Inactive Can only boot in safe mode

Galactra

Posts: 14   +0
My brother was using his computer when it suddenly died. His monitor displayed a message about current input timing not being supported so at first we assumed it was a monitor issue. However he has his computer connected to his tv and when he tried to boot it just goes to a black screen. We managed to get it in safe mode but we are unable to run any virus scans. It immediately cancels avast, malwarebytes and Sophos. I'd appreciate any help.

Quick update: booted it up in safe mode with networking and we are now running a malwarebytes scan.
 
Last edited:
Update: cannot boot google chrome, only firefox.

malwarebytes scan:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/6/2017
Scan Time: 7:21 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2017.04.06.08
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Skullz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374019
Time Elapsed: 16 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.FullTab, C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage, Quarantined, [fae6f3faf9af3501167bc24c3ac755ab],
PUP.Optional.FullTab, C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fulltab.com_0.localstorage-journal, Quarantined, [4d93e805e0c8e84ee4ad6f9f0bf6ff01],
PUP.Optional.FullTab, C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage, Quarantined, [c8185a93bbedf046145a2ee127da21df],
PUP.Optional.FullTab, C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [af31de0f7e2a7abc610d9c73d829b24e],

Physical Sectors: 0
(No malicious items detected)


(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Skullz (administrator) on SKULLZ-PC (06-04-2017 19:43:27)
Running from C:\Users\Skullz\Downloads
Loaded Profiles: Skullz (Available Profiles: Skullz & Diablo2 & Legends Of Gaming & Guest)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-11] (Google Inc.)
HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\Run: [BingSvc] => C:\Users\Skullz\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\Run: [Google Update] => C:\Users\Skullz\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EA99F9A0-0ABE-4741-84BB-EFE53F835C6A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-178659680-4241230823-3548333106-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=SK2DDF&PC=SK2D&q={searchTerms}&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-178659680-4241230823-3548333106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: lvi5a7t7.default
FF ProfilePath: C:\Users\Skullz\AppData\Roaming\Mozilla\Firefox\Profiles\lvi5a7t7.default [2017-04-06]
FF Extension: (MEGA) - C:\Users\Skullz\AppData\Roaming\Mozilla\Firefox\Profiles\lvi5a7t7.default\Extensions\firefox@mega.co.nz.xpi [2017-03-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-04-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-04-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-178659680-4241230823-3548333106-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Skullz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-178659680-4241230823-3548333106-1000: @talk.google.com/O1DPlugin -> C:\Users\Skullz\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-178659680-4241230823-3548333106-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-178659680-4241230823-3548333106-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-178659680-4241230823-3548333106-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Skullz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-04] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Skullz\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Skullz\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (YouTube) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-02]
CHR Extension: (Google Search) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Tampermonkey) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-05]
CHR Extension: (Dark Reader) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2016-08-07]
CHR Extension: (AdBlock) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmbkomibikcifnmcjjdakehdmdfnlh [2015-07-18]
CHR Extension: (AdBlock) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-06]
CHR Extension: (Adblock Plus) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdpdiimgknbnmijkaeefkhpgonlkjja [2015-07-18]
CHR Extension: (Diablo III) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilobmjbdajhlndjaahjceaaojlajnpd [2015-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR Profile: C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-10-16] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-19] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-18] ()
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 19:43 - 2017-04-06 19:43 - 00017957 _____ C:\Users\Skullz\Downloads\FRST.txt
2017-04-06 19:42 - 2017-04-06 19:43 - 00000000 ____D C:\FRST
2017-04-06 19:42 - 2017-04-06 19:42 - 02424832 _____ (Farbar) C:\Users\Skullz\Downloads\FRST64.exe
2017-04-06 19:12 - 2017-04-06 19:21 - 00275978 _____ C:\Windows\ntbtlog.txt
2017-04-03 18:20 - 2017-04-03 18:20 - 00000000 ____D C:\Users\Skullz\Downloads\Beauty and The Beast 2017 720p HD-TS x264-CPG
2017-03-27 13:06 - 2017-03-27 13:06 - 00001510 _____ C:\Users\Skullz\Vystar 2017 Merchant letter.txt
2017-03-19 11:48 - 2017-03-19 11:49 - 00000000 ____D C:\Users\Skullz\Downloads\Logan 2017 720p HD-TS V.2 x264 AC3-CPG
2017-03-15 14:08 - 2017-03-15 14:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-15 14:08 - 2017-03-15 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-13 02:15 - 2017-03-13 02:15 - 01712946 _____ C:\Users\Skullz\Downloads\Trump proud to have him as president.html
2017-03-13 02:15 - 2017-03-13 02:15 - 00000000 ____D C:\Users\Skullz\Downloads\Trump proud to have him as president_files
2017-03-07 05:17 - 2017-03-07 05:17 - 02306341 _____ C:\Users\Skullz\Downloads\Resident Evil Claire being attacked.html
2017-03-07 05:17 - 2017-03-07 05:17 - 00000000 ____D C:\Users\Skullz\Downloads\Resident Evil Claire being attacked_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 22:55 - 2015-12-12 19:09 - 00000000 ____D C:\Users\Skullz\Desktop\[EXE]OrapeV3-27.7.5-RB
2017-04-06 22:55 - 2015-12-03 14:50 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-06 22:55 - 2015-08-27 10:07 - 00000000 ____D C:\Users\Skullz\Downloads\Revenant
2017-04-06 22:55 - 2015-07-04 06:57 - 00000000 ____D C:\Users\Diablo2\AppData\Roaming\Raptr
2017-04-06 22:55 - 2015-06-16 14:12 - 00000000 ____D C:\Users\Skullz\AppData\Roaming\vlc
2017-04-06 22:55 - 2015-06-04 15:38 - 00000000 ____D C:\Users\Legends Of Gaming
2017-04-06 22:55 - 2015-05-13 02:23 - 00000000 ____D C:\Users\Skullz\AppData\Roaming\Raptr
2017-04-06 22:55 - 2015-05-04 19:41 - 00000000 ____D C:\Users\Guest
2017-04-06 22:55 - 2014-07-07 02:43 - 00000000 ____D C:\Users\Skullz\AppData\Roaming\BitTorrent
2017-04-06 22:55 - 2014-06-23 17:30 - 00000000 ____D C:\Users\Diablo2
2017-04-06 22:55 - 2014-06-13 06:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-06 22:55 - 2014-05-11 20:19 - 00000000 ____D C:\SuperChargerProfile
2017-04-06 22:55 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-06 22:54 - 2014-05-11 21:57 - 00000000 ____D C:\Users\Skullz\AppData\Roaming\Skype
2017-04-06 22:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-04-06 19:26 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-06 19:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-06 19:21 - 2014-05-14 02:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-06 19:16 - 2015-06-16 01:21 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-06 19:13 - 2014-05-11 17:32 - 00000000 ____D C:\Users\Skullz
2017-03-22 14:06 - 2015-06-16 01:21 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-03-19 08:25 - 2009-07-14 00:45 - 00023296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-19 08:25 - 2009-07-14 00:45 - 00023296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-19 08:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-17 15:22 - 2014-05-31 15:48 - 00000000 ___RD C:\Users\Skullz\Desktop\Harry's Music
2017-03-15 14:08 - 2014-05-30 18:21 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-15 14:08 - 2014-05-11 21:56 - 00000000 ____D C:\ProgramData\Skype
2017-03-15 14:07 - 2014-05-11 17:14 - 00000000 ____D C:\ProgramData\Package Cache

