 2016-08-02 06:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-08-10 15:53 - 2016-08-02 06:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-08-10 15:53 - 2016-08-02 06:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-08-10 15:53 - 2016-08-02 06:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-08-10 15:53 - 2016-08-02 06:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-08-10 15:53 - 2016-08-02 06:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-08-10 15:53 - 2016-08-02 06:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-08-10 15:53 - 2016-08-02 06:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-08-10 15:53 - 2016-08-02 06:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-08-10 15:53 - 2016-08-02 06:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-08-10 15:53 - 2016-08-02 06:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-08-10 15:53 - 2016-08-02 06:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-08-10 15:53 - 2016-08-02 06:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-08-10 15:53 - 2016-08-02 06:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-08-10 15:53 - 2016-08-02 06:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-08-10 15:53 - 2016-08-02 06:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-08-10 15:53 - 2016-08-02 06:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-08-10 15:53 - 2016-08-02 06:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-08-10 15:53 - 2016-08-02 06:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-08-10 15:53 - 2016-08-02 06:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-08-10 15:53 - 2016-08-02 06:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-08-10 15:53 - 2016-08-02 06:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-08-10 15:53 - 2016-08-02 06:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-08-10 15:53 - 2016-08-02 06:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-08-10 15:53 - 2016-08-02 06:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-08-10 15:53 - 2016-08-02 06:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-08-10 15:53 - 2016-08-02 06:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-08-10 15:53 - 2016-08-02 06:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-08-10 15:53 - 2016-08-02 06:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-08-10 15:53 - 2016-08-02 05:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-08-10 15:53 - 2016-08-02 05:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-08-10 15:53 - 2016-08-02 05:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-08-10 15:53 - 2016-08-02 05:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-08-10 15:53 - 2016-07-08 16:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-08-10 15:53 - 2016-07-08 16:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-08-10 15:53 - 2016-07-08 16:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-08-10 15:53 - 2016-07-08 16:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-08-10 15:53 - 2016-07-08 16:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-08-10 15:53 - 2016-07-08 16:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-08-10 15:53 - 2016-07-08 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-08-10 15:53 - 2016-07-08 16:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-08-10 15:53 - 2016-07-08 15:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-08-10 15:53 - 2016-07-08 15:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-08-10 15:53 - 2016-07-08 15:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-08-10 15:53 - 2016-07-08 15:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-08-10 15:53 - 2016-07-08 15:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-08-10 15:53 - 2016-07-08 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-08-10 15:52 - 2016-07-08 16:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-08-10 14:44 - 2016-08-10 14:48 - 203084344 _____ (Oracle Corporation) C:\Users\Nick\Downloads\jdk-8u101-windows-x64.exe
    2016-08-10 01:32 - 2016-08-10 01:32 - 00739904 _____ (Oracle Corporation) C:\Users\Nick\Downloads\jxpiinstall.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-05 20:01 - 2015-03-05 03:57 - 00000000 _____ C:\Windows\system32\RzMaelstromVADAudioDeviceManager_log.txt
    2016-09-05 19:30 - 2012-04-09 12:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-05 17:46 - 2011-10-22 23:56 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-09-05 17:07 - 2011-10-29 18:20 - 00000000 ____D C:\Users\Nick\Documents\p
    2016-09-05 16:02 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-05 16:02 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-05 15:55 - 2011-10-05 16:07 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
    2016-09-05 15:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-05 14:56 - 2014-11-28 20:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-04 22:18 - 2011-11-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    2016-09-04 18:25 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-09-04 17:53 - 2014-06-03 01:48 - 00000000 ____D C:\Users\Nick\AppData\Local\Eclipse
    2016-09-04 14:19 - 2016-03-02 20:45 - 00029090 _____ C:\Users\Nick\Desktop\daily notes.txt
    2016-08-30 13:40 - 2016-03-22 23:36 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458686210
    2016-08-30 02:36 - 2014-05-03 11:33 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-08-30 02:36 - 2014-01-15 03:02 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-08-30 02:36 - 2013-03-14 22:40 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-08-30 02:36 - 2013-03-14 22:40 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-08-30 02:36 - 2012-07-07 14:00 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-08-30 02:36 - 2012-02-26 14:06 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-08-30 02:36 - 2011-10-22 13:13 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-08-30 02:36 - 2011-10-22 13:13 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-08-30 02:35 - 2016-03-22 23:36 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-08-30 02:35 - 2011-10-22 13:13 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-08-29 03:41 - 2016-07-19 03:13 - 00002157 _____ C:\Users\Nick\Desktop\PC notes.txt
    2016-08-27 18:36 - 2012-04-29 16:26 - 00000000 ____D C:\Users\Nick\AppData\Roaming\vlc
    2016-08-26 12:39 - 2015-07-06 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-08-23 08:50 - 2011-12-17 17:49 - 00000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
    2016-08-17 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2016-08-17 03:22 - 2011-11-27 19:08 - 00000000 ____D C:\Users\Nick\Documents\My Games
    2016-08-12 04:06 - 2009-07-14 06:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-12 04:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2016-08-11 13:53 - 2009-07-14 05:45 - 00297472 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-11 03:06 - 2013-07-13 13:06 - 00000000 ____D C:\Windows\system32\MRT
    2016-08-11 03:01 - 2012-06-05 00:49 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-08-10 15:02 - 2015-09-10 20:24 - 00000000 ____D C:\Users\Nick\.oracle_jre_usage
    2016-08-10 14:54 - 2014-06-03 22:15 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2016-08-10 14:54 - 2013-09-19 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2016-08-10 14:54 - 2013-09-19 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-08-10 14:53 - 2013-06-23 19:47 - 00000000 ____D C:\Program Files\Java
    2016-08-10 02:23 - 2013-09-19 20:20 - 00000000 ____D C:\ProgramData\Oracle
    2016-08-10 01:36 - 2013-09-19 20:20 - 00000000 ____D C:\Program Files (x86)\Java
    2016-08-10 01:34 - 2014-04-19 15:39 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

