Solved Getting alerts about some system infected miner.bitcoin miner activity 9

F

Fay Monarch

Posts: 29   +0
Got a bunch of these earlier today. They stopped showing up after a restart but that obviously doesn't mean anything. Using Norton which has been unable to find anything. (well, power eraser found some things in civilisation V/dx11 version on steam and attempting to verify integrity of those files via steam before removing anything with Norton caused it to detect 6 faulty/missing files but like, eh? Doesn't seem like a likely place for something like this to hang out.
And the alerts were still showing up after removing them with Norton just in case anyway.)

Also yes I'm still on windows 7 but could you hold off on crucifying me until after the problem is fixed?
 
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

================================

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by Martin (administrator) on MARTINSDATOR (Exertis_CapTech Z97P-D3) (12-06-2021 09:02:17)
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\Martin\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(NortonLifeLock Inc. -> Broadcom) C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NortonSecurity.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-04] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ED778E1-6B5E-4038-B81C-37C6F774CDFA} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\SymErr.exe [115696 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2916AFD1-FCA9-452F-813F-4B4A4C1CA24E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-31] (Google LLC -> Google LLC)
Task: {495D1483-1186-4851-AFF5-A73A04A03F4F} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\SymErr.exe [115696 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {63C211F3-B87F-4B6C-A3EC-65001232DEC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-31] (Google LLC -> Google LLC)
Task: {69208CDE-B41E-4304-AA91-A091B4DFECCF} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {6F5F2343-A4EB-4444-AC39-BF98E3177B9A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\WSCStub.exe [643584 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7772F8A3-7833-42F7-BF55-8F65B1A122AF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {84E2FE7B-1953-427D-A2EE-3A0B18FA1F7F} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [66952 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {876554A9-B8E5-4C1F-9FD8-9ADC1A9939FE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2345120 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B4DABFA9-C7FD-4B86-ACD3-28648E1E1D98} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {D31932FC-CF63-4176-8A30-039A8DA516D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-19] (Adobe Inc. -> Adobe)
Task: {F18CCF9B-27C0-4CF9-9F6B-5B2182C15D93} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F53CACBC-6505-47BE-B2C6-5E923E8FC171} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 79.138.0.180 85.8.31.209
Tcpip\..\Interfaces\{2C36A584-A784-48D0-A2B2-2FBED0687DE1}: [DhcpNameServer] 79.138.0.180 85.8.31.209