Some files in TEMP:
====================
2017-01-20 03:38 - 2017-01-20 03:56 - 30086824 _____ (ArenaNet) C:\Users\Skullz\AppData\Local\Temp\Gw2.exe
2016-06-02 17:54 - 2016-06-02 17:54 - 41763456 _____ (Skype Technologies S.A.) C:\Users\Skullz\AppData\Local\Temp\SkypeSetup.exe
2017-03-15 14:06 - 2017-03-15 14:06 - 14456872 _____ (Microsoft Corporation) C:\Users\Skullz\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-16 12:28

==================== End of FRST.txt ============================
 
I'll have to cut this up into several chunks

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Skullz (06-04-2017 19:43:50)
Running from C:\Users\Skullz\Downloads
Windows 7 Home Premium (X64) (2014-05-11 21:32:52)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-178659680-4241230823-3548333106-500 - Administrator - Disabled)
Diablo2 (S-1-5-21-178659680-4241230823-3548333106-1005 - Limited - Enabled) => C:\Users\Diablo2
Guest (S-1-5-21-178659680-4241230823-3548333106-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-178659680-4241230823-3548333106-1004 - Limited - Enabled)
Legends Of Gaming (S-1-5-21-178659680-4241230823-3548333106-1007 - Administrator - Enabled) => C:\Users\Legends Of Gaming
Skullz (S-1-5-21-178659680-4241230823-3548333106-1000 - Administrator - Enabled) => C:\Users\Skullz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version: - Remedy Entertainment)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE)
BitTorrent (HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Block N Load (HKLM-x32\...\Steam App 299360) (Version: - Jagex)
Blood Omen 2: Legacy of Kain (HKLM-x32\...\Steam App 242960) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Bully Scholarship Edition (HKLM-x32\...\InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}) (Version: 1.00.0154 - Rockstar Games)
Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Hidden
Card Hunter (HKLM-x32\...\Steam App 293260) (Version: - Blue Manchu)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
Dead Rising 3 Apocalypse Edition (HKLM-x32\...\Dead Rising 3 Apocalypse Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)
Discord (HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DOOM II: Hell on Earth (HKLM-x32\...\Steam App 2300) (Version: - id Software)
Dracula: The Resurrection (HKLM-x32\...\Steam App 289800) (Version: - Anuman)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - Mode 7)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version: - Raven Software)
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
I, Zombie (HKLM-x32\...\Steam App 307230) (Version: - Awesome Games Studio)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Legacy of Kain: Defiance (HKLM-x32\...\Steam App 224300) (Version: - Crystal Dynamics)
Legacy of Kain: Soul Reaver (HKLM-x32\...\Steam App 224920) (Version: - Crystal Dynamics)
Legacy of Kain: Soul Reaver 2 (HKLM-x32\...\Steam App 224940) (Version: - Crystal Dynamics)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
LISA (HKLM-x32\...\Steam App 335670) (Version: - Dingaling)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
No More Room in Hell (HKLM\...\Steam App 224260) (Version: - No More Room in Hell Team)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150722.114279 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Path of Exile (HKLM-x32\...\{c230e92b-403e-419d-a09e-2f615180741e}) (Version: 2.2.2.56756 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.2.56756 - Grinding Gear Games) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version: - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version: - Frictional Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - Lukewarm Media)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Revenant (HKLM-x32\...\1207665803_is1) (Version: 2.0.0.6 - GOG.com)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version: - Crytek)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version: - Blue Isle Studios)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version: - id Software)
The Vanishing of Ethan Carter (HKLM-x32\...\Steam App 258520) (Version: - The Astronauts)
Thinking with Time Machine (HKLM\...\Steam App 286080) (Version: - Stridemann)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Unity Web Player (HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Velvet Sundown (HKLM\...\Steam App 307290) (Version: - Tribe Studios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version: - id Software)
ZDaemon (remove only) (HKLM-x32\...\ZDaemon) (Version: - )
Zombie Army Trilogy (HKLM-x32\...\Steam App 301640) (Version: - Rebellion)
 
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-178659680-4241230823-3548333106-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-178659680-4241230823-3548333106-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-178659680-4241230823-3548333106-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-178659680-4241230823-3548333106-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Skullz\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B88D5C-252E-4D5A-90AB-0C88AE578F85} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {1ED0AE80-F331-4DD0-A1C1-7B8F41C1D55E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178659680-4241230823-3548333106-1000UA => C:\Users\Skullz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2057B741-A172-4E5C-A5BB-5D2013CF778E} - System32\Tasks\{3C71714A-6836-4471-BCA2-AEB17FD4F8B3} => C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
Task: {2342C206-8FEE-4CDC-9A8E-F1C52FF7E56D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {3FA9ACD8-736F-4397-B0D9-6A0C1BE137DA} - System32\Tasks\{D5A445E6-A463-4A82-99E9-1136A0C50D7F} => C:\Program Files\iTunes\iTunes.exe
Task: {4138E538-7B1D-47A6-98F9-889C61749EAC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
Task: {53C74536-4F08-434E-A14C-E44E509A92E8} - System32\Tasks\SafeZone scheduled Autoupdate 1458706995 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {677E3C31-9B61-4B6E-AF3D-38ADF5FE7A52} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {7DCCCF62-3574-4ED7-8D6E-9EF8CD1DD6E5} - System32\Tasks\{ED761C05-92E5-4455-91BF-62EBFF85CA97} => C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
Task: {85165E10-1955-446E-9883-9A7DA80E3BD0} - System32\Tasks\{8541F686-8ACF-4A1F-83DF-ED072A360D44} => pcalua.exe -a D:\Network\Realtek\PCIE\WIN7\setup.exe -d D:\Network\Realtek\PCIE\WIN7
Task: {8A4EEC03-2372-4AD6-A50D-014174C1344C} - System32\Tasks\{C0B31527-C04E-4AAE-8BBA-25E0EE685072} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.4.0.102&amp;LastError=12002
Task: {AD9277E8-5269-42F7-900C-A90B4480AD0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178659680-4241230823-3548333106-1000Core => C:\Users\Skullz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C1B8F02A-15AD-4E03-A1B3-F0A10CB4378F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {CB06F920-061E-4DA9-ABA7-8FA0FA13B234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D59BAA3B-C1CE-4A47-83EB-424502E59BEF} - System32\Tasks\{6ABAE6F9-10C5-4EC6-8A55-550561253EBB} => C:\Program Files\iTunes\iTunes.exe
Task: {DFAF6B02-EC50-4EC3-B97D-163C29E53957} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E8B7E650-C7CC-428C-848C-B82D86D1DB7E} - System32\Tasks\{BA8A44B8-4E0C-4D9A-804F-994122C24351} => C:\Program Files\iTunes\iTunes.exe
Task: {ECA9B995-415F-4A8E-ADE8-E1EA4DA081DC} - System32\Tasks\{6B761CA7-2A5C-4D09-87C2-E05A20D1C4EB} => Chrome.exe hxxp://ui.skype.com/ui/0/7.5.85.102/en/abandoninstall?page=tsProgressBar
Task: {EF88491B-C214-428C-B7ED-AD9AC4F1891F} - System32\Tasks\{60593CB1-2C46-443F-A2B3-4372C64B4715} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=2