    ==================== Files in the root of some directories =======

    2014-01-11 01:56 - 2014-01-11 01:56 - 0000893 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel
    2014-07-19 03:45 - 2016-05-30 01:51 - 0007607 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-27 22:20

    ==================== End of FRST.txt ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Nick (05-09-2016 20:02:13)
    Running from C:\Users\Nick\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-10-22 11:24:42)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2688956959-2497820592-655373506-500 - Administrator - Disabled)
    Guest (S-1-5-21-2688956959-2497820592-655373506-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2688956959-2497820592-655373506-1338 - Limited - Enabled)
    Nick (S-1-5-21-2688956959-2497820592-655373506-1000 - Administrator - Enabled) => C:\Users\Nick

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (HKLM-x32\...\{23170F69-40C1-2701-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
    Academagia - The Making of Mages (HKLM-x32\...\Academagia - The Making of Mages) (Version: - GameStop)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Approaching Infinity DEMO version 1.0 (HKLM-x32\...\{AFFF573F-FC13-494F-981C-18AF0B89E409}_is1) (Version: 1.0 - Shrapnel Games)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
    Battle Group 2 (HKLM-x32\...\Steam App 277490) (Version: - Bane Games)
    Battle Isle Platinum (HKLM-x32\...\Battle Isle Platinum_is1) (Version: - GOG.com)
    Beneath a Steel Sky (HKLM-x32\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
    Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
    BitTorrent (HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
    BYOND (HKLM-x32\...\BYOND) (Version: 509.1319 - BYOND)
    Card City Nights (HKLM-x32\...\Steam App 271820) (Version: - Ludosity)
    Conquest of Elysium 3 (remove only) (HKLM-x32\...\CoE3) (Version: - )
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version: - Brace Yourself Games)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
    Defcon (HKLM-x32\...\GOGPACKDEFCON_is1) (Version: 2.0.0.6 - GOG.com)
    Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - )
    Desktop Dungeons (HKLM-x32\...\GOGPACKDESKTOPDUNGEONS_is1) (Version: 2.0.0.1 - GOG.com)
    Din's Curse - Demon War (HKLM-x32\...\Din's Curse: Demon War_is1) (Version: 2.0.0.1 - GOG.com)
    Din's Curse (HKLM-x32\...\1207665923_is1) (Version: 2.0.0.1 - GOG.com)
    Door Kickers (HKLM-x32\...\Steam App 248610) (Version: - KillHouse Games)
    Drox Operative 1.000 (HKLM-x32\...\Drox Operative_is1) (Version: - Soldak Entertainment, Inc.)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version: - Bethesda Softworks)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - )
    GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
    GameStop App (x32 Version: 4.00 - GameStop) Hidden
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
    HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    ICY (HKLM\...\Steam App 375400) (Version: - Inner Void)
    Infinite Space III: Sea of Stars (HKLM-x32\...\Steam App 269990) (Version: - Digital Eel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
    Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
    Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)
    Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
    Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
    JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kingdom Rush (HKLM\...\Steam App 246420) (Version: - Ironhide Game Studio)
    Last Word (HKLM\...\Steam App 355530) (Version: - Twelve Tiles)
    Launch4j 3.5 (HKLM-x32\...\Launch4j) (Version: 3.5 - Grzegorz Kowal)
    Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version: - Almost Human Games)
    Long Live The Queen Full Retail 1.0.3 (HKLM-x32\...\Long Live The Queen_is1) (Version: - Hanako Games)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Master of Orion II (HKLM-x32\...\Master of Orion II) (Version: - GameStop)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mozilla Firefox 48.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
    NEO Scavenger (HKLM-x32\...\1207667263_is1) (Version: 2.5.0.6 - GOG.com)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
    piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations)
    Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
    Quest for Infamy (HKLM\...\Steam App 264560) (Version: - Infamous Quests)
    Rags Suite (HKLM-x32\...\{7C60776C-C6EA-4C59-926B-BA76703D2608}) (Version: 2.4.16 - RagsGame)
    Rags Suite (HKLM-x32\...\{E50D4D29-C7B5-4136-AADE-D85794926840}) (Version: 2.4.0 - RagsGame)
    Rapport (Version: 3.5.1201.78 - Trusteer) Hidden
    Rapport (x32 Version: 3.5.1507.77 - Trusteer) Hidden
    Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.09 - Razer Inc.)
    Razer Surround SDK (HKLM-x32\...\Razer Surround SDK) (Version: 1.02.04 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
    Rebuild 3: Gangs of Deadsville (HKLM\...\Steam App 257170) (Version: - Northway Games)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Renowned Explorers: International Society (HKLM-x32\...\Steam App 296970) (Version: - Abbey Games)
    Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
    RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
    RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
    SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
    Sentinels of the Multiverse (HKLM-x32\...\Steam App 337150) (Version: - Handelabra Games Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Star Realms (HKLM\...\Steam App 438140) (Version: - White Wizard Games)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
    Survivalist (HKLM\...\Steam App 340050) (Version: - Bob the Game Development Bot)
    Switchcars (HKLM-x32\...\Steam App 442210) (Version: - Altfuture)
    The Sims(TM) 3 (HKLM-x32\...\Steam App 47890) (Version: - Electronic Arts)
    Thea: The Awakening (HKLM-x32\...\Steam App 378720) (Version: - MuHa Games)
    Tiled - Tiled Map Editor (HKLM-x32\...\Tiled) (Version: - )
    Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.77 - Trusteer)
    Unholy Heights (HKLM-x32\...\Steam App 249330) (Version: - Petit Depotto)
    Unity Web Player (HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Uplink (HKLM-x32\...\Uplink_is1) (Version: - GOG.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WazHack (HKLM\...\Steam App 264160) (Version: - Waz)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinUAE (HKLM-x32\...\{BB6B3D49-4056-4657-B71D-9B3D7E45C06E}) (Version: 3.1.0.0 - Arabuusimiehet)
    Zafehouse Diaries (HKLM-x32\...\GOGPACKZAFEHOUSEDIARIES_is1) (Version: 2.2.1.10 - GOG.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03010BB7-61B6-46D4-A6E1-E00D1D89C23D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
    Task: {03670B21-280B-4190-A57C-0908AE043635} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2688956959-2497820592-655373506-1000
    Task: {4036F1F5-D606-43E5-87B5-B724CA02EF38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {472E7B4F-8089-4C0F-A1DF-34905892B775} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
    Task: {495089E9-FF94-4214-915F-6E4092F209B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {55616033-641F-469D-9A82-2E866DA5C1F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {9181F9D9-7EDC-41D9-8184-36919E185542} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
    Task: {99A3E69E-1384-4AD3-B01A-467C7AF87DB5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-04] (AVAST Software)
    Task: {B862CC00-2596-4964-BEB5-B9B6F3F2C493} - no filepath
    Task: {BC4AC9FC-FE09-4CD8-B409-A4A33D45505F} - System32\Tasks\SafeZone scheduled Autoupdate 1458686210 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {EE898367-65BC-4BB4-8223-AACED23ADF1D} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-08-30 02:36 - 2016-08-30 02:36 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-05 14:21 - 2016-09-05 14:21 - 03080312 _____ () C:\Program Files\AVAST Software\Avast\defs\16090500\algo.dll
    2016-08-30 02:36 - 2016-08-30 02:36 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-09-05 20:01 - 2016-09-05 20:01 - 03080312 _____ () C:\Program Files\AVAST Software\Avast\defs\16090502\algo.dll
    2015-10-04 00:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-10-04 00:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-10-04 00:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-06-29 21:05 - 2016-06-29 21:05 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-05-12 03:36 - 2016-05-12 03:36 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68b50258c65f19990de5179995021e57\IsdiInterop.ni.dll
    2011-10-05 16:21 - 2011-05-20 18:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-03-12 18:10 - 2016-08-09 00:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-20 18:21 - 2015-07-01 23:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-01-20 18:21 - 2015-07-01 23:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-20 18:21 - 2015-07-01 23:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-21 22:43 - 2016-08-23 20:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-28 20:55 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-28 20:55 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-28 20:55 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-28 20:55 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-08-28 20:55 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2011-10-22 23:58 - 2016-08-23 20:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-03-09 15:32 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2011-10-22 23:58 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-01-20 18:21 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1 Domains Technology Blog
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> Life Through Words - Living Life to the Fullest
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123Movies - Watch Free Movies Streaming Online Now
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\1-2005-search.com -> 2005 Web Search Tips – Search Engine Optimization Insights
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\1-domains-registrations.com -> 1 Domains Technology Blog
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\1000gratisproben.com -> 1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\1001namen.com -> Life Through Words - Living Life to the Fullest
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\123moviedownload.com -> 123Movies - Watch Free Movies Streaming Online Now
    IE restricted site: HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7866 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2015-10-14 00:54 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 Life Through Words - Living Life to the Fullest
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 2005 Web Search Tips – Search Engine Optimization Insights
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 123Movies - Watch Free Movies Streaming Online Now