FireFox:
========
FF DefaultProfile: f5wy0fyk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default [2021-06-12]
FF Homepage: Mozilla\Firefox\Profiles\f5wy0fyk.default -> hxxp://forum.travian.se/
FF Notifications: Mozilla\Firefox\Profiles\f5wy0fyk.default -> hxxps://play.pokemonshowdown.com
FF Extension: (Firefox Hotfix) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-10] [Legacy]
FF Extension: (Norton Safe Web) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\nortonsafeweb@symantec.com.xpi [2021-05-04]
FF Extension: (Shinigami Eyes) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\shinigamieyes@shinigamieyes.xpi [2021-03-18]
FF Extension: (Adblock Plus - gratis annonsblockerare) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2021-05-20]
CHR Extension: (Presentationer) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-31]
CHR Extension: (Dokument) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-31]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-31]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-31]
CHR Extension: (Kalkylark) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-31]
CHR Extension: (Google Dokument Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-04]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-19] (Adobe Inc. -> Adobe)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2019-05-22] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NortonSecurity.exe [343336 2021-05-31] (NortonLifeLock Inc. -> Broadcom)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\BASHDefs\20210608.011\BHDrvx64.sys [1995864 2021-03-15] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\ccSetx64.sys [192248 2021-05-31] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-01-29] (Symantec Corporation -> Broadcom)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [26184 2016-10-05] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\IPSDefs\20210611.061\IDSvia64.sys [1488976 2021-04-06] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\nsvst.sys [54848 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1615050.02C\SRTSP64.SYS [890464 2021-05-31] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1615050.02C\SRTSPX64.SYS [50272 2021-05-31] (Symantec Corporation -> Broadcom)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52960 2016-10-05] (SteelSeries ApS -> SteelSeries ApS)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1615050.02C\SYMEFASI64.SYS [2062424 2021-05-31] (Symantec Corporation -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-15] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\SymPlatform\SymEvnt.sys [712368 2020-01-12] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1615050.02C\Ironx64.SYS [316488 2021-05-31] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1615050.02C\symnets.sys [575328 2021-05-31] (Symantec Corporation -> Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\wpCtrlDrv.sys [1013792 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-12 09:02 - 2021-06-12 09:02 - 000015459 _____ C:\Users\Martin\Downloads\FRST.txt
2021-06-12 09:02 - 2021-06-12 09:02 - 000000000 ____D C:\FRST
2021-06-12 09:01 - 2021-06-12 09:01 - 002300416 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2021-06-12 08:42 - 2021-06-12 08:42 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-06-12 08:17 - 2021-06-12 08:17 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-06-12 08:17 - 2021-06-12 08:17 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-06-12 08:17 - 2021-06-12 08:17 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-06-12 08:17 - 2021-06-12 08:17 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000001967 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000001967 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-12 08:16 - 2021-06-12 08:16 - 002080712 _____ (Malwarebytes) C:\Users\Martin\Downloads\MBSetup.exe
2021-06-12 08:16 - 2021-06-12 08:16 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-10 20:43 - 2021-06-10 20:43 - 084613384 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-8u291-windows-x64.exe
2021-06-06 11:48 - 2021-06-06 11:48 - 000000222 _____ C:\Users\Martin\Desktop\Darkest Dungeon®.url
2021-06-06 00:41 - 2021-06-06 00:41 - 000003236 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2021-06-06 00:41 - 2021-06-06 00:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-06-06 00:41 - 2021-06-06 00:41 - 000000000 ____D C:\Windows\system32\Tasks\Norton Internet Security
2021-06-03 19:28 - 2021-06-03 19:28 - 000000000 ____D C:\Users\Martin\AppData\Roaming\2K
2021-06-03 19:27 - 2021-06-03 19:27 - 000000000 ____D C:\Users\Martin\AppData\Local\cache
2021-06-03 19:27 - 2021-06-03 19:27 - 000000000 ____D C:\Users\Martin\AppData\Local\2K
2021-06-03 19:13 - 2021-06-03 19:13 - 000000220 _____ C:\Users\Martin\Desktop\Sid Meier's Civilization V.url
2021-06-03 16:33 - 2021-06-03 16:34 - 000001972 _____ C:\Users\Martin\Desktop\medieval2.exe - Shortcut.lnk
2021-06-02 19:59 - 2021-06-02 19:59 - 000000220 _____ C:\Users\Martin\Desktop\Total War MEDIEVAL II - Definitive Edition.url
2021-06-01 21:12 - 2021-06-01 21:12 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-06-01 20:18 - 2021-06-02 08:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-05-30 13:40 - 2021-05-30 13:40 - 000000000 ____D C:\Users\Martin\AppData\Local\Gas Powered Games
2021-05-30 13:27 - 2021-05-30 13:27 - 000000220 _____ C:\Users\Martin\Desktop\Supreme Commander Forged Alliance.url
2021-05-29 12:50 - 2021-06-03 16:32 - 000000000 ____D C:\Users\Martin\Downloads\Medieval 2 gilded vanilla
2021-05-23 09:11 - 2021-05-23 09:11 - 000000222 _____ C:\Users\Martin\Desktop\Slay the Spire.url
2021-05-20 07:51 - 2021-05-20 07:51 - 000000222 _____ C:\Users\Martin\Desktop\Total War WARHAMMER II.url
2021-05-14 08:41 - 2021-05-14 09:31 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ikenfell
2021-05-14 08:08 - 2021-05-14 08:08 - 000000222 _____ C:\Users\Martin\Desktop\Ikenfell.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-12 09:00 - 2016-03-25 16:11 - 000000000 ____D C:\Users\Martin\AppData\Roaming\discord
2021-06-12 08:54 - 2016-02-22 15:28 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-12 08:52 - 2009-07-14 06:45 - 000035424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-06-12 08:52 - 2009-07-14 06:45 - 000035424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-06-12 08:44 - 2016-11-16 23:24 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
2021-06-12 08:14 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-12 08:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-06-12 08:08 - 2019-06-04 15:45 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-06-12 08:08 - 2016-03-25 16:10 - 000000000 ____D C:\Users\Martin\AppData\Local\Discord
2021-06-12 08:08 - 2016-02-22 14:50 - 000000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2021-06-12 08:08 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-12 08:07 - 2016-03-20 03:06 - 000000000 ____D C:\Users\Martin\AppData\Local\NPE
2021-06-12 08:07 - 2016-02-18 12:19 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-06-10 20:48 - 2016-05-05 10:19 - 000000000 ____D C:\Users\Martin\Downloads\Potato
2021-06-10 20:45 - 2016-02-22 18:21 - 000000000 ____D C:\Program Files\Java
2021-06-10 20:45 - 2016-02-22 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-10 20:43 - 2016-02-22 18:21 - 000191776 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-06-09 23:20 - 2016-09-30 23:39 - 000000000 ____D C:\Windows\system32\MRT
2021-06-09 23:19 - 2016-09-30 23:39 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-06 09:31 - 2016-02-23 15:19 - 000000000 ____D C:\Program Files\Common Files\AV
2021-06-06 00:41 - 2018-02-05 07:14 - 000002529 _____ C:\Users\Public\Desktop\Norton Security.lnk
2021-06-06 00:41 - 2018-02-05 07:14 - 000002529 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-06-06 00:41 - 2018-02-05 07:12 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2021-06-05 21:46 - 2020-12-16 09:30 - 000000000 ____D C:\Users\Martin\Documents\Hardcoded derp frog
2021-06-04 06:27 - 2020-10-31 20:47 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-04 06:27 - 2020-10-31 20:47 - 000002138 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-04 06:27 - 2020-10-31 20:47 - 000002138 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-02 08:03 - 2016-02-22 15:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-01 21:12 - 2019-01-30 11:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-30 13:40 - 2016-02-23 05:40 - 000000000 ____D C:\Users\Martin\Documents\My Games
2021-05-29 21:20 - 2020-07-08 17:12 - 000000000 ____D C:\Users\Martin\AppData\Local\User Data
2021-05-26 08:55 - 2016-03-25 16:11 - 000002132 _____ C:\Users\Martin\Desktop\Discord.lnk
2021-05-20 11:10 - 2020-07-25 22:36 - 000000000 ____D C:\Users\Martin\Documents\Beware the Forest
2021-05-18 20:33 - 2020-07-08 18:16 - 000000000 ____D C:\Users\Martin\Downloads\Fairies nicked this stuff
2021-05-17 11:43 - 2017-06-25 02:43 - 000000000 ____D C:\Users\Martin\AppData\Roaming\The Creative Assembly
2021-05-13 13:24 - 2016-04-07 10:27 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2017-01-13 18:11 - 2017-01-19 18:11 - 002612224 _____ () C:\Users\Martin\AppData\Local\file__0.localstorage
2020-07-13 12:42 - 2020-07-13 12:42 - 000001492 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2016-12-25 23:51 - 2017-01-11 19:50 - 000007597 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-06-11 09:02
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by Martin (12-06-2021 09:02:46)
Running from C:\Users\Martin\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-02-22 12:50:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1797278217-2899522699-3514268358-500 - Administrator - Disabled)
Guest (S-1-5-21-1797278217-2899522699-3514268358-501 - Limited - Disabled)
Martin (S-1-5-21-1797278217-2899522699-3514268358-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {255E32D5-E2F8-754A-3F87-286C949C5537}
FW: Norton Internet Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACP Application (HKLM\...\{A0533DA5-EBEA-44CD-A742-AD651F06B061}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 ActiveX (HKLM-x32\...\{E5318F04-AB59-49EC-88F3-32A26B40C667}) (Version: 32.0.0.223 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Artix Game Launcher 2.0.7 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.0.7 - Artix Entertainment, LLC)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Discord (HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
Guild Wars (HKLM-x32\...\Guild Wars) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 sv-SE) (HKLM\...\Mozilla Firefox 89.0 (x64 sv-SE)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 89.0.0.7817 - Mozilla)
MTG Arena (HKLM-x32\...\{5994F21F-2F7B-47A7-B933-7BA96A705D33}) (Version: 0.1.1080.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32\...\MTG Arena 0.1.1080.0) (Version: 0.1.1080.0 - Wizards of the Coast)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.21.5.44 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTTD 1.8.0 (HKLM-x32\...\OpenTTD) (Version: 1.8.0 - OpenTTD)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-3) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-4) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-2) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-3) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-4) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martin\Desktop\LOD Swapper for SS 6.4.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\mods\SS6.3\MelooLODSwapper.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-01-08 12:59 - 2019-01-08 12:59 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-01-08 12:59 - 2019-01-08 12:59 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-05-22 09:19 - 2019-05-22 09:19 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.inet.se
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\polishhearts.com -> sweden.polishhearts.com
IE restricted site: HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 79.138.0.180 - 85.8.31.209
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{741F1309-8FAA-43C0-98ED-407ADF8D29A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAB9B524-54FB-47C1-A02D-E65CB5F01949}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECF719F2-2FCB-4921-946D-EBA068017FF1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{60B21975-B1D7-4A45-9B6E-35505B48B27C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8469F405-E66E-4E86-A3B6-72442920A981}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{8D537E27-DD6A-4D58-A507-866F5C7F1F38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{F0162085-08C7-4050-BC57-E63348D5AB79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{371E7482-602C-4AFA-A8D8-F1C653E9A0F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{551E1E48-02FC-4421-8E6C-BFB11F5FFBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{892E0C7A-6809-4416-90FB-41FF6C0A95B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{FAD21B2A-B0AA-4118-BE92-36A64A0AC7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C666E99F-07CD-4A62-A526-B5FB124AC73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C2A0B689-465E-4F58-B9C0-770C71956196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{CB35E0A2-C967-43FA-9D50-9C933D228610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{18C0CA92-0059-4713-A4BE-D80BAF1DF062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{3473C33F-965A-405D-A05C-282D43297070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{6D5900F7-FB0C-43E9-8768-F3735A9F2B96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CBB5AF26-B5ED-4EEA-B045-180085C8DA10}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CA6CEAF2-5C8D-41AE-AA3D-74EE527BFF64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{1E59273C-BF18-4709-A264-DBBA304CA66A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{DDCE1F2C-53BA-4439-A12D-A4E877DB36E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{74BDAF4C-08C5-48A7-BCA0-C3EA4CDECB6C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{782BCE27-55C1-4F2C-BECA-9640355698B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{5E6B5654-9291-4E8A-958F-70205CA9052E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [{01B9C168-CC38-434E-A39F-08D4BF0F64F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery!\Sorcery!.exe (inkle Ltd) [File not signed]
FirewallRules: [{829A3FA7-51F2-49AF-8505-286B864405E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery!\Sorcery!.exe (inkle Ltd) [File not signed]
FirewallRules: [{67AAAFD0-E870-461A-95A0-941DCCEC1A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 3\Sorcery! 3.exe (inkle Ltd) [File not signed]
FirewallRules: [{0780C5D5-68B4-46AD-BA58-D4412D82C700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 3\Sorcery! 3.exe (inkle Ltd) [File not signed]
FirewallRules: [{705375DB-A959-4B04-8F33-0605FEAC1A8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{9219D23A-B55E-4378-928D-DC9CA8FDBE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{3930D5A1-DE89-4C3F-AD65-553D4C84070F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [{27C081A6-5C6D-44C3-9631-C3C311C1E79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [TCP Query User{EE3081E6-6118-4B08-8180-D0527A74488D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{CC3F7D43-A969-4BC5-B389-533DE5668321}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{C46C0E9B-47EF-4670-A5D3-3F34C86D5C15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{4CC4CF32-7A5F-41B9-81BD-460728ABDE71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{D60D46E6-7659-4563-84DA-19D0FBBD1DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{1C4BFE89-9C72-41D5-8CCE-6A82BB422E6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{88B3C751-BFCB-43E8-9FD7-16E0F7435876}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{1C182371-5059-49AF-82B2-ADFA57EEE7F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{B8A8F025-8524-44DB-99BF-D6C8632A66B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 4\Sorcery! 4.exe (inkle Ltd) [File not signed]
FirewallRules: [{DAB2A201-A951-4A9C-9FE5-2F4A993AACBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 4\Sorcery! 4.exe (inkle Ltd) [File not signed]
FirewallRules: [{7475576B-3853-4A45-817E-C2D7DAD4892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{73139DA3-9301-4155-9A07-3A2F726040CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{C5952821-BA74-4C81-9716-67ED8A12D583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{B3F75C11-18FB-465D-A99A-02D2F5516F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{DB210D64-8E83-4B5B-BF09-7FCAB12814B6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{4368C1AD-89D4-4F3C-8179-9DD1134F03B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{F9D7B934-A75C-4353-AB12-1587EA48BCCF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{D8946E94-E7BB-4A50-867E-D45E1ACE9DBD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{BA49A48E-F528-4178-AE30-D35B6F470588}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{15502A33-4438-4C7F-869F-F1089F37D3A5}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AA665D4D-07C6-4E8C-B6F4-E5BD01D5881D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{901CEE3A-3B91-45DD-9CCE-4D9BE3B62CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{792FB05C-86B6-4693-8063-4E791D80D0EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{80949562-C081-485B-8F07-D9E9B060607E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{1C39C4AB-42D0-4DD6-8E89-43636DC384AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [{43A46FEB-5DA5-472A-A02D-A1CD00059BF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [{D2C0630C-A928-4C50-8E30-8BD9DF54A26A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{9F9F01B0-35A2-4432-A693-474D8EA3ECA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{05D3D71D-03D5-40B3-8001-5F3561BDADC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{2B814850-73C6-4F25-AFD3-433615B555F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{6F4AAAB7-D696-4A57-B01D-A6193940C647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{B893F1D8-9D53-43B8-B74F-3A2FC95FCB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{2CD44884-262F-43F5-A20B-2A62BCD13E16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{81DE61BB-E293-41DA-936E-834CB4715D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{D5810736-4D4C-4828-9614-284EC7D5900A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{79FBFFE6-35E4-4A13-A5CE-3F11355573F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{6E6D57D1-FD59-48AE-8DD5-414D1F9C6F94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_2_x32.exe () [File not signed]
FirewallRules: [{4D2D6B3A-08BF-423D-B6AD-2B49D8D1DB5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_2_x32.exe () [File not signed]
FirewallRules: [{1E152BB2-86EF-4E1A-916E-9EE22682F58A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_2_x64.exe () [File not signed]
FirewallRules: [{1191D633-8762-4CF5-ACF0-92825705EC3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_2_x64.exe () [File not signed]
FirewallRules: [{20EB9BC0-ED11-4197-90A4-7A0C33314BFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargroove\win64_bin\wargroove64.exe () [File not signed]
FirewallRules: [{CB9A5C05-BC06-4C42-AC77-BDC36559100B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargroove\win64_bin\wargroove64.exe () [File not signed]
FirewallRules: [{6EE18367-C319-427E-A12A-420A1604F197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed]
FirewallRules: [{FFDFB20F-DC79-4F28-8E80-FCD3EED3BB25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed]
FirewallRules: [{5B70E6FF-C942-40B4-939F-D1637CC2418B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [File not signed]
FirewallRules: [{43566F6A-108F-4779-8F7E-6A88717276A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [File not signed]
FirewallRules: [{D5AE95B8-BF0B-4418-BB15-9B0E7397FDE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{DD44431A-6251-4FDD-8190-352F72ED422C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{8F3F032C-22DA-46C3-8D4D-66636B3135CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File
FirewallRules: [{D5775E3A-A1CE-45CC-AF5B-D0A2C68F10AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File
FirewallRules: [{7A5CBD1E-BB9B-479D-9A7F-4ED00213F88C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ikenfell\IkenfellWin.exe () [File not signed]
FirewallRules: [{CDEBA037-4156-400A-AC82-A1122456D5F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ikenfell\IkenfellWin.exe () [File not signed]
FirewallRules: [{F8ECBC71-221A-4A3A-9722-04B6EB138B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{F14066CE-18F2-4D04-9481-77C93060CBAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{1B769441-6EB1-4250-BE6D-14D68A48F9D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{299368A4-F326-4D30-99AA-C050A7FA34FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{EFF9AD02-344C-4DBB-BAB5-4172C18CCAB4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{76C5A031-B239-47C6-9EC0-1BF3AFEDC6B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{42C62EF6-6EF9-46C6-BCC7-F34C855EB915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{D488569A-70DA-4358-9ABC-51F0CB05EAB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{748AC3E7-DBEB-401D-8C85-4A73F04F7311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{841A4567-84BA-4CA2-A3F6-A2DD3794F757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{1BBD9DFD-305D-4D44-A8B7-0F9949AB0434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{0DC22B14-82F0-4828-AB58-11D9B36DB1C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{8AAA6AA1-F66D-4A41-8F87-2A6C5D96CD7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]