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Skullz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Adblock Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lgdpdiimgknbnmijkaeefkhpgonlkjja
ShortcutWithArgument: C:\Users\Skullz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fpfmbkomibikcifnmcjjdakehdmdfnlh
ShortcutWithArgument: C:\Users\Skullz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fpfmbkomibikcifnmcjjdakehdmdfnlh
ShortcutWithArgument: C:\Users\Skullz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2016-09-26 13:23 - 2016-09-26 13:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-26 13:23 - 2016-09-26 13:23 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-26 13:23 - 2016-09-26 13:23 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-178659680-4241230823-3548333106-1000\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-19 16:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Skullz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C7F5FD06-A009-46CC-9FD6-3388AB65AECF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{979F6314-C4B9-473F-AA1A-8E89E03F7891}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{15BBE18E-D4A8-46B0-9DCB-ECF1052E6863}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E9A7F61B-3F12-4A69-BD4D-510ABF78F071}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5CB88C08-7FCA-4B77-8D33-F320D6B01C4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{26E96E8A-E8F1-4E6D-847F-004B00B7F4C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3ED42D8-3BAD-4CB5-8368-620607C365D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D60F8CEF-F5B9-4203-94FC-C17B08A163ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FBF54CD8-392B-4218-9A7A-B61073F8649F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{27F3AD34-9DCA-4F51-8C4D-EB6FFDD509D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{61730A7A-1D62-4D62-9056-011F26395D8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EA50A243-48E4-4310-B732-22002CC9E44C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A4B60511-32CE-4137-8688-A0BF70C387F4}] => (Allow) C:\Users\Skullz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{646E8DF1-438B-4C00-B8D9-215742BCCAEB}] => (Allow) C:\Users\Skullz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1526B509-60E5-48BB-9A35-7496E9373B53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{CBB63A9A-A94E-42F2-AEC6-9E5BE383FA21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{C6661375-A8EC-431D-9E41-147E8C0447CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5E9BD44-8145-482E-B1CD-DAA6485363F4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{78D1C3B7-7690-4DD9-BB3A-588476BD9E7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{BE065F4D-2AA4-45FF-8482-23022EE6B36F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{BF98BA05-C71E-4696-A203-13C04D69B1F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{CDBB9A03-9AF9-4F8C-9992-D12B6CC07ACF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{04E2E7C4-8692-4D72-9FBC-C65EA67C29E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{34420147-8513-4283-BC71-3A0C6523BB53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{4E3A77E2-827C-4F97-A7D7-14B02625E6B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{E5875D1B-9974-4664-85EE-5DBE591ACC9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{D44ECC42-9E05-42F2-871A-A399B60088DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{238CC49D-B5CA-4F1E-A7D1-A847D41E3E94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{DA66F4B0-E455-4F06-9B17-4C7EA978C71D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{33E23BE2-5DB0-40B6-95F5-E578F3043DDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{D7F28B60-3876-4228-8105-689D354C700D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{C0E57612-04B2-46C5-B0DE-70F69F1AF695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{3DF8BAD0-A1F0-4A4E-87DF-8251A4983B1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{7DE703E4-E6D3-47C3-B246-CB0B01602991}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{847C0A7E-052E-4B4D-92ED-A897EFC75140}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe
FirewallRules: [{3604F067-7F3C-4689-AE41-BCF6D023C8CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe
FirewallRules: [{40567B16-3078-4B33-97CA-C7DE6CB84D89}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{4B38783C-B261-4C1A-AE38-E747E0157466}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe
FirewallRules: [{E69B8384-1131-4B84-9BA5-50BD6543D4AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{9FAC538D-45FC-4420-A1DB-D8B98A93CAFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{49E9B873-E71C-4268-924A-B8B6AED1C30D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CC6EB326-109C-4957-B193-BA8B990B68D6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CC8CBB0A-B3FD-453B-B429-9EB93DE78D9F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{00BC65D8-6F89-4F75-875E-C9174B5A475E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{328492AC-424B-4717-AE1C-58408A05F6A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{2220D92E-3C42-431C-8CC4-AF78504299F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{4C16EE13-51C1-4079-A4E5-9AABE0DEE3A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{94C3190F-9142-41ED-BFB7-D77FDF871F54}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{147078FF-9BDF-44F5-A426-6D2E924EFE5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4636CE4B-973C-4902-BF4A-D63203C4AD29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{987902FF-5A89-4211-9041-6B5831D7040C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{FF66328B-EA96-45EE-A200-8A5C79C54F17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{98DD3218-33FA-4C38-BAA2-F4BC4A12A2F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{BA5957A6-28CA-4C70-B635-44878FEA299D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{0207C439-BB90-4781-A030-7D1218B69D6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{07D0E531-04D2-422E-9378-A63DF82DC899}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{4EC8827D-4CE8-473D-8A72-37B52EF52824}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B47B52AA-356F-424C-A1CE-8EC92DDB2F71}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{A440BAA8-5A9C-46A5-85B7-2506A613C692}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{092C024C-AE91-46C2-BC31-C985D9057D64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{74E312D2-577D-4827-B35E-8786428ACCC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{716B1D91-A44E-4E0F-8E5E-0BFC82A14222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{45DDA679-705F-4C41-8CDD-F41259861D81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{209CDEF9-B74E-4CC5-B9E6-24F493860200}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{2A5BF721-7EB6-4447-8E90-65BDE577DF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{E71B1BF6-930A-48AE-A891-5C3C0759B493}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6C7500C5-CD49-43A5-A2EC-051BDAC49931}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{77CC31A9-A9F7-4C47-A793-F35319EB4EA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Legacy of Kain Soul Reaver 2\sr2.exe
FirewallRules: [{162F5C35-17D3-4B6D-8FC9-98628B216621}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Legacy of Kain Soul Reaver 2\sr2.exe
FirewallRules: [{7EF9249C-6F25-4269-8694-A6FE2E600344}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Legacy of Kain Soul Reaver\kain2.exe
FirewallRules: [{45FCCC60-D2EB-475A-AD33-E2A211FF7F97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Legacy of Kain Soul Reaver\kain2.exe
FirewallRules: [{333FE1E3-301D-44C6-B07D-16EC13EAB5C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{DACAEEF9-5350-4EDD-9402-0961B2507AE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Blood Omen 2 Legacy of Kain\bo2.exe
FirewallRules: [{9452D126-88CA-4F6E-A792-563905895AD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\legacy_kain_defiance\defiance.exe
FirewallRules: [{C607CD6C-1A5B-4E44-B95C-FBDA3324F0A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\legacy_kain_defiance\defiance.exe
FirewallRules: [{3B30647A-E8B6-49BD-A7BA-38CED5A317D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{4719617E-AF5D-4AB4-9A67-262345A1FD78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{FC846C83-E853-415B-98D3-51B81ED1B1F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ryse Son of Rome\Bin64\Ryse.exe
FirewallRules: [{A85E5327-E41F-4786-8EBD-D13AAC461833}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ryse Son of Rome\Bin64\Ryse.exe
FirewallRules: [TCP Query User{644BD65E-0345-409C-9FA7-48DD6AA336FE}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{AEADB3BC-3993-4E98-8D33-416C562C72BC}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{49546129-C557-4D33-A043-F5CCCC8E0957}C:\users\skullz\desktop\games\zlauncher.exe] => (Allow) C:\users\skullz\desktop\games\zlauncher.exe
FirewallRules: [UDP Query User{CACFE9F7-DBE1-4971-A0A1-F2E0B6F21CB0}C:\users\skullz\desktop\games\zlauncher.exe] => (Allow) C:\users\skullz\desktop\games\zlauncher.exe
FirewallRules: [TCP Query User{33D8B20A-5940-4F3D-BAF3-B5C675CF4F15}C:\users\skullz\desktop\games\zserv32.exe] => (Allow) C:\users\skullz\desktop\games\zserv32.exe
FirewallRules: [UDP Query User{5122F156-22E1-483C-8912-EE49CF77D26B}C:\users\skullz\desktop\games\zserv32.exe] => (Allow) C:\users\skullz\desktop\games\zserv32.exe
FirewallRules: [{647C5273-FCF5-4338-83D8-1A3139076334}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{E74E41F8-DAA7-4390-964E-C02C2A2D07AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{965369BC-0291-4108-BC33-273C557374F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dino D-Day\dinodday.exe
FirewallRules: [{ACD3E4B1-C24D-42E1-A049-F5935048EE35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dino D-Day\dinodday.exe