    There are 15463 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{1BF38D2D-F2D6-4D4F-92D8-583375B78D71}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6E676E3F-C4B2-48A5-88DE-40B754987689}] => (Allow) LPort=2869
    FirewallRules: [{7C8A9E49-5035-4865-8BEA-539E8639C1D1}] => (Allow) LPort=1900
    FirewallRules: [{99149C4B-9C62-4253-9D0B-299D82DE8A34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{BD36C021-9799-454D-9D13-FA2218ACB583}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{2FA21DA7-1FFF-4219-90C2-F55D14B8C589}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3C5DD2C6-3BBF-4D8B-A0EB-CE9A0D135987}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6181760D-FDC0-4AB3-AEAF-5002E0992159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
    FirewallRules: [{8400DD2C-2187-4AF3-8142-48FF758FA9E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
    FirewallRules: [TCP Query User{8C737345-1969-4040-A4D6-F7E386CA502B}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
    FirewallRules: [UDP Query User{86D98400-6A90-42EA-9748-ED5195BB46E5}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
    FirewallRules: [{4433C422-D898-498B-8E71-A23882BFF20D}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
    FirewallRules: [{67AF9F2A-112B-44FB-A72C-37F0B2D2CC64}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
    FirewallRules: [{34B700AB-849E-4468-86E1-C80D70B43F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe
    FirewallRules: [{FC12B175-771F-4CF6-8E2A-1F9C211FFC7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe
    FirewallRules: [{F975AE23-FEDE-47DE-9E30-3ACA73C29D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{78799530-BA2F-4A76-9A29-CD127BED0478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{3496B922-544A-4326-9500-CE99968D1751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
    FirewallRules: [{BFE2F49C-A81E-4925-AAE1-3D4EA85D5186}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
    FirewallRules: [TCP Query User{4CEB8A18-4100-4558-B926-916558FBE093}C:\games\battle isle platinum\dosbox\dosbox.exe] => (Block) C:\games\battle isle platinum\dosbox\dosbox.exe
    FirewallRules: [UDP Query User{FC4C31E6-10E8-450F-8903-BCD4856FEF9F}C:\games\battle isle platinum\dosbox\dosbox.exe] => (Block) C:\games\battle isle platinum\dosbox\dosbox.exe
    FirewallRules: [{A70E5BCD-64EA-4D2D-A180-CFCEE645D634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
    FirewallRules: [{A98BC183-FCA5-40B4-9F53-E3013916653E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
    FirewallRules: [{D93F0AC8-DEC9-41D6-84C6-588A2BA24FB1}] => (Allow) C:\games\Stardock Games\FallenEnchantress\FallenEnchantress.exe
    FirewallRules: [{ED969E08-8540-472F-A732-159094ED8CA4}] => (Allow) C:\games\Stardock Games\FallenEnchantress\FallenEnchantress.exe
    FirewallRules: [TCP Query User{5987050A-990A-4084-939C-8F1D1097F421}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
    FirewallRules: [UDP Query User{87D6E887-4894-4702-9FDC-18CB8FF0E5F3}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
    FirewallRules: [{8B57696F-EC9F-4A76-B395-90531817E649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasherdemo\data\atomzombiesmasher.exe
    FirewallRules: [{91E5EB3E-50D4-4F70-90FB-C5B09F578EDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasherdemo\data\atomzombiesmasher.exe
    FirewallRules: [{772D71A9-B063-4E1A-A549-05A1E2038431}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims Medieval\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{B13F6CCF-5B7C-4BC7-AD15-C44FB71E71DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims Medieval\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{5323E0FA-F3D0-4FA5-81CE-0B7CA40A1569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{A1AA725A-03A7-41D4-8057-BF94E038BE6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{5BF1AD17-AC38-47E0-952C-975C86E9F4F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{F1F09ABC-7468-4F58-AF54-3AD542522931}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{3D117D14-7593-4509-86AE-5A7124E2EE41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prototype 2\prototype2.exe
    FirewallRules: [{23907516-2598-4883-862C-20C7E3E5FFBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prototype 2\prototype2.exe
    FirewallRules: [TCP Query User{B3343982-6C74-4BF6-9F53-9EA2B146F3BB}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
    FirewallRules: [UDP Query User{6858FBC0-4723-44C1-B2C4-2162327E089A}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
    FirewallRules: [TCP Query User{AA680CB3-C6EA-4275-81D8-7177FE05C769}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
    FirewallRules: [UDP Query User{E46580DE-396F-422C-BA15-D5CF75362FC8}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
    FirewallRules: [{CBCCE630-B564-4DE8-88F2-752BAD0767B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [{44CFF5C3-A0CC-4A7F-9638-4110D7937AF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [TCP Query User{1EF16D7A-A8EC-49B1-B00F-CDA6705D71C7}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [UDP Query User{8123B725-524A-4B7E-8C30-10516C5EE312}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [{3F3BBD30-4DD7-4817-8FC4-BC0372EB0DC1}] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [{78977BC0-4A67-4E2A-A33F-2EB06E394219}] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [{AAFBD0D6-E861-4762-9450-C12D41A45507}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{0E1D99B3-92D9-443E-B8EF-B48602CDCDF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{254C52DB-3724-4A1D-949E-171FEB480149}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe
    FirewallRules: [{C99A6EEF-6EC9-4426-AD84-EDCDA98E0D8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe
    FirewallRules: [{8014C9AA-CAEF-4360-91B8-124070BEC53C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{6C73DCA1-BB9F-422A-AE9A-7E7260EA04EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
    FirewallRules: [{7D197B39-88C9-47A3-A464-5AAC4DFA5D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\game.url
    FirewallRules: [{29BE8771-285D-412A-9ACB-07660C3A4A3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\game.url
    FirewallRules: [{80AFD5A8-5A0D-40CD-A740-B6AB14209245}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\paradox.url
    FirewallRules: [{07398E0F-31A2-4F2D-A862-5EED32B5E4F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\paradox.url
    FirewallRules: [{3F835440-86B6-42FA-9FC8-01B778B56CE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\ino_co_com.url
    FirewallRules: [{4035E1DD-416A-488C-9D50-0B58D093A095}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warlock - Master of the Arcane\support\ino_co_com.url
    FirewallRules: [{7D4AFD35-05CA-4EEE-815A-EF602EA84D6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{023DB24B-5283-4268-99F1-439C67C108AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{3FB6B798-1034-4CD4-8E5E-4927E371BAB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{490B5CCC-71EC-4E6C-9EBF-324439DC8EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{E2EE9BB7-D342-4222-869D-77FB5D65CA22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{89E40B67-608E-439F-A1F6-2352D797B711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{76A528B5-6CFE-4D32-9E23-F4BB881059CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{8E18E309-C71F-439E-A381-79DCA3A51D07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{55674848-2F7B-4A24-94E4-0D21EF81B40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
    FirewallRules: [{E16A0892-0CE6-44B3-86E1-EE95365F8E0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