==================== Restore Points =========================

12-06-2021 08:07:27 NPE v6.0.1.2095

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2021 09:01:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MultiMC.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: be4

Start Time: 01d75e28fc4a224d

Termination Time: 3

Application Path: C:\Users\Martin\Documents\Minecraft derplings of derp\mmc-stable-win32\MultiMC\MultiMC.exe

Report Id: 404269c5-ca1e-11eb-9c0c-fcaa14cf20f6

Error: (05/21/2021 04:27:25 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/21/2021 04:27:25 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/13/2021 01:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
Exception code: 0xc0000005
Fault offset: 0x000563ba
Faulting process id: 0x1740
Faulting application start time: 0x01d747e3d18c1e7a
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: af952eeb-b3dd-11eb-84f5-fcaa14cf20f6

Error: (05/12/2021 11:31:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PathOfExile_x64Steam.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c9c

Start Time: 01d747117d1caa8f

Termination Time: 15

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe

Report Id: c87e3a89-b304-11eb-84a9-fcaa14cf20f6

Error: (05/06/2021 10:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kingmaker.exe, version: 2018.4.10.18181, time stamp: 0x5d8deb26
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000002192537e
Faulting process id: 0x1518
Faulting application start time: 0x01d7424d65105876
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe
Faulting module path: unknown
Report Id: da559d0c-ae47-11eb-964c-fcaa14cf20f6

Error: (05/05/2021 04:37:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kingmaker.exe, version: 2018.4.10.18181, time stamp: 0x5d8deb26
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000021bab78e
Faulting process id: 0x1430
Faulting application start time: 0x01d741b1b2fbc6bf
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe
Faulting module path: unknown
Report Id: 697423d9-adaf-11eb-be9d-fcaa14cf20f6

Error: (05/03/2021 10:57:09 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (06/12/2021 08:08:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/12/2021 06:54:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/11/2021 07:38:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/10/2021 08:48:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/10/2021 10:00:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/10/2021 10:00:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:59:23 on ‎2021-‎06-‎10 was unexpected.