FirewallRules: [TCP Query User{487EAF69-3B21-4A48-872E-5AFDAAC25D9A}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{90734961-086A-45D7-A811-2CBE5C8DC0B6}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{AE915162-32E7-411F-A90F-E0E704C5DB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{3081AD06-E56D-4E72-BADA-835FFE2486E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{C36C03BA-3BA4-42CB-BD9B-B2F76BE2E056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{C9B50745-06A2-4819-9B60-663540FCF1AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{91224AF9-F3A4-4838-AD06-DB5890C66807}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{B2D1B0D0-D274-4AAC-85D2-7D88671FD1CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{24439FE7-DD79-4722-A8F5-00DE2FF72808}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{CD22F1A3-8392-4852-90A7-A612815029E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{25292E67-EF09-4AFB-A6E1-B421EAF0F1B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\I, Zombie\I, Zombie.exe
FirewallRules: [{2854BAE9-5E56-4119-8DF5-401D36D719FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\I, Zombie\I, Zombie.exe
FirewallRules: [TCP Query User{845FAC60-3FCB-4496-87B1-01520754E001}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{A02114FA-EDB4-4447-829C-2624030A775B}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{196767F2-EC2E-401E-9D6F-2FA050FF3D6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dracula The Resurrection\DraculaResurrection.exe
FirewallRules: [{AAF2E8A6-E1BF-4985-AF19-01E9BF5AF195}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dracula The Resurrection\DraculaResurrection.exe
FirewallRules: [{E04D0620-2CBA-43F4-BCFE-9090F656B01D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A621D7DB-F0C5-4CF2-A569-9688D8476E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1F9FB184-BED6-42E0-BD48-446BCC89D871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FDDEFAF1-50EF-4607-9827-9CD2F10A8B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6F6A126C-14DB-441A-819D-BC4C667134FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{33F6FB80-97A2-41E8-91EF-1D070C95AA45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06C2EA3B-203F-4587-A4AF-56C9494AB9FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2432759D-ECCD-48EE-BA6A-7A8983C4FED4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{730F0878-282E-42CC-924F-2A2C9BC83330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5C132A27-2E11-4B64-A039-5CAC76F69648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{027E6BE5-37CF-4DB5-8E08-13304A51FD4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7BDDF80F-BE3F-45A5-B5A1-A421F093748A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{ECE4C0A4-DA5A-4D1E-8BBE-92C2B6C8A9CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{992F7EEB-5B1D-4F24-8C65-60A013097039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1B61AD40-ABD4-4EA5-A51D-8AFD8907FB7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5C14DE9D-B335-4AFA-A8A3-A4083F3E8311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{76D62559-E949-49EB-A5EA-8F2A9187BCC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{1B7B3488-E228-4BC0-AB1D-FABFEAC9679D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{41BCC249-3C2B-4420-8831-C1B0AC79EB9F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{67E4E7CD-E611-468F-B4F3-B1431E7C9AF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{636426C7-2314-4D07-A69C-081878D21969}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CardHunter\CardHunter.exe
FirewallRules: [{1D772BE6-6CA7-49AE-9EFB-20B94609ED34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CardHunter\CardHunter.exe
FirewallRules: [{82183544-E9E3-4456-994C-36C70FF6E71C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{E237291F-F8B7-4B52-911B-AD3B3C70185F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{B74AC818-FB80-47AB-AD47-7C3E397B37FB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6CE8D61D-C302-4B91-933A-330F3A2CC5B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2CA9FE2B-8B63-4510-A465-B4EA3819C79C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3EE3E73E-7617-467B-A2E0-1EC8A27CC0C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C742B2D7-1C7C-4B60-84E5-3C32456F8DCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{4F0FB6C7-E80F-4BCE-8352-426D71A59A91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{70486953-8021-43B3-8F1F-82C0A83915C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{2EB38E8D-BEDD-4876-950F-26F9ABA169B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{45B6D3BA-7A93-4B7D-BF38-F7A453CD506D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{D1435BED-47D9-4E95-90C1-4A31368E6F64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{49F6A7FE-C0A8-4D57-A353-BDE912F444D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [{EDBC9CBD-CA4C-45F4-8C77-FB25FE101BD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [TCP Query User{E7E04A45-0E80-4B52-96AC-FAA3DFAF27EA}C:\users\skullz\downloads\revenant\revenant.exe] => (Block) C:\users\skullz\downloads\revenant\revenant.exe