    FirewallRules: [{AAA32E2C-B706-4C40-99B7-6430FB0B9267}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
    FirewallRules: [{A5C56618-A261-4E14-A74B-93FF0A413326}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
    FirewallRules: [TCP Query User{69CE2A56-B22A-45F5-A8BC-EF4908F0EF7C}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [UDP Query User{99D1A78F-5239-419C-899E-D94DB8AEBCB3}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [TCP Query User{8D55A6E6-405E-4A40-8F88-D787EB96A756}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{F899A7A5-0522-4510-8131-B6994CD7A188}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [{90D3319E-E4D3-4831-A50E-CCBA87BA8D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{CE3F0616-3AC7-44DC-B651-890B4E8F8DDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{63AC9340-3A21-4535-8D28-43A08D7E4F08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{28282253-0E03-42B7-94D6-78123699CEB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{5672AAE0-A89E-4017-B5E2-3A269B0647ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{A1ADF61A-621C-4BD6-8A81-8B959B670EB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{7B21564D-BE76-4088-9E2F-95972267DA57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{CEDC7546-616E-415E-B676-BA405C7CDBCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{360D91FC-8654-4561-9617-8D3F2EBA56D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{36B014A5-2E9A-4CA1-93A5-313AC52436E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{5A2E57AF-61BC-4186-81D8-CDC0248315E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{31C53D22-9959-4A01-9ABB-719F5385B1A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{57EEB60B-74AB-47DE-ADB4-8EDAC8C47E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{4ACD628C-AB14-4E96-B778-512388092372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{7C73FB25-880C-48F6-A280-7CD096FEC42C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{0A802F43-53C3-45AC-8ECF-64AD57A0B59C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{DFFC04AE-7CEB-4FEF-A359-A8A4AB7088F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{67BF4A87-754E-48CE-9314-53E07B77FC0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{1C6EB3F3-E743-4FBA-8D49-16D9CA2FFC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{D863D8C6-63B6-4375-A7FD-0054100BC169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{E9CCEE99-7707-4E7D-8845-E97FC1A15C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{57471A0E-57A6-4E50-985F-0A9D87754BC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{1010DCA2-2433-4C4B-A566-9B50AF4CCA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{F5E3F40A-43C9-47D8-8D05-0F081615D3D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{77C14AFD-0757-43DF-BE7A-6D9C727DB2D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{206A1941-7B20-4ED6-88F3-E06FE4E4A56E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{4F76D6D3-5A8A-43A1-B74E-71D8127A1E6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
    FirewallRules: [{D089E0EA-CA7C-4EC3-A2D5-557C49A01222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
    FirewallRules: [{9FFEA64F-D7DB-437C-A9D2-444A15E0F94F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{CBCC71D3-D26A-424A-ACF6-5936A7BB19C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html
    FirewallRules: [{4FFBEA3E-0C5E-4862-9A4F-64D58DEC87FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{636D6A28-81B1-47B9-AF75-FF8073D5BFB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{413E9BA0-9D8D-4A5A-A5BB-BFEE29A5ABDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{2AA4A933-8A0B-44FE-9A9F-3B0AF18C81A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{EF4AB378-8D62-437D-8E90-278BD5EC4C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{D8002AA2-9757-4D1A-98B8-2F6EE4081E73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat
    FirewallRules: [{72CB6A93-E1CC-4102-B3BC-B4A5389275A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{1DF1E35B-C1AB-4B4C-B9D4-8B24AA6F6DAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{AAEC38BA-61D3-4B22-A0CC-238CCD33DD6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{7C477112-0A43-45C3-90A8-C3B5DDB27F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat
    FirewallRules: [{1653763A-05AD-4E34-828D-937D040599AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
    FirewallRules: [{0592EAEC-AD37-4AFC-A1D2-50128E13D86C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
    FirewallRules: [{1C750ACC-6389-4A52-BC9E-9CDA47DFA7B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{91E4ADAC-4CD8-40CE-B763-C421CB4D9799}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\DefendersQuest.exe
    FirewallRules: [{7B749CBE-49EA-4386-B2EF-2270CC9B2FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{E4A2A728-D7E8-4F82-833E-7922A03A81FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reus\Reus.exe
    FirewallRules: [{B7A9787B-1F5A-450F-B2FC-3AC55256116A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe
    FirewallRules: [{2586B74F-2878-4358-8E9E-6628B3CE1AE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe
    FirewallRules: [{E16DB7B6-BEDE-4DCD-B6F1-3EF63C01D49E}] => (Allow) C:\Users\Nick\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{0E99B5CF-B1FB-40A5-ABDF-2B0BB5220AAF}] => (Allow) C:\Users\Nick\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{58EBCED2-8899-43A3-A09A-371DE4281500}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{EC11139B-6220-48F6-883F-C6C273852EF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [TCP Query User{D99F77C4-0C4E-471B-9B08-8A69D0839634}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exe
    FirewallRules: [UDP Query User{3DEEFD7A-B9E8-484B-BAE1-221C29761F99}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exe
    FirewallRules: [{E634501E-B8EC-45C7-AF45-DAB21F034982}] => (Block) C:\gog games\defcon\defcon.exe
    FirewallRules: [{B03840E8-0F63-416E-A805-C194BE052106}] => (Block) C:\gog games\defcon\defcon.exe
    FirewallRules: [{3999930E-24DC-4246-BB32-0FD1AA755D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{6AE734CB-C97D-4F73-8509-1AD2397BAE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [TCP Query User{E7B0FAD0-93E0-4AB3-AFDF-4A6D3E36BAE8}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{3E39E155-0B34-4AA2-8FA9-0FC2B33570D4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [TCP Query User{5845AF7D-DBBA-4294-AFF6-D21F7CAE274F}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{25740709-0AF9-4FD2-8F32-B1C907FE72C5}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
    FirewallRules: [TCP Query User{BA24EBCB-CA24-4B08-A8A8-14FC1AC7C39E}C:\program files\java\jdk1.7.0_60\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_60\bin\java.exe
    FirewallRules: [UDP Query User{EE4427F7-A835-4DD1-A28F-803E6D4E01F9}C:\program files\java\jdk1.7.0_60\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_60\bin\java.exe
    FirewallRules: [TCP Query User{C3C755F0-29B0-4DAC-A050-DC66E4FAC0B8}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{4BC062A9-2B73-4BAC-86C6-D88E09C24396}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [{710E4D62-0119-469E-9BFA-F24B62CB7023}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [{7B2E4725-D844-48FE-BB03-051863C234C5}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [{D52D8CC0-31AF-4CEB-85E1-5480203C2756}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6A43F7EA-8A3A-4B81-8CA7-E155218886FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{065BAE85-2E20-43D3-8C38-D3937CE215F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
    FirewallRules: [{EAEA6CAC-15DE-4705-8146-D0E42D76B9A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