Error: (06/10/2021 08:33:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/09/2021 10:43:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F8 09/18/2015
Motherboard: Gigabyte Technology Co., Ltd. Z97P-D3
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 75%
Total physical RAM: 8053.36 MB
Available physical RAM: 2001.44 MB
Total Virtual: 16104.86 MB
Available Virtual: 8139.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:15.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 795438A0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Is that the right logs?

Also additional minor update, I got another notification about the bitcoin miner so I see that it's back.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Martin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210611_060824, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/06/12 09:27:46 (Duration : 00:04:38)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
Malwarebytes doesn't seem to work the way it did back when that reply was first written. I'm unable to find how to get the log from it.

Edit: I found this which is the closest thing I could find (and even that I could only produce by running a scan as I couldn't locate a history tab anywhere)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/12/21
Scan Time: 9:37 AM
Log File: 17dff8f6-cb51-11eb-939a-fcaa14cf20f6.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41625
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MartinsDator\Martin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 257344
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-12-2021
# Duration: 00:00:04
# OS: Windows 7 Professional
# Scanned: 31980
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk


AdwCleaner[S00].txt - [1489 octets] - [12/06/2021 09:42:52]
AdwCleaner[S01].txt - [1550 octets] - [12/06/2021 09:43:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
OK.
Where do those alerts come from? Norton?
Can you provide me with a screenshot?
 
So far no program has found anything. (except adwcleaner finding a single preinstalled thing which, considering it'd have been preinstalled back in 2016, is most likely not connected to the situation at hand. (to be fair I did delete a few weird files in appdata before getting the idea to go here so maybe adwcleaner would've found something otherwise)
 
I wrote the previous post before I saw your reply.

From Norton, yes. In the bottom right corner. It's had other alerts pop up which I've gotten the impression are Norton blocking external hostile attacks (I've been told that if I had a router I wouldn't see these) but this one was new and the frequency combined with the "system infected" made me think it was something on the system. Which it still might be - these bastards are sneaky.

I've also had Norton claim that there's a "suspicious amount of outbound traffic" on rare occasions over the past few months but I've never found anything on scans so I assumed it was false positives.

I'll try to get something from Norton logs.
 
*I'm trying.* Please try to refrain from being passive aggressive.

Strange thing is that they don't seem to show up in the log with the others. I'll try to catch one if I see one but the history of things Norton has blocked only seems to contain other stuff. (SMB double pulsar ping for example which, as far as I've been told, are external attacks)

Edit: Yeah, looked through the Norton history log and there's nothing. I don't know why they're not showing up but they aren't.
 
Last edited:
Okay, that's odd. Now some of the other blocked alerts also aren't showing up in the history. Now it's only showing entries for "SMB remote code execution".
 
Are those alerts still showing up?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
They're not showing up now but that happened before between the start of the topic and one of my replies, they went away for a bit and then came back again.

Will run farbar again in a second. Stand by.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by Martin (administrator) on MARTINSDATOR (Exertis_CapTech Z97P-D3) (12-06-2021 10:18:48)
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\Martin\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(NortonLifeLock Inc. -> Broadcom) C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NortonSecurity.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-04] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ED778E1-6B5E-4038-B81C-37C6F774CDFA} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\SymErr.exe [115696 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2916AFD1-FCA9-452F-813F-4B4A4C1CA24E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-31] (Google LLC -> Google LLC)
Task: {495D1483-1186-4851-AFF5-A73A04A03F4F} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\SymErr.exe [115696 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {63C211F3-B87F-4B6C-A3EC-65001232DEC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-31] (Google LLC -> Google LLC)
Task: {69208CDE-B41E-4304-AA91-A091B4DFECCF} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {6F5F2343-A4EB-4444-AC39-BF98E3177B9A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\WSCStub.exe [643584 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7772F8A3-7833-42F7-BF55-8F65B1A122AF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {84E2FE7B-1953-427D-A2EE-3A0B18FA1F7F} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [66952 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {876554A9-B8E5-4C1F-9FD8-9ADC1A9939FE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2345120 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B4DABFA9-C7FD-4B86-ACD3-28648E1E1D98} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {D31932FC-CF63-4176-8A30-039A8DA516D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-19] (Adobe Inc. -> Adobe)
Task: {F18CCF9B-27C0-4CF9-9F6B-5B2182C15D93} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F53CACBC-6505-47BE-B2C6-5E923E8FC171} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 79.138.0.180 85.8.31.209
Tcpip\..\Interfaces\{2C36A584-A784-48D0-A2B2-2FBED0687DE1}: [DhcpNameServer] 79.138.0.180 85.8.31.209

FireFox:
========
FF DefaultProfile: f5wy0fyk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default [2021-06-12]
FF Homepage: Mozilla\Firefox\Profiles\f5wy0fyk.default -> hxxp://forum.travian.se/
FF Notifications: Mozilla\Firefox\Profiles\f5wy0fyk.default -> hxxps://play.pokemonshowdown.com
FF Extension: (Firefox Hotfix) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-10] [Legacy]
FF Extension: (Norton Safe Web) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\nortonsafeweb@symantec.com.xpi [2021-05-04]
FF Extension: (Shinigami Eyes) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\shinigamieyes@shinigamieyes.xpi [2021-03-18]
FF Extension: (Adblock Plus - gratis annonsblockerare) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\f5wy0fyk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2021-06-12]
CHR Extension: (Presentationer) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-31]
CHR Extension: (Dokument) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-31]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-31]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-31]
CHR Extension: (Kalkylark) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-31]
CHR Extension: (Google Dokument Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-04]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-19] (Adobe Inc. -> Adobe)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2019-05-22] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NortonSecurity.exe [343336 2021-05-31] (NortonLifeLock Inc. -> Broadcom)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\BASHDefs\20210608.011\BHDrvx64.sys [1995864 2021-03-15] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\ccSetx64.sys [192248 2021-05-31] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-01-29] (Symantec Corporation -> Broadcom)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [26184 2016-10-05] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\IPSDefs\20210611.061\IDSvia64.sys [1488976 2021-04-06] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-12] (Malwarebytes Inc -> Malwarebytes)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\nsvst.sys [54848 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1615050.02C\SRTSP64.SYS [890464 2021-05-31] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1615050.02C\SRTSPX64.SYS [50272 2021-05-31] (Symantec Corporation -> Broadcom)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52960 2016-10-05] (SteelSeries ApS -> SteelSeries ApS)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1615050.02C\SYMEFASI64.SYS [2062424 2021-05-31] (Symantec Corporation -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-15] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\SymPlatform\SymEvnt.sys [712368 2020-01-12] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1615050.02C\Ironx64.SYS [316488 2021-05-31] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1615050.02C\symnets.sys [575328 2021-05-31] (Symantec Corporation -> Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-06-12] (Adlice -> )
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1615050.02C\wpCtrlDrv.sys [1013792 2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-12 09:42 - 2021-06-12 09:42 - 008534696 _____ (Malwarebytes) C:\Users\Martin\Downloads\AdwCleaner.exe
2021-06-12 09:42 - 2021-06-12 09:42 - 000000000 ____D C:\AdwCleaner
2021-06-12 09:33 - 2021-06-12 09:33 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-06-12 09:27 - 2021-06-12 09:27 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2021-06-12 09:26 - 2021-06-12 09:32 - 000000000 ____D C:\ProgramData\RogueKiller
2021-06-12 09:26 - 2021-06-12 09:26 - 000000875 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-06-12 09:26 - 2021-06-12 09:26 - 000000875 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-06-12 09:26 - 2021-06-12 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-06-12 09:26 - 2021-06-12 09:26 - 000000000 ____D C:\Program Files\RogueKiller
2021-06-12 09:24 - 2021-06-12 09:24 - 040488656 _____ (Adlice Software ) C:\Users\Martin\Downloads\RogueKiller_setup.exe
2021-06-12 09:02 - 2021-06-12 10:19 - 000015511 _____ C:\Users\Martin\Downloads\FRST.txt
2021-06-12 09:02 - 2021-06-12 10:18 - 000000000 ____D C:\FRST
2021-06-12 09:02 - 2021-06-12 09:03 - 000045941 _____ C:\Users\Martin\Downloads\Addition.txt
2021-06-12 09:01 - 2021-06-12 09:01 - 002300416 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2021-06-12 08:42 - 2021-06-12 08:42 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-06-12 08:17 - 2021-06-12 08:17 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-06-12 08:17 - 2021-06-12 08:17 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-06-12 08:17 - 2021-06-12 08:17 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000001967 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000001967 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-12 08:17 - 2021-06-12 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-12 08:16 - 2021-06-12 08:16 - 002080712 _____ (Malwarebytes) C:\Users\Martin\Downloads\MBSetup.exe
2021-06-12 08:16 - 2021-06-12 08:16 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-10 20:43 - 2021-06-10 20:43 - 084613384 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jre-8u291-windows-x64.exe
2021-06-06 11:48 - 2021-06-06 11:48 - 000000222 _____ C:\Users\Martin\Desktop\Darkest Dungeon®.url
2021-06-06 00:41 - 2021-06-06 00:41 - 000003236 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2021-06-06 00:41 - 2021-06-06 00:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-06-06 00:41 - 2021-06-06 00:41 - 000000000 ____D C:\Windows\system32\Tasks\Norton Internet Security
2021-06-03 19:28 - 2021-06-03 19:28 - 000000000 ____D C:\Users\Martin\AppData\Roaming\2K
2021-06-03 19:27 - 2021-06-03 19:27 - 000000000 ____D C:\Users\Martin\AppData\Local\cache
2021-06-03 19:27 - 2021-06-03 19:27 - 000000000 ____D C:\Users\Martin\AppData\Local\2K
2021-06-03 19:13 - 2021-06-03 19:13 - 000000220 _____ C:\Users\Martin\Desktop\Sid Meier's Civilization V.url
2021-06-03 16:33 - 2021-06-03 16:34 - 000001972 _____ C:\Users\Martin\Desktop\medieval2.exe - Shortcut.lnk
2021-06-02 19:59 - 2021-06-02 19:59 - 000000220 _____ C:\Users\Martin\Desktop\Total War MEDIEVAL II - Definitive Edition.url
2021-06-01 21:12 - 2021-06-01 21:12 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-06-01 20:18 - 2021-06-02 08:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-05-30 13:40 - 2021-05-30 13:40 - 000000000 ____D C:\Users\Martin\AppData\Local\Gas Powered Games
2021-05-30 13:27 - 2021-05-30 13:27 - 000000220 _____ C:\Users\Martin\Desktop\Supreme Commander Forged Alliance.url
2021-05-29 12:50 - 2021-06-03 16:32 - 000000000 ____D C:\Users\Martin\Downloads\Medieval 2 gilded vanilla
2021-05-23 09:11 - 2021-05-23 09:11 - 000000222 _____ C:\Users\Martin\Desktop\Slay the Spire.url
2021-05-20 07:51 - 2021-05-20 07:51 - 000000222 _____ C:\Users\Martin\Desktop\Total War WARHAMMER II.url
2021-05-14 08:41 - 2021-05-14 09:31 - 000000000 ____D C:\Users\Martin\AppData\Roaming\ikenfell
2021-05-14 08:08 - 2021-05-14 08:08 - 000000222 _____ C:\Users\Martin\Desktop\Ikenfell.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-12 10:04 - 2016-03-25 16:11 - 000000000 ____D C:\Users\Martin\AppData\Roaming\discord
2021-06-12 10:02 - 2016-03-25 16:10 - 000000000 ____D C:\Users\Martin\AppData\Local\Discord
2021-06-12 09:40 - 2017-03-25 15:06 - 000000000 ____D C:\Users\Martin\Documents\Derpstuff
2021-06-12 09:33 - 2016-11-16 23:24 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
2021-06-12 09:25 - 2016-02-22 15:28 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-12 08:52 - 2009-07-14 06:45 - 000035424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-06-12 08:52 - 2009-07-14 06:45 - 000035424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-06-12 08:14 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-12 08:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-06-12 08:08 - 2019-06-04 15:45 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-06-12 08:08 - 2016-02-22 14:50 - 000000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2021-06-12 08:08 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-12 08:07 - 2016-03-20 03:06 - 000000000 ____D C:\Users\Martin\AppData\Local\NPE
2021-06-12 08:07 - 2016-02-18 12:19 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-06-10 20:48 - 2016-05-05 10:19 - 000000000 ____D C:\Users\Martin\Downloads\Potato
2021-06-10 20:45 - 2016-02-22 18:21 - 000000000 ____D C:\Program Files\Java
2021-06-10 20:45 - 2016-02-22 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-10 20:43 - 2016-02-22 18:21 - 000191776 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-06-09 23:20 - 2016-09-30 23:39 - 000000000 ____D C:\Windows\system32\MRT
2021-06-09 23:19 - 2016-09-30 23:39 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-06 09:31 - 2016-02-23 15:19 - 000000000 ____D C:\Program Files\Common Files\AV
2021-06-06 00:41 - 2018-02-05 07:14 - 000002529 _____ C:\Users\Public\Desktop\Norton Security.lnk
2021-06-06 00:41 - 2018-02-05 07:14 - 000002529 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-06-06 00:41 - 2018-02-05 07:12 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2021-06-05 21:46 - 2020-12-16 09:30 - 000000000 ____D C:\Users\Martin\Documents\Hardcoded derp frog
2021-06-04 06:27 - 2020-10-31 20:47 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-04 06:27 - 2020-10-31 20:47 - 000002138 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-04 06:27 - 2020-10-31 20:47 - 000002138 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-02 08:03 - 2016-02-22 15:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-01 21:12 - 2019-01-30 11:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-30 13:40 - 2016-02-23 05:40 - 000000000 ____D C:\Users\Martin\Documents\My Games
2021-05-29 21:20 - 2020-07-08 17:12 - 000000000 ____D C:\Users\Martin\AppData\Local\User Data
2021-05-26 08:55 - 2016-03-25 16:11 - 000002132 _____ C:\Users\Martin\Desktop\Discord.lnk
2021-05-20 11:10 - 2020-07-25 22:36 - 000000000 ____D C:\Users\Martin\Documents\Beware the Forest
2021-05-18 20:33 - 2020-07-08 18:16 - 000000000 ____D C:\Users\Martin\Downloads\Fairies nicked this stuff
2021-05-17 11:43 - 2017-06-25 02:43 - 000000000 ____D C:\Users\Martin\AppData\Roaming\The Creative Assembly
2021-05-13 13:24 - 2016-04-07 10:27 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2017-01-13 18:11 - 2017-01-19 18:11 - 002612224 _____ () C:\Users\Martin\AppData\Local\file__0.localstorage
2020-07-13 12:42 - 2020-07-13 12:42 - 000001492 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2016-12-25 23:51 - 2017-01-11 19:50 - 000007597 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-06-11 09:02
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by Martin (12-06-2021 10:19:17)
Running from C:\Users\Martin\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-02-22 12:50:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1797278217-2899522699-3514268358-500 - Administrator - Disabled)
Guest (S-1-5-21-1797278217-2899522699-3514268358-501 - Limited - Disabled)
Martin (S-1-5-21-1797278217-2899522699-3514268358-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {255E32D5-E2F8-754A-3F87-286C949C5537}
FW: Norton Internet Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACP Application (HKLM\...\{A0533DA5-EBEA-44CD-A742-AD651F06B061}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 32 ActiveX (HKLM-x32\...\{E5318F04-AB59-49EC-88F3-32A26B40C667}) (Version: 32.0.0.223 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Artix Game Launcher 2.0.7 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.0.7 - Artix Entertainment, LLC)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Discord (HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
Guild Wars (HKLM-x32\...\Guild Wars) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 sv-SE) (HKLM\...\Mozilla Firefox 89.0 (x64 sv-SE)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 89.0.0.7817 - Mozilla)
MTG Arena (HKLM-x32\...\{5994F21F-2F7B-47A7-B933-7BA96A705D33}) (Version: 0.1.1080.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32\...\MTG Arena 0.1.1080.0) (Version: 0.1.1080.0 - Wizards of the Coast)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.21.5.44 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTTD 1.8.0 (HKLM-x32\...\OpenTTD) (Version: 1.8.0 - OpenTTD)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-3) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-4) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-2) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-2) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-3) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-4) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\buShell.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NavShExt.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martin\Desktop\LOD Swapper for SS 6.4.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\mods\SS6.3\MelooLODSwapper.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-01-08 12:59 - 2019-01-08 12:59 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-01-08 12:59 - 2019-01-08 12:59 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-05-22 09:19 - 2019-05-22 09:19 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:58 - 2019-01-08 12:58 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-01-08 12:59 - 2019-01-08 12:59 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.inet.se
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.5.44\coIEPlg.dll [2021-05-31] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\polishhearts.com -> sweden.polishhearts.com
IE restricted site: HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-1797278217-2899522699-3514268358-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 79.138.0.180 - 85.8.31.209
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{741F1309-8FAA-43C0-98ED-407ADF8D29A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAB9B524-54FB-47C1-A02D-E65CB5F01949}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECF719F2-2FCB-4921-946D-EBA068017FF1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{60B21975-B1D7-4A45-9B6E-35505B48B27C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8469F405-E66E-4E86-A3B6-72442920A981}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{8D537E27-DD6A-4D58-A507-866F5C7F1F38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{F0162085-08C7-4050-BC57-E63348D5AB79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{371E7482-602C-4AFA-A8D8-F1C653E9A0F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{551E1E48-02FC-4421-8E6C-BFB11F5FFBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{892E0C7A-6809-4416-90FB-41FF6C0A95B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{FAD21B2A-B0AA-4118-BE92-36A64A0AC7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C666E99F-07CD-4A62-A526-B5FB124AC73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C2A0B689-465E-4F58-B9C0-770C71956196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{CB35E0A2-C967-43FA-9D50-9C933D228610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{18C0CA92-0059-4713-A4BE-D80BAF1DF062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{3473C33F-965A-405D-A05C-282D43297070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{6D5900F7-FB0C-43E9-8768-F3735A9F2B96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CBB5AF26-B5ED-4EEA-B045-180085C8DA10}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CA6CEAF2-5C8D-41AE-AA3D-74EE527BFF64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{1E59273C-BF18-4709-A264-DBBA304CA66A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{DDCE1F2C-53BA-4439-A12D-A4E877DB36E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{74BDAF4C-08C5-48A7-BCA0-C3EA4CDECB6C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{782BCE27-55C1-4F2C-BECA-9640355698B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{5E6B5654-9291-4E8A-958F-70205CA9052E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [{01B9C168-CC38-434E-A39F-08D4BF0F64F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery!\Sorcery!.exe (inkle Ltd) [File not signed]
FirewallRules: [{829A3FA7-51F2-49AF-8505-286B864405E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery!\Sorcery!.exe (inkle Ltd) [File not signed]
FirewallRules: [{67AAAFD0-E870-461A-95A0-941DCCEC1A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 3\Sorcery! 3.exe (inkle Ltd) [File not signed]
FirewallRules: [{0780C5D5-68B4-46AD-BA58-D4412D82C700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 3\Sorcery! 3.exe (inkle Ltd) [File not signed]
FirewallRules: [{705375DB-A959-4B04-8F33-0605FEAC1A8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{9219D23A-B55E-4378-928D-DC9CA8FDBE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{3930D5A1-DE89-4C3F-AD65-553D4C84070F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [{27C081A6-5C6D-44C3-9631-C3C311C1E79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [TCP Query User{EE3081E6-6118-4B08-8180-D0527A74488D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{CC3F7D43-A969-4BC5-B389-533DE5668321}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{C46C0E9B-47EF-4670-A5D3-3F34C86D5C15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{4CC4CF32-7A5F-41B9-81BD-460728ABDE71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{D60D46E6-7659-4563-84DA-19D0FBBD1DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{1C4BFE89-9C72-41D5-8CCE-6A82BB422E6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{88B3C751-BFCB-43E8-9FD7-16E0F7435876}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{1C182371-5059-49AF-82B2-ADFA57EEE7F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{B8A8F025-8524-44DB-99BF-D6C8632A66B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 4\Sorcery! 4.exe (inkle Ltd) [File not signed]
FirewallRules: [{DAB2A201-A951-4A9C-9FE5-2F4A993AACBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sorcery! 4\Sorcery! 4.exe (inkle Ltd) [File not signed]
FirewallRules: [{7475576B-3853-4A45-817E-C2D7DAD4892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{73139DA3-9301-4155-9A07-3A2F726040CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{C5952821-BA74-4C81-9716-67ED8A12D583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{B3F75C11-18FB-465D-A99A-02D2F5516F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{DB210D64-8E83-4B5B-BF09-7FCAB12814B6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{4368C1AD-89D4-4F3C-8179-9DD1134F03B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{F9D7B934-A75C-4353-AB12-1587EA48BCCF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{D8946E94-E7BB-4A50-867E-D45E1ACE9DBD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{BA49A48E-F528-4178-AE30-D35B6F470588}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{15502A33-4438-4C7F-869F-F1089F37D3A5}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AA665D4D-07C6-4E8C-B6F4-E5BD01D5881D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{901CEE3A-3B91-45DD-9CCE-4D9BE3B62CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{792FB05C-86B6-4693-8063-4E791D80D0EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{80949562-C081-485B-8F07-D9E9B060607E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{1C39C4AB-42D0-4DD6-8E89-43636DC384AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [{43A46FEB-5DA5-472A-A02D-A1CD00059BF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [{D2C0630C-A928-4C50-8E30-8BD9DF54A26A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{9F9F01B0-35A2-4432-A693-474D8EA3ECA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{05D3D71D-03D5-40B3-8001-5F3561BDADC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{2B814850-73C6-4F25-AFD3-433615B555F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{6F4AAAB7-D696-4A57-B01D-A6193940C647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{B893F1D8-9D53-43B8-B74F-3A2FC95FCB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{2CD44884-262F-43F5-A20B-2A62BCD13E16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{81DE61BB-E293-41DA-936E-834CB4715D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{D5810736-4D4C-4828-9614-284EC7D5900A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{79FBFFE6-35E4-4A13-A5CE-3F11355573F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{6E6D57D1-FD59-48AE-8DD5-414D1F9C6F94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_2_x32.exe () [File not signed]
FirewallRules: [{4D2D6B3A-08BF-423D-B6AD-2B49D8D1DB5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_2_x32.exe () [File not signed]
FirewallRules: [{1E152BB2-86EF-4E1A-916E-9EE22682F58A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_2_x64.exe () [File not signed]
FirewallRules: [{1191D633-8762-4CF5-ACF0-92825705EC3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_2_x64.exe () [File not signed]
FirewallRules: [{20EB9BC0-ED11-4197-90A4-7A0C33314BFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargroove\win64_bin\wargroove64.exe () [File not signed]
FirewallRules: [{CB9A5C05-BC06-4C42-AC77-BDC36559100B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargroove\win64_bin\wargroove64.exe () [File not signed]
FirewallRules: [{6EE18367-C319-427E-A12A-420A1604F197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed]
FirewallRules: [{FFDFB20F-DC79-4F28-8E80-FCD3EED3BB25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Baba Is You.exe (None) [File not signed]
FirewallRules: [{5B70E6FF-C942-40B4-939F-D1637CC2418B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [File not signed]
FirewallRules: [{43566F6A-108F-4779-8F7E-6A88717276A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dorfromantik\Dorfromantik.exe () [File not signed]
FirewallRules: [{D5AE95B8-BF0B-4418-BB15-9B0E7397FDE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{DD44431A-6251-4FDD-8190-352F72ED422C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{8F3F032C-22DA-46C3-8D4D-66636B3135CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File
FirewallRules: [{D5775E3A-A1CE-45CC-AF5B-D0A2C68F10AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File
FirewallRules: [{7A5CBD1E-BB9B-479D-9A7F-4ED00213F88C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ikenfell\IkenfellWin.exe () [File not signed]
FirewallRules: [{CDEBA037-4156-400A-AC82-A1122456D5F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ikenfell\IkenfellWin.exe () [File not signed]
FirewallRules: [{F8ECBC71-221A-4A3A-9722-04B6EB138B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{F14066CE-18F2-4D04-9481-77C93060CBAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{1B769441-6EB1-4250-BE6D-14D68A48F9D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{299368A4-F326-4D30-99AA-C050A7FA34FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{EFF9AD02-344C-4DBB-BAB5-4172C18CCAB4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{76C5A031-B239-47C6-9EC0-1BF3AFEDC6B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{42C62EF6-6EF9-46C6-BCC7-F34C855EB915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{D488569A-70DA-4358-9ABC-51F0CB05EAB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{748AC3E7-DBEB-401D-8C85-4A73F04F7311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{841A4567-84BA-4CA2-A3F6-A2DD3794F757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{1BBD9DFD-305D-4D44-A8B7-0F9949AB0434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{0DC22B14-82F0-4828-AB58-11D9B36DB1C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{8AAA6AA1-F66D-4A41-8F87-2A6C5D96CD7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]

==================== Restore Points =========================

12-06-2021 08:07:27 NPE v6.0.1.2095

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2021 09:01:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MultiMC.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: be4

Start Time: 01d75e28fc4a224d

Termination Time: 3

Application Path: C:\Users\Martin\Documents\Minecraft derplings of derp\mmc-stable-win32\MultiMC\MultiMC.exe

Report Id: 404269c5-ca1e-11eb-9c0c-fcaa14cf20f6

Error: (05/21/2021 04:27:25 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/21/2021 04:27:25 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/13/2021 01:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Faulting module name: ntdll.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb751
Exception code: 0xc0000005
Fault offset: 0x000563ba
Faulting process id: 0x1740
Faulting application start time: 0x01d747e3d18c1e7a
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: af952eeb-b3dd-11eb-84f5-fcaa14cf20f6

Error: (05/12/2021 11:31:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PathOfExile_x64Steam.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c9c

Start Time: 01d747117d1caa8f

Termination Time: 15

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe

Report Id: c87e3a89-b304-11eb-84a9-fcaa14cf20f6

Error: (05/06/2021 10:48:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kingmaker.exe, version: 2018.4.10.18181, time stamp: 0x5d8deb26
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000002192537e
Faulting process id: 0x1518
Faulting application start time: 0x01d7424d65105876
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe
Faulting module path: unknown
Report Id: da559d0c-ae47-11eb-964c-fcaa14cf20f6

Error: (05/05/2021 04:37:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kingmaker.exe, version: 2018.4.10.18181, time stamp: 0x5d8deb26
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000021bab78e
Faulting process id: 0x1430
Faulting application start time: 0x01d741b1b2fbc6bf
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe
Faulting module path: unknown
Report Id: 697423d9-adaf-11eb-be9d-fcaa14cf20f6

Error: (05/03/2021 10:57:09 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (06/12/2021 08:08:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/12/2021 06:54:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/11/2021 07:38:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/10/2021 08:48:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/10/2021 10:00:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/10/2021 10:00:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:59:23 on ‎2021-‎06-‎10 was unexpected.

Error: (06/10/2021 08:33:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/09/2021 10:43:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F8 09/18/2015
Motherboard: Gigabyte Technology Co., Ltd. Z97P-D3
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 8053.36 MB
Available physical RAM: 3814.48 MB
Total Virtual: 16104.86 MB
Available Virtual: 10653.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:15.33 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 795438A0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    9.4 KB · Views: 51
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by Martin (12-06-2021 11:20:58) Run:1
Running from C:\Users\Martin\Downloads\Fix the evil gremlins
Loaded Profiles: Martin
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.8.0.50\Definitions\SDSDefs\20170227.019\EX64.SYS [X]
2017-01-13 18:11 - 2017-01-19 18:11 - 002612224 _____ () C:\Users\Martin\AppData\Local\file__0.localstorage
2020-07-13 12:42 - 2020-07-13 12:42 - 000001492 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2016-12-25 23:51 - 2017-01-11 19:50 - 000007597 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{8469F405-E66E-4E86-A3B6-72442920A981}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{8D537E27-DD6A-4D58-A507-866F5C7F1F38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{F0162085-08C7-4050-BC57-E63348D5AB79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{371E7482-602C-4AFA-A8D8-F1C653E9A0F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{551E1E48-02FC-4421-8E6C-BFB11F5FFBD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{892E0C7A-6809-4416-90FB-41FF6C0A95B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{FAD21B2A-B0AA-4118-BE92-36A64A0AC7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C666E99F-07CD-4A62-A526-B5FB124AC73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe => No File
FirewallRules: [{C2A0B689-465E-4F58-B9C0-770C71956196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{CB35E0A2-C967-43FA-9D50-9C933D228610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{18C0CA92-0059-4713-A4BE-D80BAF1DF062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{3473C33F-965A-405D-A05C-282D43297070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe => No File
FirewallRules: [{6D5900F7-FB0C-43E9-8768-F3735A9F2B96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CBB5AF26-B5ED-4EEA-B045-180085C8DA10}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CA6CEAF2-5C8D-41AE-AA3D-74EE527BFF64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{1E59273C-BF18-4709-A264-DBBA304CA66A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [TCP Query User{782BCE27-55C1-4F2C-BECA-9640355698B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{5E6B5654-9291-4E8A-958F-70205CA9052E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [{705375DB-A959-4B04-8F33-0605FEAC1A8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{9219D23A-B55E-4378-928D-DC9CA8FDBE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe => No File
FirewallRules: [{3930D5A1-DE89-4C3F-AD65-553D4C84070F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [{27C081A6-5C6D-44C3-9631-C3C311C1E79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe => No File
FirewallRules: [TCP Query User{EE3081E6-6118-4B08-8180-D0527A74488D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{CC3F7D43-A969-4BC5-B389-533DE5668321}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{C46C0E9B-47EF-4670-A5D3-3F34C86D5C15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{4CC4CF32-7A5F-41B9-81BD-460728ABDE71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe => No File
FirewallRules: [{D60D46E6-7659-4563-84DA-19D0FBBD1DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{1C4BFE89-9C72-41D5-8CCE-6A82BB422E6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x32.exe => No File
FirewallRules: [{88B3C751-BFCB-43E8-9FD7-16E0F7435876}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{1C182371-5059-49AF-82B2-ADFA57EEE7F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\ProjectCappuccinoPCV1_24_3_x64.exe => No File
FirewallRules: [{7475576B-3853-4A45-817E-C2D7DAD4892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{73139DA3-9301-4155-9A07-3A2F726040CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x32\ProjectCappuccinoPCV1_25_0_x32.exe => No File
FirewallRules: [{C5952821-BA74-4C81-9716-67ED8A12D583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{B3F75C11-18FB-465D-A99A-02D2F5516F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Cappuccino\x64\ProjectCappuccinoPCV1_25_0_x64.exe => No File
FirewallRules: [{DB210D64-8E83-4B5B-BF09-7FCAB12814B6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{4368C1AD-89D4-4F3C-8179-9DD1134F03B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might & Magic Heroes VI\Might & Magic Heroes VI.exe => No File
FirewallRules: [{F9D7B934-A75C-4353-AB12-1587EA48BCCF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{D8946E94-E7BB-4A50-867E-D45E1ACE9DBD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed II\AssassinsCreedIIGame.exe => No File
FirewallRules: [{BA49A48E-F528-4178-AE30-D35B6F470588}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{15502A33-4438-4C7F-869F-F1089F37D3A5}] => (Allow) C:\Users\Martin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AA665D4D-07C6-4E8C-B6F4-E5BD01D5881D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{901CEE3A-3B91-45DD-9CCE-4D9BE3B62CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{D2C0630C-A928-4C50-8E30-8BD9DF54A26A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{9F9F01B0-35A2-4432-A693-474D8EA3ECA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe => No File
FirewallRules: [{05D3D71D-03D5-40B3-8001-5F3561BDADC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{2B814850-73C6-4F25-AFD3-433615B555F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe => No File
FirewallRules: [{6F4AAAB7-D696-4A57-B01D-A6193940C647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{B893F1D8-9D53-43B8-B74F-3A2FC95FCB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE => No File
FirewallRules: [{D5AE95B8-BF0B-4418-BB15-9B0E7397FDE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{DD44431A-6251-4FDD-8190-352F72ED422C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe => No File
FirewallRules: [{8F3F032C-22DA-46C3-8D4D-66636B3135CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File
FirewallRules: [{D5775E3A-A1CE-45CC-AF5B-D0A2C68F10AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe => No File


*****************

HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.
C:\Users\Martin\AppData\Local\file__0.localstorage => moved successfully
C:\Users\Martin\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Martin\AppData\Local\Resmon.ResmonCfg => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8469F405-E66E-4E86-A3B6-72442920A981}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D537E27-DD6A-4D58-A507-866F5C7F1F38}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0162085-08C7-4050-BC57-E63348D5AB79}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{371E7482-602C-4AFA-A8D8-F1C653E9A0F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{551E1E48-02FC-4421-8E6C-BFB11F5FFBD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{892E0C7A-6809-4416-90FB-41FF6C0A95B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAD21B2A-B0AA-4118-BE92-36A64A0AC7F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C666E99F-07CD-4A62-A526-B5FB124AC73C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2A0B689-465E-4F58-B9C0-770C71956196}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB35E0A2-C967-43FA-9D50-9C933D228610}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18C0CA92-0059-4713-A4BE-D80BAF1DF062}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3473C33F-965A-405D-A05C-282D43297070}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D5900F7-FB0C-43E9-8768-F3735A9F2B96}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBB5AF26-B5ED-4EEA-B045-180085C8DA10}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA6CEAF2-5C8D-41AE-AA3D-74EE527BFF64}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E59273C-BF18-4709-A264-DBBA304CA66A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{782BCE27-55C1-4F2C-BECA-9640355698B9}C:\program files (x86)\hearthstone\hearthstone.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E6B5654-9291-4E8A-958F-70205CA9052E}C:\program files (x86)\hearthstone\hearthstone.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{705375DB-A959-4B04-8F33-0605FEAC1A8B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9219D23A-B55E-4378-928D-DC9CA8FDBE6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3930D5A1-DE89-4C3F-AD65-553D4C84070F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27C081A6-5C6D-44C3-9631-C3C311C1E79A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE3081E6-6118-4B08-8180-D0527A74488D}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CC3F7D43-A969-4BC5-B389-533DE5668321}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C46C0E9B-47EF-4670-A5D3-3F34C86D5C15}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CC4CF32-7A5F-41B9-81BD-460728ABDE71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D60D46E6-7659-4563-84DA-19D0FBBD1DDA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C4BFE89-9C72-41D5-8CCE-6A82BB422E6A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88B3C751-BFCB-43E8-9FD7-16E0F7435876}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C182371-5059-49AF-82B2-ADFA57EEE7F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7475576B-3853-4A45-817E-C2D7DAD4892B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73139DA3-9301-4155-9A07-3A2F726040CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5952821-BA74-4C81-9716-67ED8A12D583}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3F75C11-18FB-465D-A99A-02D2F5516F18}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB210D64-8E83-4B5B-BF09-7FCAB12814B6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4368C1AD-89D4-4F3C-8179-9DD1134F03B4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9D7B934-A75C-4353-AB12-1587EA48BCCF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8946E94-E7BB-4A50-867E-D45E1ACE9DBD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA49A48E-F528-4178-AE30-D35B6F470588}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15502A33-4438-4C7F-869F-F1089F37D3A5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA665D4D-07C6-4E8C-B6F4-E5BD01D5881D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{901CEE3A-3B91-45DD-9CCE-4D9BE3B62CC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2C0630C-A928-4C50-8E30-8BD9DF54A26A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F9F01B0-35A2-4432-A693-474D8EA3ECA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05D3D71D-03D5-40B3-8001-5F3561BDADC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B814850-73C6-4F25-AFD3-433615B555F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F4AAAB7-D696-4A57-B01D-A6193940C647}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B893F1D8-9D53-43B8-B74F-3A2FC95FCB4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5AE95B8-BF0B-4418-BB15-9B0E7397FDE5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD44431A-6251-4FDD-8190-352F72ED422C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F3F032C-22DA-46C3-8D4D-66636B3135CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5775E3A-A1CE-45CC-AF5B-D0A2C68F10AE}" => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-06-2021 11:23:26)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.

==== End of Fixlog 11:23:26 ====
 
redtarget.gif
Before last scans I suggest you reset your router by unplugging it for 1 minute from power source.

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
You must log in or register to reply here.

Similar threads

J
  • Locked
Inactive Infected: Tidserv Activity 4 alert & more
2 3
Replies
50
Views
8K
Broni
Broni
J
Inactive Infected by Rootkit.ZeroAccess and remnants remain in system
2
Replies
37
Views
11K
Broni
Broni
A
  • Locked
Solved Google Redirection, BSODs on some full system scans
2
Replies
30
Views
6K
Broni
Broni

Latest posts

Back