FirewallRules: [UDP Query User{EE998A03-1999-4FF7-BAD0-991F7373BCB3}C:\users\skullz\downloads\revenant\revenant.exe] => (Block) C:\users\skullz\downloads\revenant\revenant.exe
FirewallRules: [{1CC33293-E2B2-4276-B161-1AAE5AD0641B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{DD5E0B6C-CF8D-4E53-A762-74589CB79397}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{42C7C467-F51A-44F3-AF93-BC8A764931D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{3225E84E-A7F7-4FE0-9505-766004FCECCC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{CB86CF8B-736E-45BB-BE4B-C29413DCA385}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{5406BD30-8CC4-4137-AD75-7A03E5168884}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{59833999-C261-4F05-ACE5-FCA7B206F613}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{FDDF3E04-51E8-40F0-B473-4B5BE06D44BE}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{5A3065FD-A5A1-42A6-825E-A088F8C60D4C}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{2C972FE5-16E4-4822-B824-65EEB681DD23}] => (Allow) C:\Users\Skullz\Desktop\Rotmg\OrapeV3-27.7.0.exe
FirewallRules: [{4B39EC2B-AB64-421D-93E9-B032841E5D3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5122A1F0-2E1B-4C5C-8AD2-6016EA38F7D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{385458CC-4B37-4DA2-997F-9AE90E9B7D3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{1CA605F7-75DA-41DE-82B8-AC82B5ED2A91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{9358DF79-C324-4E36-AAD4-D2842D136509}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{A85F18E0-1A60-4274-95D4-44FD52A96980}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{1447F1AD-E0E7-4972-B0BB-8039035AE125}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DC2314D-D36F-4B77-9EF2-D988A38FEC5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF5CEB9C-AF48-4809-BDFD-C5D2D0622D45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1516577C-CA89-4ED4-BE2A-BA32285FE76A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA068CAA-6B30-4617-BAE8-334697D0825C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{B9FE1D7A-D65F-4003-BCDB-D30C58515C28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{CC7FF0E4-DD1D-4D9D-9F7A-61975E51839E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F91BBEBB-EDA6-48B6-A72D-4E6DA1D39493}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B41401B8-85C1-4F64-B62F-07FB37039B49}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{CF3820AE-B594-4D54-8667-2412F9BC25C9}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0E3C4BA7-E57D-460C-88C6-8EEDFF6B936A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{25E26EFA-A5F5-4B49-A0BA-235E291D7EB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{0E5D5EBC-0573-4330-A6DD-06F03595B797}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\portal2.exe
FirewallRules: [{8F964142-630C-47EA-9C61-8202C3021DEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\portal2.exe
FirewallRules: [{AA455EF8-2B56-4C74-949F-6DF1EA8D1298}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{22175F5D-D2AE-4CF3-AB7B-FFE8A725FD85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{9EEF2703-A127-408D-8499-884B94D63602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DAC72C64-EB96-4507-82D5-0E989B42A0DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFC0FA8A-3D7A-45E0-AAEE-9CD18964B4F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D10E1BFA-028D-4828-AFF2-9C0B0809DA21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FC44E134-E6C6-4DCB-A084-CFFECF15CC6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [{E6C09470-561B-44EF-9A9D-53395D6837DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [{8E67066B-904E-490E-A930-DC50FA80634F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{22AB7398-0E53-44BB-9A33-56FB6BAC4572}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3BCF923F-6048-4AE7-863E-A978B38EDB1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0E2F6BA7-1CDA-4C37-A291-BC0E4C581AAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{66C04855-C55B-4EFE-8456-D5B8036DA5F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{DFDB3066-18AD-4FCF-8E56-E209F9646379}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{A108C18D-5E2A-44F6-AE0C-C9D34BF88C50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{33DE4200-E22D-485B-8273-9815F5C1CAFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{733910C9-4DEA-47BE-A1FE-3BBF3005467B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9639E61A-3F4C-4D17-8FC9-5CBD1300A27E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F0F4E8B-A061-495B-8711-A35CF992C17F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================