    FirewallRules: [{9210600E-7339-4A86-BC35-C1E5DA28B3BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{84FEF2AA-944B-44E1-91C5-CAB0E7C9F5A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{61A3D96B-7300-4CA1-9955-559230FCC38E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegroup2\BattleGroup2.exe
    FirewallRules: [{7276BEA6-BE36-40CC-82E2-F47638DE83C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegroup2\BattleGroup2.exe
    FirewallRules: [TCP Query User{4E3602D1-DF0F-4599-838B-547196F66429}C:\users\nick\downloads\bittorrent (1).exe] => (Allow) C:\users\nick\downloads\bittorrent (1).exe
    FirewallRules: [UDP Query User{3201F65C-B875-4BD8-B9E3-A79F5E2784F9}C:\users\nick\downloads\bittorrent (1).exe] => (Allow) C:\users\nick\downloads\bittorrent (1).exe
    FirewallRules: [{89F7042B-67B5-4E48-847D-0F92641F7E84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{ECFBC3B7-842E-4752-AD5F-43682DC01EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{2EBCFE2A-2268-44AD-B58B-32A064F748E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
    FirewallRules: [{6EB202FD-B33E-4D1D-B38B-8EE727A58A50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
    FirewallRules: [{E6EF596A-047B-493E-853A-B3CB4DAE36E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Config.exe
    FirewallRules: [{045F355B-7B6B-48E9-A66E-0B9AE8248833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Config.exe
    FirewallRules: [{088F52FF-C75C-4A42-8BA4-1CF908B6E3B2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{FECFAA11-71E4-405E-B982-671446405605}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{A0FF7D7E-DD81-46C7-98E2-7A82390F7E09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Card City Nights\ccn.exe
    FirewallRules: [{5C0610B9-B6A5-4ECD-9324-21DC5B3D7BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Card City Nights\ccn.exe
    FirewallRules: [{A9165157-9107-4278-B047-E57EB2B13D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
    FirewallRules: [{66CA9C72-95DB-4A9F-B231-88FFAA31D066}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
    FirewallRules: [{B7D1604E-E2B2-4B17-A168-7D98F895D362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
    FirewallRules: [{9D05E533-0018-46C8-AE34-AB47FBF31494}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
    FirewallRules: [{6F51B9EF-1A29-4E0C-AAB4-6BE1CB870C8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe
    FirewallRules: [{A5B71ADF-8AED-447A-9BE9-6340DE410F08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe
    FirewallRules: [{5B51824A-2C35-47AB-98F1-DAA9FC793FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
    FirewallRules: [{C9D54D88-794B-4A55-B2B3-00558E87409E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
    FirewallRules: [TCP Query User{D40BAE1D-1328-481F-A015-5EF01C0D540F}C:\games\distant_worlds\update.exe] => (Allow) C:\games\distant_worlds\update.exe
    FirewallRules: [UDP Query User{78B33E25-CC81-4EEE-A39D-07796208892B}C:\games\distant_worlds\update.exe] => (Allow) C:\games\distant_worlds\update.exe
    FirewallRules: [{F281F18D-9DE9-433F-AD16-9B3B0811E65E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{242557EB-93A8-4B2E-97F5-A26745A21245}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D78E6636-C79F-49FF-90A0-863304140927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win64\DepthGame.exe
    FirewallRules: [{320B37EA-1312-416F-A640-557E1963E61F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win64\DepthGame.exe
    FirewallRules: [{148332B2-9C43-4346-9B38-ADE5CC6DE9BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeaOfStars\seaofstars.exe
    FirewallRules: [{977912D9-EF15-4BC2-A674-6DDF9E5EF779}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SeaOfStars\seaofstars.exe
    FirewallRules: [{01691311-B4B7-4FC7-92EB-6DD6A068279E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
    FirewallRules: [{6FE7DE9E-6B2A-447E-B236-66C449D01577}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
    FirewallRules: [{81776597-1C50-4202-8EA7-87B3B12046AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
    FirewallRules: [{0E5308E1-C51A-4F62-B316-D9FFC339D5F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
    FirewallRules: [{FAE6D782-BDE9-4C62-A1FB-93C2AA6E19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
    FirewallRules: [{67C5A707-4402-4A06-B3CB-B5487020CFD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
    FirewallRules: [{357DCEE5-3DD0-4D87-B5EC-4DB1E292C377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
    FirewallRules: [{B72C1D87-3D50-4ED6-A753-7CBB0DA53EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
    FirewallRules: [TCP Query User{CB6AA466-E56B-44C0-B7F0-F8432C666CFF}C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [UDP Query User{742BC26C-44DC-43E1-91B2-D958C4E7C2EF}C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [{1FE21908-C138-448A-A14B-313366AA6DA8}] => (Block) C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [{A1F4A689-D2E3-408E-BF29-F3D8C3900448}] => (Block) C:\program files (x86)\steam\steamapps\common\greygoo\instanceserverg.exe
    FirewallRules: [TCP Query User{099E5310-C09D-4A59-9E0B-DB47B0282020}C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe
    FirewallRules: [UDP Query User{C070AD95-C1A9-40E1-BBC8-CFB9D1C628F4}C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe
    FirewallRules: [{E4519F60-36A5-4097-9185-504E022F58CB}] => (Block) C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe
    FirewallRules: [{376043C4-7BE3-44CB-B555-3FA07BC25A3D}] => (Block) C:\program files (x86)\steam\steamapps\common\greygoo\goog.exe
    FirewallRules: [{642C7D32-8661-4DC1-B926-E89CE2C42C69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
    FirewallRules: [{7BD5D309-2322-4E04-8E95-4FDBBBC99909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
    FirewallRules: [{1A7A6D3F-5C46-4290-902B-5CA726A29033}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\Thea.exe
    FirewallRules: [{9A6B5F6A-AFB7-498D-875A-97E7EEE1DA85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\Thea.exe
    FirewallRules: [{9491E3F6-6C22-4EFD-B14A-01D0B03E2E0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{926606AE-843F-48A5-A318-663DAD5516D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{AEDF764F-82CA-4F7D-ADC4-BD712E831019}C:\games\coding\eclipse\eclipse.exe] => (Allow) C:\games\coding\eclipse\eclipse.exe
    FirewallRules: [UDP Query User{54D81467-5163-423E-B27B-39286ECA20B5}C:\games\coding\eclipse\eclipse.exe] => (Allow) C:\games\coding\eclipse\eclipse.exe
    FirewallRules: [{08D24865-6365-4F7C-A859-C93AF1569AF2}] => (Block) C:\games\coding\eclipse\eclipse.exe
    FirewallRules: [{70ADD64F-B559-443C-910E-6B7CCE0C2B3F}] => (Block) C:\games\coding\eclipse\eclipse.exe
    FirewallRules: [{1EE85892-8AC9-4763-AB2D-0A575FAA8AB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unholy Heights\UnholyHeights.exe
    FirewallRules: [{6E88A1C8-4EA3-4DEB-9D38-4FF746E0D261}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unholy Heights\UnholyHeights.exe
    FirewallRules: [{3DA8235B-7F9F-4765-ABE3-573DF8F65E74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe
    FirewallRules: [{DDBF87A8-9695-4B0A-A0A7-FAFA265B6FC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe
    FirewallRules: [{6B640B6B-F2BE-490E-93FB-D65498941757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Switchcars\switchcars.exe
    FirewallRules: [{91110C67-7F26-4B96-9EF2-27845C7D98DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Switchcars\switchcars.exe
    FirewallRules: [{ACBB8DE4-03D2-488B-A948-B5852100FDD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ICY\Icy.exe