17-11-2016 06:33:45 Scheduled Checkpoint
23-11-2016 01:27:06 ASU_MSI_TRAN
30-11-2016 04:24:38 Scheduled Checkpoint
07-12-2016 12:11:11 Scheduled Checkpoint
16-12-2016 10:01:21 Scheduled Checkpoint
23-12-2016 12:28:34 Scheduled Checkpoint
31-12-2016 04:10:03 Scheduled Checkpoint
07-01-2017 11:33:54 Scheduled Checkpoint
13-01-2017 18:23:21 ASU_MSI_TRAN
16-01-2017 00:29:25 Removed Apple Software Update
25-01-2017 11:10:26 Scheduled Checkpoint
02-02-2017 02:14:51 Scheduled Checkpoint
09-02-2017 02:20:45 Scheduled Checkpoint
16-02-2017 12:54:08 Scheduled Checkpoint
24-02-2017 21:22:41 Scheduled Checkpoint
04-03-2017 03:47:30 Scheduled Checkpoint
13-03-2017 10:35:54 Scheduled Checkpoint
15-03-2017 14:06:39 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
15-03-2017 14:07:20 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
23-03-2017 23:16:41 Scheduled Checkpoint
05-04-2017 06:18:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2017 07:20:20 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (04/06/2017 07:20:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070005