    FirewallRules: [{1F585EC4-FC85-4247-BC43-7891DA4784AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ICY\Icy.exe
    FirewallRules: [{A07C81FC-882E-48ED-8C50-46BA6C12C94B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{310EC74B-B451-4059-8F90-19A2EBA72447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{195AEF7A-65A2-4E94-B777-83D1B8E995AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Realms\StarRealms.exe
    FirewallRules: [{D348C928-36DF-4C78-B216-5F77A762B5BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Realms\StarRealms.exe
    FirewallRules: [{9B99C80D-C39A-4C68-9204-46333CE8C066}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{02C9143A-D597-454B-8122-96EFAEF70A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{6B3EC579-B9B9-430B-B105-57265391AF75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [{4AC169F2-0D5B-48BB-A303-2E10D4559A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
    FirewallRules: [{99694245-309A-4D02-B7B0-C101B4E1B9E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
    FirewallRules: [{BCAEE6F6-ACD8-4238-9CB3-FB29470BAE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
    FirewallRules: [{3E3189A3-726E-40FD-A5F1-F0381400EC7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Word\Game.exe
    FirewallRules: [{A936BA15-32C7-4613-9A91-563AA664F09F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Word\Game.exe
    FirewallRules: [{9F6AD36A-AF08-41F1-B699-5C4FCD23EAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quest for Infamy\QFI.exe
    FirewallRules: [{5BC4156A-0118-43AC-8F33-B0822C5B05E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quest for Infamy\QFI.exe
    FirewallRules: [{EE5E841A-03B8-4C9F-9A15-773AFD93E55A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quest for Infamy\winsetupQFI.exe
    FirewallRules: [{B4163E35-2534-4D13-84F5-68EF9A6A4F44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quest for Infamy\winsetupQFI.exe
    FirewallRules: [{A6CBDF5D-257D-42B4-B822-917C0CA9B00F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survivalist\Survivalist.exe
    FirewallRules: [{2A805D84-4870-47D7-8120-670316B343BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survivalist\Survivalist.exe
    FirewallRules: [TCP Query User{C0DC1587-60AA-402E-99A1-7141857A28E6}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
    FirewallRules: [UDP Query User{F151BA62-4D47-4A1B-AD88-D9279B97DE95}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
    FirewallRules: [{5F4E73B8-8A96-4055-BE90-A9E9FDA36D32}] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
    FirewallRules: [{2C7DF56D-6B04-4F55-B8F5-4CF6983CA3A4}] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
    FirewallRules: [{B5F20B92-FD17-451B-8045-42B261AFFF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\dx\DefendersQuest.exe
    FirewallRules: [{F404E1CF-1294-4D64-8CAB-F897C57BEFDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\dx\DefendersQuest.exe
    FirewallRules: [{0AF81F52-07BC-4539-9AD8-63904DE3100F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WazHack\WazHack.exe
    FirewallRules: [{F853EA64-890C-4433-96BD-A9CB88C4EF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WazHack\WazHack.exe
    FirewallRules: [{B06CF91E-FDE7-4C02-AEE8-786E3BC56806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom Rush\Kingdom Rush.exe
    FirewallRules: [{0BCF4015-34C1-43BA-B1AE-4728D8CBA444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom Rush\Kingdom Rush.exe
    FirewallRules: [{7459126F-80BD-4816-AC1A-AAA642AF8553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
    FirewallRules: [{7B4DFD9B-3D7D-447F-81C8-52510870925C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
    FirewallRules: [{BD5A1F97-DB21-4B40-9352-1B175E55D8F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
    FirewallRules: [{8FA3D9DB-EBEC-4FEF-830C-D062889AE99B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
    FirewallRules: [{1736389C-ECC5-4771-A811-08840A31C4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
    FirewallRules: [{1D6AC65D-C057-4E3C-997D-D83D1B279CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
    FirewallRules: [{A39FC553-C589-40A4-BCD7-28DF1BB8321E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
    FirewallRules: [{0C778809-DCAD-45EA-ACEF-5D33388A7F37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
    FirewallRules: [{1C76D5F1-A6E8-4FED-90DA-53A6FE4BA92D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
    FirewallRules: [{AB8375CD-4163-4FC3-AF84-A5D6007FF313}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    11-02-2016 18:05:51 Scheduled Checkpoint
    12-02-2016 05:46:22 Windows Update
    16-02-2016 15:23:50 Windows Update
    23-02-2016 07:55:23 Windows Update
    26-02-2016 10:56:36 Windows Update
    27-02-2016 05:21:28 Windows Update
    01-03-2016 14:56:04 Windows Update
    08-03-2016 13:57:29 Windows Update
    09-03-2016 17:56:48 Windows Update
    15-03-2016 16:44:08 Windows Update
    19-03-2016 17:08:51 Windows Update
    24-03-2016 16:39:23 Windows Update
    25-03-2016 04:00:25 Windows Update
    29-03-2016 15:50:31 Windows Update
    05-04-2016 16:20:22 Windows Update
    05-04-2016 16:52:09 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
    05-04-2016 16:52:32 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
    12-04-2016 14:54:11 Windows Update
    14-04-2016 02:37:21 Removed Skype™ 7.2
    14-04-2016 03:00:18 Windows Update
    17-04-2016 14:22:55 Installed DirectX
    19-04-2016 15:07:53 Windows Update
    26-04-2016 17:01:44 Windows Update
    03-05-2016 15:59:07 Windows Update
    05-05-2016 16:35:25 Windows Update
    06-05-2016 22:51:10 Windows Update
    08-05-2016 13:24:26 Installed DirectX
    10-05-2016 13:44:24 Windows Update
    12-05-2016 03:00:46 Windows Update
    13-05-2016 03:00:49 Windows Update
    17-05-2016 14:09:12 Windows Update
    24-05-2016 08:48:44 Windows Update
    26-05-2016 18:58:20 Windows Update
    31-05-2016 23:03:19 Windows Update
    07-06-2016 13:50:17 Windows Update
    14-06-2016 13:18:58 Windows Update
    15-06-2016 13:51:21 Windows Update
    21-06-2016 13:01:16 Windows Update
    24-06-2016 03:01:29 Windows Update
    28-06-2016 15:18:37 Windows Update
    05-07-2016 14:22:26 Windows Update
    12-07-2016 12:57:54 Windows Update
    14-07-2016 03:01:16 Windows Update
    19-07-2016 13:35:39 Windows Update
    21-07-2016 03:01:06 Windows Update
    26-07-2016 18:35:51 Windows Update
    02-08-2016 14:55:35 Windows Update
    05-08-2016 01:51:42 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
    05-08-2016 01:52:45 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
    05-08-2016 01:54:02 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
    05-08-2016 01:55:55 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
    06-08-2016 13:08:25 Windows Update
    10-08-2016 14:50:48 Installed Java SE Development Kit 8 Update 101 (64-bit)
    11-08-2016 03:00:12 Windows Update
    16-08-2016 13:15:15 Windows Update
    17-08-2016 16:20:53 Windows Update
    23-08-2016 08:44:56 Windows Update
    26-08-2016 12:47:35 Windows Update
    02-09-2016 18:01:39 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/05/2016 04:04:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (09/05/2016 03:53:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportNikko.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzanEx410.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan400.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan390.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan380.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan370.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan360.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.

    Error: (09/05/2016 03:52:43 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan350.DLL".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Microsoft.VC80.ATL.MANIFEST" on line 0.
    Invalid Xml syntax.


    System errors:
    =============
    Error: (09/05/2016 03:54:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/05/2016 03:54:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (09/05/2016 03:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/05/2016 03:53:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (09/05/2016 03:52:27 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

    Error: (09/05/2016 02:20:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/05/2016 02:20:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (09/05/2016 02:19:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/05/2016 02:19:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (09/05/2016 02:18:47 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.


    CodeIntegrity:
    ===================================
    Date: 2016-08-29 13:50:49.251
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-29 13:50:48.923
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-29 13:50:48.861
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-29 13:50:48.705
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-29 13:50:02.872
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-28 14:15:23.723
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-28 14:15:23.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-28 14:15:23.115
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-28 14:15:22.865
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-28 14:14:26.674
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8167.06 MB
    Available physical RAM: 5933.63 MB
    Total Virtual: 16332.31 MB
    Available Virtual: 12904.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.92 GB) (Free:737.78 GB) NTFS
    Drive d: () (Fixed) (Total:18.64 GB) (Free:18.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9F145699)
    Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 18.6 GB) (Disk ID: 83EE4F6F)
    Partition 1: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Your logs are free of Malware, these items are simply left over files and registry orphans.
    Hijackthis says suspicious, but don't worry it's out of date and not used for this purpose any more.