Error: (04/06/2017 05:10:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (04/06/2017 05:10:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (04/06/2017 05:10:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2017 05:10:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (04/06/2017 05:10:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (04/06/2017 05:10:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2017 05:10:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

Error: (04/06/2017 05:10:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
System errors:
=============
Error: (04/06/2017 07:20:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/06/2017 07:20:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/06/2017 07:20:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2017-04-06 05:17:23.275
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-05 14:47:56.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-04 14:14:02.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-03 15:51:09.267
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-03 15:16:07.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-03 12:40:20.780
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-03 08:15:54.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-02 13:30:45.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-02 13:10:19.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-02 12:36:47.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 8141.51 MB
Available physical RAM: 6667.73 MB
Total Virtual: 16281.16 MB
Available Virtual: 14941.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:996 GB) (Free:99.63 GB) NTFS
Drive s: (Second HardDrive) (Fixed) (Total:866.92 GB) (Free:863.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 14715C2A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=996 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=866.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

I don't see much there but we can run some checks...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Thanks for your reply. I'm running roguekiller now. Do you think that because the scans are being run in safe mode with networking it could be blocking whatever issues there are? If it's a hardware issue, why is it only able to run in safe mode?
 
RogueKiller V12.10.3.0 (x64) [Apr 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Safe mode with network support
User : Skullz [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/06/2017 21:23:55 (Duration : 00:22:15)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-178659680-4241230823-3548333106-1000\Software\WebApp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-178659680-4241230823-3548333106-1000\Software\WebApp -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] 568610ef12e3c4fa5cd84a812c65c22c
[BSP] c9691529a68ef319aa5b0d1453274449 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1019899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2088960000 | Size: 887727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes produced no log

# AdwCleaner v6.045 - Logfile created 06/04/2017 at 22:19:20
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-06.1 [Server]
# Operating System : Windows 7 Home Premium (X64)
# Username : Skullz - SKULLZ-PC
# Running from : C:\Users\Skullz\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [C:\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-nova.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\plsvcv2
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\plsvcv2
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com


***** [ Web browsers ] *****

[-] [C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: speedial.com
[-] [C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bmkckgpgekmanipelfidlhmkfcjicion
[-] [C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oiokahphinmbmakkehgelkmpolmnbkdh
[-] [C:\Users\Legends Of Gaming\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Legends Of Gaming\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2712 Bytes] - [06/04/2017 22:19:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [2904 Bytes] - [06/04/2017 22:16:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2858 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Skullz (Limited) on Thu 04/06/2017 at 22:28:07.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 25

Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J7UJ11L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G5MPPF5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WN3OLKW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMV2SWTQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H91RCOZR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGUHG1HW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAEDVCLR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH85XPO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO7EREZ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8IOGGXY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIJHOCKK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skullz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA719ZY4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J7UJ11L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G5MPPF5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WN3OLKW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMV2SWTQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H91RCOZR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGUHG1HW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAEDVCLR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH85XPO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO7EREZ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8IOGGXY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIJHOCKK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA719ZY4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN7908.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/06/2017 at 22:29:35.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Yeah, nothing malicious there.
I suggest using one of restore points and if that doesn't help create new topic in Windows forum.
 
Back