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: {ccdca43a-0251-11e1-ae35-f46d0447170f} - K:\LaunchU3.exe -a
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S3 uxddrv; \??\C:\pcspro\uxddrv64.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    Task: {B862CC00-2596-4964-BEB5-B9B6F3F2C493} - no filepath
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  5. The Following User Says Thank You to zep516 For This Useful Post:


  6. #5
    Member
    Join Date
    Sep 2016
    Posts
    4
    Points
    1

    Default

    Thanks, I appreciate your help, and it's a big relief that there's nothing nasty on the computer.

    Here's the fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Nick (05-09-2016 20:33:20) Run:1
    Running from C:\Users\Nick\Desktop
    Loaded Profiles: Nick (Available Profiles: Nick)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
    HKU\S-1-5-21-2688956959-2497820592-655373506-1000\...\MountPoints2: {ccdca43a-0251-11e1-ae35-f46d0447170f} - K:\LaunchU3.exe -a
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S3 uxddrv; \??\C:\pcspro\uxddrv64.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    Task: {B862CC00-2596-4964-BEB5-B9B6F3F2C493} - no filepath
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    "HKU\S-1-5-21-2688956959-2497820592-655373506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K" => key removed successfully
    "HKU\S-1-5-21-2688956959-2497820592-655373506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccdca43a-0251-11e1-ae35-f46d0447170f}" => key removed successfully
    HKCR\CLSID\{ccdca43a-0251-11e1-ae35-f46d0447170f} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    "HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    "HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    AvastVBoxSvc => service could not remove
    uxddrv => service removed successfully
    VBoxAswDrv => service could not remove
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B862CC00-2596-4964-BEB5-B9B6F3F2C493}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B862CC00-2596-4964-BEB5-B9B6F3F2C493}" => key removed successfully

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58294215 B
    Java, Flash, Steam htmlcache => 385397241 B
    Windows/system/drivers => 220873453 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 397611507 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 42347632 B
    systemprofile32 => 73546 B
    LocalService => 66228 B
    NetworkService => 1198290 B
    Nick => 242317242 B

    RecycleBin => 2398240 B
    EmptyTemp: => 1.3 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 20:38:37 ====

  7. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Nothing bad on the computer, even looks better now.

    Thanks
    Joe

  8. #7
    Member
    Join Date
    Sep 2016
    Posts
    4
    Points
    1

    Default

    Thanks so much for your help. It's a big weight of my mind and I really appreciate it. I made a donation to the help2go website - both to say thank you and because I hope this place can keep on helping people for a long time to come.

  9. The Following User Says Thank You to hdghg For This Useful Post: