Inactive-A Computer stuttering during downloads of anything, sluggish and high CPU usage at random times.

Status
Not open for further replies.

Hellbot711

TS Rookie
Alright, the title pretty much explains whats going on. I got this computer roughly this time last year and have finally decided that there is something wrong with it despite knowing this for some time. I never had the means to approach this in any way, but after finding this forum I may have a chance to deal with this.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by Owner (administrator) on DESKTOP-35PSNAT (12-08-2019 13:17:29)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Platform: Windows 10 Enterprise 2016 LTSB Version 1607 14393.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4584344 2019-07-08] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5252880 2019-04-30] (IObit Information Technology -> IObit)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-07] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535080 2019-01-17] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Parsec.App.0] => C:\Users\Owner\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed]
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Owner\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-07-21] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-08-06] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-02-05]
ShortcutTarget: Twitch.lnk -> C:\Users\Owner\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C9369A-0E0F-4902-A7EB-E3312139EAFC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05797F35-5758-48E3-B099-E3A011916555} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B0D93CB-B9B5-4C13-A5AD-41B1D6976E32} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {1569B244-8F9D-4170-B9C2-CFA1E28F1400} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\6.5.0\Scheduler.exe [149776 2019-06-18] (IObit Information Technology -> IObit)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1C609CBE-4FD1-41BC-9BBE-C0487B35B26F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CDA7B91-47CD-409C-91EC-E4F7CEC97D60} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5276944 2018-11-27] (IObit Information Technology -> IObit)
Task: {31293104-A7E9-43D3-B098-D0EA4756C986} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BC0D23C-5AC7-4FCF-8BB8-22DBEEEE0884} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43640D0A-53A9-45FC-A512-7D49EC2C8D36} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43E4F7D0-AC9F-4EF8-AF6D-5C241A236795} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2017-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {448747DC-C54A-46B4-9F70-489E5A01DB8B} - System32\Tasks\IMF_SkipUAC_Owner => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5252880 2019-04-30] (IObit Information Technology -> IObit)
Task: {469F170E-29A0-4E0D-BE8C-CAD6246C2739} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {4D9D92BA-D457-495E-B71B-5741E025CEAC} - \ASC12_SkipUac_Owner -> No File <==== ATTENTION
Task: {5B596CA1-6A7B-4286-8D02-75E9991E3900} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2017-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6902D9FC-750C-4975-AB3E-E31E015A4D5A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {713B8AA1-B718-4BDF-A747-6514D1751045} - System32\Tasks\Driver Booster SkipUAC (Owner) => C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe [7614224 2019-06-18] (IObit Information Technology -> IObit)
Task: {9965B1FB-5C3A-4229-AAC7-45AA87E715BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AEC18690-D67F-4C37-94CF-700AC3299013} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2963216 2018-07-10] (IObit Information Technology -> IObit)
Task: {B3E9CEA2-6E7C-4777-9D35-EED72763711B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C46B49B1-7953-43CE-B914-61BFDB7BF210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-24] (Google Inc -> Google Inc.)
Task: {DF2120E1-74AF-4335-9A20-14EAA8745177} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5806352 2018-11-20] (IObit Information Technology -> IObit)
Task: {EE96A177-5E4D-4E94-8F76-EDDA7217170C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F130C64B-BFC7-44D1-AC10-1E7AB66D45FA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F15DF4A9-79C8-497A-B289-E739767156F6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FC5BBED5-BE7B-4226-AC46-7FAAA801E620} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-24] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.144.187.199 204.186.0.180 204.186.110.76
Tcpip\..\Interfaces\{3ab81052-998c-4933-8ef9-3a62bb52e63f}: [DhcpNameServer] 216.144.187.199 204.186.0.180 204.186.110.76

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2019-05-29] (Webroot Inc. -> Webroot)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2019-04-16] (IObit Information Technology -> IObit)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2019-05-29] (Webroot Inc. -> Webroot)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: i10tqh22.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default [2019-05-05]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\user.js [2018-12-23]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2019-03-28]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-04]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi [2019-05-29]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-08-12]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-24]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-12-13]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-24]
CHR Extension: (Google Play Movies & TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2018-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-25]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-08]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2018-09-26]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2019-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-25] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-12-15] (BitRaider LLC -> BitRaider, LLC)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-08-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2346256 2019-04-12] (IObit Information Technology -> IObit)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Parsec; C:\Program Files\Parsec\pservice.exe [190536 2018-07-27] (Parsec Cloud, Inc. -> Parsec)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2019-03-26] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-05-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4584344 2019-07-08] (Webroot Inc. -> Webroot)
S2 ZeroTierOneService; C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe [1523696 2018-07-27] (ZeroTier, Inc. -> )
S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40496 2018-09-20] (IObit Information Technology -> IObit)
S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [43568 2018-09-20] (IObit Information Technology -> IObit)
S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [34048 2018-07-05] (IObit Information Technology -> IObit)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b64147bed2d44a1\e1d68x64.sys [567872 2019-06-12] (Intel(R) INTELND1820 -> Intel Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-23] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [906160 2019-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40016 2018-12-06] (IObit Information Technology -> IObit)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40520 2018-12-06] (IObit Information Technology -> IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34192 2018-12-06] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [37328 2018-12-06] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (Microsoft Windows -> MediaTek Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [53952 2018-12-06] (IObit Information Technology -> IObit)
R3 RzDev_0067; C:\Windows\System32\drivers\RzDev_0067.sys [44560 2019-06-12] (Razer USA Ltd. -> Razer Inc)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [56840 2019-06-12] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-15] (Microsoft Windows -> Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [128216 2019-01-07] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [77080 2019-05-29] (Webroot Inc. -> Webroot)
R3 zttap300; C:\Windows\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U4 DiagTrack; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-12 13:17 - 2019-08-12 13:17 - 002097664 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2019-08-12 13:17 - 2019-08-12 13:17 - 000040566 _____ C:\Users\Owner\Downloads\FRST.txt
2019-08-12 13:17 - 2019-08-12 13:17 - 000000000 ____D C:\FRST
2019-08-12 12:37 - 2019-08-12 12:37 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2019-08-09 17:15 - 2019-08-09 17:15 - 000001615 _____ C:\Users\Public\Desktop\DoW Mod Manager v1.3.lnk
2019-08-09 12:27 - 2019-08-09 17:16 - 071070044 _____ () C:\Users\Owner\Downloads\Tyranid_Mod_0.5b2_Installer.exe
2019-08-09 12:26 - 2019-08-09 17:08 - 2021846999 _____ C:\Users\Owner\Downloads\UA-THB-v1.88.5-Full.exe
2019-08-09 11:38 - 2019-08-09 11:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\EasyAntiCheat
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-08-08 23:12 - 2019-08-12 12:18 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-08-07 18:31 - 2019-08-07 18:31 - 023262966 _____ C:\Users\Owner\Downloads\1.4.22_patch.1.zip
2019-08-07 14:10 - 2019-08-07 18:53 - 000002150 _____ C:\Users\Owner\Desktop\Stalker-COP.lnk
2019-08-07 13:56 - 2019-08-07 14:10 - 000000000 ____D C:\Users\Owner\Desktop\COP
2019-08-06 19:54 - 2019-08-06 20:08 - 3243723703 _____ C:\Users\Owner\Downloads\Call_of_Chernobyl_1_4_12.7z
2019-08-03 13:40 - 2019-08-03 13:40 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Klei
2019-08-03 07:58 - 2019-08-03 07:58 - 000000294 _____ C:\Users\Owner\Desktop\Satisfactory Early Access.url
2019-07-28 23:21 - 2019-07-28 23:21 - 001044296 _____ (EasyAntiCheat Oy) C:\Windows\system32\Drivers\EasyAntiCheat.sys
2019-07-28 23:21 - 2019-07-28 23:21 - 000000000 ____D C:\Users\Owner\AppData\Local\EternalCrusade
2019-07-26 18:19 - 2019-07-26 18:19 - 000000000 ____D C:\Users\Owner\AppData\Local\id Software
2019-07-21 13:12 - 2019-07-21 13:12 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Knuckle Cracker
2019-07-19 21:20 - 2019-07-19 21:20 - 000000000 ____D C:\Users\Owner\AppData\Local\AmidEvil
2019-07-16 22:29 - 2019-07-16 22:30 - 000000000 ____D C:\Users\Owner\Desktop\SCP Unity
2019-07-16 22:29 - 2019-07-16 22:29 - 246972862 _____ C:\Users\Owner\Downloads\SCP - Containment Breach v1.3.11.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-12 13:14 - 2019-02-28 20:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Origin
2019-08-12 12:51 - 2018-09-24 03:03 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-08-12 12:25 - 2018-09-24 00:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-12 11:30 - 2018-10-05 19:15 - 000000000 ____D C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2019-08-12 11:30 - 2018-09-25 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-12 10:43 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\AppReadiness
2019-08-12 02:36 - 2019-02-28 20:35 - 000000000 ____D C:\ProgramData\Origin
2019-08-11 19:51 - 2018-09-25 12:52 - 000000000 ____D C:\ProgramData\WRData
2019-08-11 19:23 - 2018-09-24 01:14 - 000000000 ____D C:\Users\Owner\AppData\Local\ClassicShell
2019-08-11 19:03 - 2018-09-28 21:11 - 000000000 ____D C:\Users\Owner\AppData\Roaming\discord
2019-08-11 17:20 - 2016-07-16 07:36 - 000000000 ____D C:\Windows\CbsTemp
2019-08-09 17:46 - 2018-09-27 16:22 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2019-08-09 17:15 - 2019-07-06 08:50 - 000001555 _____ C:\Users\Public\Desktop\4GB Patch for Soulstorm.lnk
2019-08-08 17:38 - 2018-09-24 01:16 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-06 19:29 - 2018-10-17 09:05 - 000000000 ____D C:\Users\Owner\AppData\Local\Warframe
2019-08-03 13:40 - 2019-03-14 21:43 - 000000000 ____D C:\Users\Owner\Documents\Klei
2019-08-02 15:12 - 2018-10-02 14:08 - 000000000 ____D C:\Program Files\Epic Games
2019-08-02 09:48 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-01 08:13 - 2018-12-23 13:27 - 000000000 ____D C:\ProgramData\ProductData
2019-07-30 10:35 - 2018-09-25 12:41 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2019-07-28 23:21 - 2018-09-29 21:00 - 000000000 ____D C:\Users\Owner\AppData\Local\UnrealEngine
2019-07-23 17:11 - 2018-10-23 10:00 - 000000000 ____D C:\Program Files (x86)\Origin
2019-07-21 13:12 - 2018-09-25 17:17 - 000000000 ____D C:\Users\Owner\Documents\My Games
2019-07-17 12:19 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ================

2018-10-26 08:56 - 2018-12-15 21:30 - 000007626 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-10 03:07
==================== End of FRST.txt ============================
 

Hellbot711

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Owner (12-08-2019 13:18:06)
Running from C:\Users\Owner\Downloads
Windows 10 Enterprise 2016 LTSB Version 1607 14393.1198 (X64) (2018-09-24 07:10:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2271445690-811326076-4145465977-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2271445690-811326076-4145465977-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2271445690-811326076-4145465977-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2271445690-811326076-4145465977-501 - Limited - Disabled)
Owner (S-1-5-21-2271445690-811326076-4145465977-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {DF901FA1-F926-253B-C464-B01C79DCAD48}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Advanced SystemCare 12 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 12.2.0 - IObit)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bomber Crew (HKLM-x32\...\{8C105008-09CB-4049-A10F-F4A6C55AA4C7}) (Version: - Curve Digital)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
Driver Booster 6 (HKLM-x32\...\Driver Booster_is1) (Version: 6.5.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Fallout New California (HKLM-x32\...\FONC) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
IObit Malware Fighter 7 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 7.0.2.5228 - IObit)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.2.0.14 - IObit)
Java(TM) SE Development Kit 11.0.2 (64-bit) (HKLM\...\{07E85AEA-1F8D-5F49-8CC8-319389751152}) (Version: 11.0.2.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Graphics Driver 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: - Parsec Cloud Inc.)
PlanetSide 2 (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype version 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.1 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.2.6.0 - Splashtop Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.7.43428 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Twitch (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - )
Tyranny - Commander Edition (HKLM-x32\...\{4194FF96-8A00-4896-B2D3-526BF389806F}) (Version: - Paradox Interactive)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 71.0 - Ubisoft)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.16.15 - Black Tree Gaming Ltd.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.26.61 - Webroot)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
ZeroTier One (HKLM-x32\...\{855E8629-580C-4BDF-8B59-B9290C7E7BA5}) (Version: 1.2.12 - ZeroTier, Inc.) Hidden
ZeroTier One (HKLM-x32\...\ZeroTier One 1.2.12) (Version: 1.2.12 - ZeroTier, Inc.)
ZeroTier One Virtual Network Port (HKLM\...\{4AFE4740-C680-40FE-B6B0-0C15EB0176F1}) (Version: 1.0.0 - ZeroTier) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-07-11] (Webroot Inc. -> Webroot)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-07-11] (Webroot Inc. -> Webroot)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2019-05-09 20:10 - 2019-05-09 20:10 - 085372416 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libcef.dll
2018-10-23 20:49 - 2018-10-23 20:49 - 000043520 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libUbiCustomEvent.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 000883160 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 000163800 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2016-07-30 12:05 - 2016-07-30 12:05 - 003661784 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 000289240 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2019-05-09 20:10 - 2019-05-09 20:10 - 000518144 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\chrome_elf.dll
2019-07-23 17:10 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-07-23 17:11 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ZeroTier\One\
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Desktop\D0aTCZ2.jpg
DNS Servers: 216.144.187.199 - 204.186.0.180
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WpnService => 3
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Parsec.App.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD779A3F-488D-430A-B044-D258D46E2E75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DCFD7ABB-6CC3-4461-ABC2-9F8D0A2B4377}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A560BBC4-024B-4653-8516-1E555B9E11CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3503A7CC-B82E-47AE-A8E1-66E13CE36254}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0D8E8633-E0B6-448F-96A7-D588407C26C9}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{6D989210-6484-4562-BCF3-81F861109055}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{0BCBCA6B-F33C-41BA-B02D-D2BB5FACB090}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{6AE60E52-B7A7-472A-83F5-AB42F4ED1FC5}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [{C9EF2B2C-05A3-422D-BB6C-D230F5C7CB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments ) [File not signed]
FirewallRules: [{8A29B490-F7A5-4B18-BFCD-FB66AFFB9DA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments ) [File not signed]
FirewallRules: [TCP Query User{6E77EB03-7F05-4B76-8826-7B3334E01174}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{E8C204B7-2A59-41AC-AD5B-CFC2887D46D1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{F8C1A779-EA43-4807-B031-BC46976E1EBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{81DEDD13-F51B-4534-90F2-18749E9EC80A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C224D59-995C-48D2-8ECA-E90FFD024649}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{75690FB6-D714-411D-AF6B-2A9FEE4C570A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3E0BFE29-C07A-4819-946A-D3A297001718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{F4364C8F-9155-4B0F-9837-EAE43D47FDDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{79234903-E283-4C7B-8BF6-E24496C754CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [{234702BB-B92F-4BD7-835F-C194E62E8D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [TCP Query User{33FEAA8C-041A-4F22-8F1F-C0D6BB33BEEF}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [UDP Query User{5494827B-D9F4-4372-A8F9-95A6F37EA4D8}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [{41FC60D9-7E1D-49BA-B324-476CB13C32A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{4F28AF93-B812-4A5D-B104-944E9ADB099B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{D4E6CF0E-79E9-4EC5-8737-B90EC0F63651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe () [File not signed]
FirewallRules: [{C4FBD8F3-6D95-4AC8-99BC-FDD3D02E94F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe () [File not signed]
FirewallRules: [{4E20D086-D2F9-4EF2-944E-AD795A4017DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{103917D3-2D9F-4968-8919-69D59A462231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{CBD38826-59FF-414C-A106-1D0DAFB4F9CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [{350B6A0E-C9A5-4C25-8251-54362FAE5092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [{1806A984-B00B-4289-A0B3-3C18F4486A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{510EDB34-1A23-4401-A273-2C0E289059BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{75869808-7B97-4F63-9C07-A2F41B770ACA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{8C9DDACB-6AB9-4879-BDB3-58E69094F7F9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{7EA7CC32-CE60-4BDA-A778-1DAEBDA3D262}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{2DDD8EDA-BF50-439B-A0DA-30435919CAAF}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{B6ECCB83-80BC-4645-AF56-0DE7C07C1136}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.)
FirewallRules: [TCP Query User{258BAAD2-DF4E-4F0A-9289-3BD3E81EA7B3}C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{8AE5A3A5-8EE8-4BFE-A8CE-AE17DA407ABA}C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{BA03D54C-E000-4326-9EB1-2D02157350DF}C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe (Focus Home Interactive -> Epic Games, Inc.)
FirewallRules: [UDP Query User{36314BCE-F746-40D7-91DB-E9BC464B5A9F}C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe (Focus Home Interactive -> Epic Games, Inc.)
FirewallRules: [{113C4F4D-0E56-41CD-A12D-73DA05735E10}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{FDF2DE05-5ECE-44FD-996B-4BAAAD1D309E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
 

Hellbot711

TS Rookie
FirewallRules: [TCP Query User{AB148CFD-DBC5-4BD1-838F-16066EF3A537}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{5EE173E4-E10F-47A6-BB77-5C0EFE2398D7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{1D83C4AA-ACB5-4CCA-93A1-98ECC539CEC9}C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{76A33C12-2C60-4DF2-9921-1467F2A33ECD}C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{D23B6204-DF25-46E5-8E4A-0C6F83172CF3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B8D0A0A4-AEE9-4B5C-84E4-D0DD7673C126}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BC40762-4AD1-4398-AE71-84A96C7726BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{DC91153C-9F04-4C84-A57B-02BC41AEBB53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{14EE5001-4533-4AA1-8860-F15042D6AB81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [{3D85B1C8-DB35-48C9-987E-BF41239555C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [TCP Query User{9B5AA2D2-ACBF-4D6A-9B4C-351CABF9070E}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{0C385633-1DC5-42D6-98DF-D96C5355A3C4}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6C0BDAEA-4241-4A66-8228-3C3BE619DC33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe () [File not signed]
FirewallRules: [{24A50B69-9DFE-44FE-BA9F-14426844C416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe () [File not signed]
FirewallRules: [{7E83CA79-FE87-47F8-AA91-9D5200851AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe () [File not signed]
FirewallRules: [{26D2118F-D4B4-45FA-8FAB-17ED9C2836E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe () [File not signed]
FirewallRules: [{8A23D2F1-0DCA-4D5C-BA1C-28331D1A1084}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDE1D258-321B-418B-AFC9-E2B57C85E02D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C0A4898-6FA6-4943-9F9B-ED3F36DF9769}] => (Allow) LPort=9993
FirewallRules: [{998548CF-1829-4405-B09E-C0EED26A5647}] => (Allow) LPort=9993
FirewallRules: [{0ADF28A6-8B46-4586-9B5B-83E82E3E9E45}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{F9807BEF-28AE-44A6-B118-99BF7C06D5D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{D94B35F0-B554-4B5E-A523-5DDB3AEC3651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{10756A76-607C-488A-99A9-1621C7040C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{A7CBB1A5-0D37-4513-923B-A093152D0EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{4AA43365-1D77-4D9E-966E-40D2AF2AF11E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed]
FirewallRules: [{638442A0-8217-4484-B3F2-BBCBBE67D5F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed]
FirewallRules: [{B8C1FC5A-34BA-4F76-A67B-8C0995803308}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed]
FirewallRules: [{3353284F-A485-4CC3-B271-D38089A9C2BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed]
FirewallRules: [TCP Query User{CC9F7AF5-5B16-4673-B32C-B7C440CAC4F7}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [UDP Query User{2EEDD602-A9F7-4F0B-8596-DFA0D930A580}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [{4A079A3C-9B3A-4417-AF03-08AC731D0686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{2A74149B-BE28-4FEA-AB37-B20C1B187E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{CAB078D3-3033-479F-9B1D-BCFAF062E079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{7CD76518-72E7-4031-9AE1-C60CD40757E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{3935BB53-3531-4CD8-99DA-4EF58673332F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe () [File not signed]
FirewallRules: [{A175C573-C2A8-45F6-A3E3-5E9500C5D2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe () [File not signed]
FirewallRules: [{A4874703-12A3-46B6-9EFF-AD7F5E6A538D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{C77FA002-115B-4EE5-BBD8-9FF705149621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{7CDEF27F-5AC1-4F41-964B-B1361840B79C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlefleet Gothic Armada II\BattlefleetGothic2.exe (Focus Home Interactive -> EasyAntiCheat Ltd)
FirewallRules: [{4F031BFE-F045-4C1B-B5C5-E44397D143EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlefleet Gothic Armada II\BattlefleetGothic2.exe (Focus Home Interactive -> EasyAntiCheat Ltd)
FirewallRules: [{3B698CC4-56B9-4E59-A817-AD7028CF609F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C59DD5B1-15F8-4C8F-90CF-59CB81E398C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8D244AE4-028C-498A-AD05-3C902A86DFD6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{0A1B1EC2-2D09-435A-8A10-BF5DE579454C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4E27EFB8-3283-4EE0-A1FC-825F8C698A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B7211FA8-467F-472A-BE76-A9D74DEF1F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{DD02CBB9-E1E4-48F8-B362-76B174B4A215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{2A1ED83D-D466-4FD1-9D6D-DB1424DFA7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{606D2346-20BE-471B-9D87-3907BA760D1F}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [UDP Query User{55FDC532-79CD-433F-AC7B-6D4CB26FE55B}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{CFA8B73D-1905-456C-BFBB-5F9A83DED554}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{057763CB-F52C-45E2-ACCA-8EC8105988F1}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [TCP Query User{00E765D5-E5AE-495E-912A-57EB3ED398A3}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [UDP Query User{C78B8765-6D72-400E-836D-8B83C4516D34}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{EF15D042-6A78-449F-B011-84FC51AFA7AE}] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{1732CA1B-25C5-4D29-9F54-302931C4D6BA}] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{49BCEE39-9F29-44CF-B5F9-8545CFB83952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{704292BC-C54F-4037-93AA-573D4B44C932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{07CE884D-52A5-4303-B8D9-460562DB21EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]
FirewallRules: [{C9ED3E66-37C7-400B-850F-58EA7320AF96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]
FirewallRules: [{57999AED-2759-42EE-9C70-20F59943DF69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [{86979058-0A30-42AA-883B-E81F7E096560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [TCP Query User{A3558CB1-5459-4A78-87CC-69B1CB363EBC}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [UDP Query User{D3B664DC-53F0-4D97-BCF8-10C5E47DAF8A}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4E883957-BC3A-474D-BA9E-6EA901946910}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{64AC7242-C18E-4C18-A70D-12C4C1592076}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4BF4482C-B5CC-41E2-BD69-DD969C165DA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [{C401057F-60BA-4A27-8EF4-F6454E6B3D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [{F565443D-013E-4481-98EE-E73511011163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{AEC6120B-E690-4F83-9E51-11A9F1FE394E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [TCP Query User{675E1D93-9ADB-4721-9964-BA4F3B1EEE9E}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [UDP Query User{09EABC76-C5B9-4DB5-8A12-32E970CDCBF0}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{4EBC878C-8853-43AE-A348-99497F7BAEBE}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{BFBF584E-FF02-477D-9D31-20A6F5F1F2C3}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{04ED20CE-0374-4179-86CC-272C6F6CB4D2}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{9D37F4A0-6486-4223-B196-4CC85932F572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paint the Town Red\PaintTheTownRed.exe () [File not signed]
FirewallRules: [{335FBDB0-F5DF-448C-86FC-911F7CF06DE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paint the Town Red\PaintTheTownRed.exe () [File not signed]
FirewallRules: [{A28D0697-F07B-4EE6-B61C-B0EDB2DF8E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Granny Simulator\Granny Simulator.exe () [File not signed]
FirewallRules: [{C614892C-9A18-4E2D-8A43-18589442F88F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Granny Simulator\Granny Simulator.exe () [File not signed]
FirewallRules: [{A35A750B-988D-43B1-B630-75F9F757E1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [File not signed]
FirewallRules: [{8BEB7936-F25A-4876-BF2D-274D3B17F8CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [File not signed]
FirewallRules: [TCP Query User{02B0A332-6DA9-4DC8-8EA1-FAC3F3B3BB47}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [UDP Query User{0CD5482F-E15D-4E61-845A-1A3882A7B3EE}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{2D972E7A-0972-4F61-87B8-D9FB64D8B136}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{36732D1D-630B-439D-92C7-0419AE7C74BB}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{5980B126-E913-4848-8C57-A8227ADE8A9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{DA338659-A039-41B7-BB63-BEF700653DCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [TCP Query User{41A700A8-E143-4A03-8591-DC936BBD55B7}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [UDP Query User{3E266A6C-DEE6-4232-93A5-4A70B5313DDC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [{2CE9B85F-683A-414B-92EC-ED1905947C89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{F226DBD0-61B3-4BC6-BDA4-5CA6517B7983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{3605D029-D99F-4E58-9E25-231A8FE25350}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [{4C752ADF-9CB6-4A55-93DF-C9D9D0DA3A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [TCP Query User{322AC644-FD00-4986-89FE-9E5BE9EC4D51}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{77274EBC-ECD2-40BA-8E25-D51E28F3E725}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{AE3E0B69-124B-42B7-B4E9-2F0D37C8CE8D}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{8045EA88-8BE3-46BC-B31D-8D2DC4D51151}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6905BB93-6F25-4FD9-954C-9ACA8105D02C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barotrauma\Barotrauma.exe () [File not signed]
FirewallRules: [{79C43DE6-AE10-4681-ABA2-34D1D6A34489}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barotrauma\Barotrauma.exe () [File not signed]
FirewallRules: [TCP Query User{9B1F3009-517E-46A6-829A-2DA9E59FA549}C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [UDP Query User{31A1C306-64DB-4517-9969-07E2CC7AB233}C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [{ADDF277B-476E-471A-849B-5A41794B29C4}] => (Block) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [{3324ACEF-3257-4697-BE41-13EB7F86B96C}] => (Block) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [TCP Query User{6EE78D79-1DCB-4CA9-9A34-1163D6AF97D0}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{BB8E11E8-359A-4AE1-B136-9867DACC5137}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [{D6D364CD-6437-4A12-9D46-6F1B244E12F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{81738A30-1178-4B96-B16A-1DDE2F986FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6FEA3677-98FE-4B84-9C3A-C00C17A06EF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [{168167D6-B6E9-4640-AF35-690D0B590543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [{4E023788-CE63-4611-9AD8-B855CA6564A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole\War.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4E9273D6-795B-4223-AA99-E63F263503FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole\War.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{53CB8C6F-AEF3-4CBF-BD81-E48B896B22EB}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [UDP Query User{BB7A6980-6888-4948-84A0-FC9CC165D42D}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [{9520CCF6-D44C-40CC-89F7-9133726CFE7B}] => (Block) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [{6BDAD3B9-19F7-43F0-949B-C1BDBEA5F0A6}] => (Block) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [TCP Query User{0D90A084-B356-449B-9D29-6C0461B62811}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{013D66BD-3414-4AE7-A569-FE278B32BB7A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [{F7CABE0C-761D-4C57-9409-7F3F2DF25346}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{C5968DBC-88F6-460E-8D97-E94D11071948}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{F57D5BF4-5E97-4F72-9321-6B2BE0CD360E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{D7D7A7A9-D11D-412F-B19A-EEDE7CB3C7C5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{66430ECC-AFD3-422F-9BCD-1F468381F3DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{C008B26E-F6CD-4B85-AA97-4BB0D865329A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [TCP Query User{2E126707-B3F6-4BDB-8FAB-700C577293A3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [UDP Query User{2A285BE9-4B87-435E-8D59-04D01964C038}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0AE0BC01-B7B0-46BA-B13E-38A8C747C83D}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0F6901F1-924C-47D9-9317-4DD174DB5B20}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [TCP Query User{7A0BA955-B807-4050-A3FF-A7F045A247B2}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [UDP Query User{1F510B9E-32F6-449E-A264-EE9CCD73BDEE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [{5B850649-13FB-4894-8712-A55A359BD2A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volcanoids\Volcanoids.exe () [File not signed]
FirewallRules: [{046D197F-8C9A-4E4E-9127-239E343109D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volcanoids\Volcanoids.exe () [File not signed]
FirewallRules: [{77612197-49B2-4A1A-8E5B-C8577203AE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{FC4A7AFF-591A-47BB-9AE0-299DAA5D1F43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{B0606F19-8D9C-4227-9E33-8614DF9E08C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{C3115065-CC76-4CCC-B6E3-CFE916FA7574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{ED8D199F-A2D1-48ED-9191-F47C9EF3E959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [{ED413007-9BD3-4135-8FB9-A8E474ADC5D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [TCP Query User{A3096961-E4C2-451A-9D73-6DC38E1B2FD9}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [UDP Query User{B2760310-206A-4DEC-8228-9ACB2572B34A}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [{CDF73355-25DD-4812-B77E-1E13469313B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49D15974-F040-45AE-B693-D72F9D3DA0E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{04DF47D3-7382-4125-820A-8873364D0ECB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5F52F0CF-74C8-4D50-B2D3-303F3B9C5F1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8AA8ACA2-25C0-4353-A171-BCD214FEB381}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holdfast Nations At War\Holdfast NaW.exe () [File not signed]
FirewallRules: [{E3507826-BB3E-4F65-9C27-599A61DCA338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holdfast Nations At War\Holdfast NaW.exe () [File not signed]
FirewallRules: [{01FB1C92-D134-434E-B144-9B9940ACCD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{61B51A3F-C98C-49C4-BB74-BBB68C13B639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{6095BD32-4092-4672-890E-3F2E56A2811C}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{9663F551-64C7-474A-B88E-278C654CE581}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{9C2DE563-64FB-465C-8FFB-F99BA1197A5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{24B4C0DB-443F-4156-B9A9-F585401A26F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DFCA6719-ACCF-400A-84CA-A502328822C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{16B1CBD4-BB7F-4775-BB25-5B44000761F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{C9CB3C78-026E-4EE2-A284-BA94F24B601F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{71255C4F-4B19-4F5A-93B2-7BD5733291F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{5D194118-8D66-4164-93B7-47E58F827BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{43FBF755-9612-476F-ABB4-3DEE9E770AC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{778A4C66-23CE-43DA-8626-53B3FE9B412B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A0EB706E-E405-4B78-B66E-CD53A1B295BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{204C08C5-9EAE-45A1-AE92-E8276D6C3414}C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [UDP Query User{6AB66CDA-E90B-4E86-9728-168FE9C3EB4E}C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [{B31E7E86-324E-42B6-A405-9BBC5F345BBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{72492DA6-B863-4E42-969B-FC47B5133993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{3F843689-9C8B-4C56-902A-E505F70730D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Particle Fleet Emergence\ParticleFleet.exe () [File not signed]
FirewallRules: [{A0E91996-5C8A-4B95-96CB-D79BC939C551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Particle Fleet Emergence\ParticleFleet.exe () [File not signed]
FirewallRules: [{8B0C443D-EAAC-4B18-A109-2FB74A3CE447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{F8865CDF-125A-4435-922D-C45FCC961B4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{C22D120B-89E8-4DA5-89BE-1E8C1AD9D094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{6229EE91-C4ED-42B1-8B05-8DCAA1AEF2D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E2D4CB71-3EA4-4AF4-8C35-93D4FD3FE7D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAGE 2\RAGE2.exe () [File not signed]
FirewallRules: [{0CDE6FFE-8C80-4AED-B6AF-88AF5B64F584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAGE 2\RAGE2.exe () [File not signed]
FirewallRules: [{A25DE06A-3B51-4CE6-8026-5D7CAA86EAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{386B872D-99A0-460C-AEFF-CEA7FE6504C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [TCP Query User{5FCB1679-8EBA-47A3-91A7-EAC2B5B6FA5F}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File
FirewallRules: [UDP Query User{95B98706-2411-40CD-87E7-DCC906EB8C3D}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File
FirewallRules: [{BD931C43-D7E3-4A14-9C07-75D420916810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{FBF69159-BDE9-411A-993F-399A1FEDC32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{00388304-3C16-4A16-A251-17C8B5E45E79}C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [UDP Query User{1CB07A88-04DE-4AED-B28B-F1D639647DCC}C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [{2CD0D1C7-BF60-4614-8EBD-BB4C21D724C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World) [File not signed]
FirewallRules: [{92A04A29-8228-4F1C-AFF9-1D847D7E212D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World) [File not signed]
FirewallRules: [{164FA76A-5D8E-41E9-B6FE-17A90C445E70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{92DFBFA2-BB74-404F-AFBA-A7D7507AA3AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{0B13E42B-EA25-4974-BEFE-EC232877290B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{6CC56ECA-748F-46B1-8A30-644EE47AB38D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0CA5E405-02BC-4DC4-9580-E07E3E05401C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7F3A4D50-B115-452F-816C-425FE06686CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed]
FirewallRules: [{55C1DAEF-1077-49A8-9720-AB4B015F8508}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed]

==================== Restore Points =========================

19-07-2019 15:07:25 Scheduled Checkpoint
29-07-2019 19:53:04 Scheduled Checkpoint
07-08-2019 14:15:34 Scheduled Checkpoint
12-08-2019 12:37:44 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
12-08-2019 12:37:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
 

Hellbot711

TS Rookie
==================== Faulty Device Manager Devices =============

Name: Razer Control Device
Description: Razer Control Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2019 12:37:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/12/2019 12:37:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/12/2019 10:43:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/10/2019 11:38:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/09/2019 09:05:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/09/2019 05:46:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Vermintide 2, version: 1.0.45405.0, time stamp: 0x5d4d9dc9
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process id: 0x5054
Faulting application start time: 0x01d54efbeefd9c26
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\launcher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 0b416d22-9536-40e9-84a0-92101496d302
Faulting package full name:
Faulting package-relative application ID:

Error: (08/09/2019 05:46:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: launcher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
at System.Windows.Media.Visual.AddVisualChild(System.Windows.Media.Visual)
at System.Windows.Media.VisualCollection.ConnectChild(Int32, System.Windows.Media.Visual)
at System.Windows.Media.VisualCollection.Add(System.Windows.Media.Visual)
at System.Windows.Controls.UIElementCollection.AddInternal(System.Windows.UIElement)
at System.Windows.Controls.UIElementCollection.Add(System.Windows.UIElement)
at System.Windows.Controls.UIElementCollection.System.Collections.IList.Add(System.Object)
at System.Xaml.Schema.XamlTypeInvoker.AddToCollection(System.Object, System.Object)
at MS.Internal.Xaml.Runtime.ClrObjectRuntime.Add(System.Object, System.Xaml.XamlType, System.Object, System.Xaml.XamlType)

Exception Info: System.Windows.Markup.XamlParseException
at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
at System.Windows.Application.LoadComponent(System.Uri, Boolean)
at System.Windows.Application.DoStartup()
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Launcher.App.Main()

Error: (08/09/2019 11:38:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Vermintide 2, version: 1.0.45392.0, time stamp: 0x5d4d8dbe
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process id: 0x1c28
Faulting application start time: 0x01d54ec86df9b73c
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\launcher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 99396015-3389-4d72-a8e5-5480f72a2bfd
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/12/2019 01:05:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 03:30:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 11:10:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 01:23:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 12:08:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/10/2019 11:10:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2019 09:25:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/09/2019 01:08:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-04-09 14:22:57.520
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {A72E09D3-C162-400D-8FD9-05E77B879057}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-09 13:37:01.411
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {348DD682-6324-4C67-BC6D-7BEA7D65275A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-01 12:51:35.170
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {CD53D76A-B3DF-4296-BC44-8A3A0BA359B0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-29 12:04:45.387
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DBB791F7-AECE-4C72-85EC-A4FA6F2364E0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-26 13:35:06.701
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6815D147-C31B-4C0F-94E5-A9A9CF970F3A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-19 21:32:17.231
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-04-01 15:17:11.341
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-03-28 12:57:27.607
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-03-17 12:23:11.376
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2018-12-29 15:06:21.655
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

CodeIntegrity:
===================================

Date: 2019-07-30 17:22:11.010
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-11 01:12:37.219
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-07-08 14:50:32.319
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-28 01:02:31.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-26 22:15:42.902
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-18 16:42:46.814
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-16 11:08:06.944
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-12 13:29:03.013
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3703 12/27/2017
Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH Z170 S
Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 21%
Total physical RAM: 20418.63 MB
Available physical RAM: 15953.38 MB
Total Virtual: 22163.15 MB
Available Virtual: 16358.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:200.21 GB) NTFS

\\?\Volume{857adc38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 857ADC38)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Hellbot711

TS Rookie
Abit of history behind this. I got my computer custom built and the mouse I got with it ended up not working initially. I went to download the drivers for it before I installed my anti-virus which is Web Root. The driver software, which the person who helped me build this didn't tell me about was wonky beyond belief and the only way to use the mouse the way I want with binds was to download this software. In the end I think this is what initially started the issues with my computer.

--Edit
A topic just showed up showing Windows Defender to be one of the best choices while my current anti virus proved to be the worst. Ill be changing that around if need be.
 
Last edited:

Broni

Malware Annihilator
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

Windows 10 should recognize any mouse so I'm not sure why you needed some extra driver.

In any case....

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Hellbot711

TS Rookie
RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug 9 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.14393) 64 bits
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/12 17:56:26 (Duration : 00:06:17)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/12/19
Scan Time: 6:06 PM
Log File: 6a73fc34-bd4d-11e9-b7e9-708bcd580718.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11976
License: Free

-System Information-
OS: Windows 10 (Build 14393.1198)
CPU: x64
File System: NTFS
User: DESKTOP-35PSNAT\Owner

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 290387
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 1 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService12, Quarantined, [3820], [380352],1.0.11976
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_SkipUac_Owner, Quarantined, [3820], [396386],1.0.11976
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D9D92BA-D457-495E-B71B-5741E025CEAC}, Quarantined, [3820], [396386],1.0.11976
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4D9D92BA-D457-495E-B71B-5741E025CEAC}, Quarantined, [3820], [396386],1.0.11976

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, Quarantined, [3820], [396386],1.0.11976
Generic.Malware/Suspicious, C:\USERS\OWNER\DESKTOP\STAR WARS FORCES OF CORRUPTIONS V1.121 TRAINER +2 MRANTIFUN.EXE, Quarantined, [0], [392686],1.0.11976

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Hellbot711

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-12-2019
# Duration: 00:00:10
# OS: Windows 10 Enterprise 2016 LTSB
# Scanned: 35457
# Detected: 46


***** [ Services ] *****

PUP.Optional.AdvancedSystemCare IMFservice

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Owner\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Owner\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.DriverBooster C:\Program Files (x86)\IOBIT\Driver Booster
PUP.Optional.DriverBooster C:\ProgramData\IOBIT\Driver Booster
PUP.Optional.DriverBooster C:\Users\Owner\AppData\Roaming\IOBIT\Driver Booster
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

***** [ Files ] *****

PUP.Optional.DriverBooster C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
PUP.Optional.Legacy C:\END
PUP.Optional.Legacy C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.DriverBooster C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (OWNER)
PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKCU\Software\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{713B8AA1-B718-4BDF-A747-6514D1751045}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{713B8AA1-B718-4BDF-A747-6514D1751045}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (OWNER)
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1569B244-8F9D-4170-B9C2-CFA1E28F1400}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.SofTonicAssistant Softonic EN
PUP.Optional.SofTonicAssistant Softonic EN

***** [ Firefox (and derivatives) ] *****

PUP.Optional.AdvancedSystemCare IObit Surfing Protection & Ads Removal

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-12-2019
# Duration: 00:00:02
# OS: Windows 10 Enterprise 2016 LTSB
# Cleaned: 46
# Failed: 0


***** [ Services ] *****

Deleted IMFservice

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\Users\Owner\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Owner\AppData\Roaming\IOBIT\Driver Booster
Deleted C:\Users\Owner\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\END
Deleted C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
Deleted C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER
Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (OWNER)

***** [ Registry ] *****

Deleted HKCU\Software\IObit\Advanced SystemCare
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{713B8AA1-B718-4BDF-A747-6514D1751045}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1569B244-8F9D-4170-B9C2-CFA1E28F1400}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{713B8AA1-B718-4BDF-A747-6514D1751045}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (OWNER)
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Softonic EN
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

Deleted IObit Surfing Protection & Ads Removal

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5823 octets] - [12/08/2019 18:11:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Hellbot711

TS Rookie
Total physical RAM: 20418.63 MB
Available physical RAM: 15794.79 MB
Total Virtual: 20818.63 MB
Available Virtual: 15526.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:127.38 GB) NTFS

\\?\Volume{857adc38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 857ADC38)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


LastRegBack: 2019-08-10 03:07
==================== End of FRST.txt ============================
 

Hellbot711

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by Owner (administrator) on DESKTOP-35PSNAT (13-08-2019 12:15:11)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Platform: Windows 10 Enterprise 2016 LTSB Version 1607 14393.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe
(ZeroTier, Inc. -> ) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4584344 2019-07-08] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5252880 2019-04-30] (IObit Information Technology -> IObit)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35826064 2019-08-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535080 2019-01-17] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Parsec.App.0] => C:\Users\Owner\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed]
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Owner\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2105416 2019-07-21] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2018-08-06] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-02-05]
ShortcutTarget: Twitch.lnk -> C:\Users\Owner\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C9369A-0E0F-4902-A7EB-E3312139EAFC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05797F35-5758-48E3-B099-E3A011916555} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B0D93CB-B9B5-4C13-A5AD-41B1D6976E32} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1C609CBE-4FD1-41BC-9BBE-C0487B35B26F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CDA7B91-47CD-409C-91EC-E4F7CEC97D60} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5276944 2018-11-27] (IObit Information Technology -> IObit)
Task: {31293104-A7E9-43D3-B098-D0EA4756C986} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BC0D23C-5AC7-4FCF-8BB8-22DBEEEE0884} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43640D0A-53A9-45FC-A512-7D49EC2C8D36} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43E4F7D0-AC9F-4EF8-AF6D-5C241A236795} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2017-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {448747DC-C54A-46B4-9F70-489E5A01DB8B} - System32\Tasks\IMF_SkipUAC_Owner => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5252880 2019-04-30] (IObit Information Technology -> IObit)
Task: {469F170E-29A0-4E0D-BE8C-CAD6246C2739} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {5B596CA1-6A7B-4286-8D02-75E9991E3900} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2017-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6902D9FC-750C-4975-AB3E-E31E015A4D5A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9965B1FB-5C3A-4229-AAC7-45AA87E715BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AEC18690-D67F-4C37-94CF-700AC3299013} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2963216 2018-07-10] (IObit Information Technology -> IObit)
Task: {B3E9CEA2-6E7C-4777-9D35-EED72763711B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C46B49B1-7953-43CE-B914-61BFDB7BF210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-24] (Google Inc -> Google Inc.)
Task: {DF2120E1-74AF-4335-9A20-14EAA8745177} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5806352 2018-11-20] (IObit Information Technology -> IObit)
Task: {EE96A177-5E4D-4E94-8F76-EDDA7217170C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F130C64B-BFC7-44D1-AC10-1E7AB66D45FA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F15DF4A9-79C8-497A-B289-E739767156F6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FC5BBED5-BE7B-4226-AC46-7FAAA801E620} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-24] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.144.187.199 204.186.0.180 204.186.110.76
Tcpip\..\Interfaces\{3ab81052-998c-4933-8ef9-3a62bb52e63f}: [DhcpNameServer] 216.144.187.199 204.186.0.180 204.186.110.76

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2019-05-29] (Webroot Inc. -> Webroot)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2019-05-29] (Webroot Inc. -> Webroot)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: i10tqh22.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default [2019-08-12]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\user.js [2018-12-23]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i10tqh22.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-04]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi [2019-05-29]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-08-13]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-24]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-12-13]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-24]
CHR Extension: (Google Play Movies & TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2018-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-25]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-08]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2018-09-26]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2019-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-25] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-12-15] (BitRaider LLC -> BitRaider, LLC)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-08-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [190536 2018-07-27] (Parsec Cloud, Inc. -> Parsec)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2019-03-26] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-05-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4584344 2019-07-08] (Webroot Inc. -> Webroot)
R2 ZeroTierOneService; C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe [1523696 2018-07-27] (ZeroTier, Inc. -> )
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b64147bed2d44a1\e1d68x64.sys [567872 2019-06-12] (Intel(R) INTELND1820 -> Intel Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-23] (Martin Malik - REALiX -> REALiX(tm))
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [906160 2019-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40016 2018-12-06] (IObit Information Technology -> IObit)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40520 2018-12-06] (IObit Information Technology -> IObit)
S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34192 2018-12-06] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [37328 2018-12-06] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-12] (Malwarebytes Corporation -> Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (Microsoft Windows -> MediaTek Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [53952 2018-12-06] (IObit Information Technology -> IObit)
R3 RzDev_0067; C:\Windows\System32\drivers\RzDev_0067.sys [44560 2019-06-12] (Razer USA Ltd. -> Razer Inc)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [56840 2019-06-12] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-15] (Microsoft Windows -> Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [128216 2019-01-07] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [77080 2019-05-29] (Webroot Inc. -> Webroot)
R3 zttap300; C:\Windows\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC)
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U4 DiagTrack; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 11:47 - 2019-08-13 12:15 - 000039553 _____ C:\Users\Owner\Downloads\FRST.txt
2019-08-13 11:47 - 2019-08-13 11:47 - 000001013 _____ C:\Users\Owner\Downloads\Addition.txt
2019-08-12 18:13 - 2019-08-12 18:13 - 007623880 _____ (Malwarebytes) C:\Users\Owner\Downloads\AdwCleaner (1).exe
2019-08-12 18:12 - 2019-08-12 18:12 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-08-12 18:12 - 2019-08-12 18:12 - 000275080 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2019-08-12 18:12 - 2019-08-12 18:12 - 000231472 _____ (Webroot) C:\Windows\system32\WRusr.dll
2019-08-12 18:11 - 2019-08-12 18:12 - 000000000 ____D C:\AdwCleaner
2019-08-12 18:11 - 2019-08-12 18:11 - 007623880 _____ (Malwarebytes) C:\Users\Owner\Downloads\AdwCleaner.exe
2019-08-12 18:10 - 2019-08-12 18:10 - 000002145 _____ C:\Users\Owner\Desktop\wdada.txt
2019-08-12 18:06 - 2019-08-12 18:06 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2019-08-12 18:05 - 2019-08-12 18:05 - 064333800 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-12 18:05 - 2019-08-12 18:05 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-12 18:05 - 2019-08-12 18:05 - 000000000 ____D C:\Users\Owner\AppData\Local\mbamtray
2019-08-12 18:05 - 2019-08-12 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-12 18:05 - 2019-08-12 18:05 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-12 18:05 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-08-12 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-08-12 17:56 - 2019-08-12 18:07 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-12 17:55 - 2019-08-12 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-08-12 17:55 - 2019-08-12 17:55 - 000000000 ____D C:\Program Files\RogueKiller
2019-08-12 17:54 - 2019-08-12 17:55 - 032828200 _____ (Adlice Software ) C:\Users\Owner\Downloads\RogueKiller_setup_ref3.exe
2019-08-12 15:19 - 2019-08-13 11:45 - 000001448 _____ C:\Users\Public\Desktop\STAR WARS Battlefront II.lnk
2019-08-12 15:19 - 2019-08-12 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront II
2019-08-12 13:17 - 2019-08-13 12:15 - 000000000 ____D C:\FRST
2019-08-12 13:17 - 2019-08-12 13:17 - 002097664 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2019-08-12 12:37 - 2019-08-12 12:37 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2019-08-09 17:15 - 2019-08-09 17:15 - 000001615 _____ C:\Users\Public\Desktop\DoW Mod Manager v1.3.lnk
2019-08-09 12:27 - 2019-08-09 17:16 - 071070044 _____ () C:\Users\Owner\Downloads\Tyranid_Mod_0.5b2_Installer.exe
2019-08-09 12:26 - 2019-08-09 17:08 - 2021846999 _____ C:\Users\Owner\Downloads\UA-THB-v1.88.5-Full.exe
2019-08-09 11:38 - 2019-08-09 11:38 - 000000000 ____D C:\Users\Owner\AppData\Roaming\EasyAntiCheat
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-08-08 23:12 - 2019-08-12 21:43 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-08-07 18:31 - 2019-08-07 18:31 - 023262966 _____ C:\Users\Owner\Downloads\1.4.22_patch.1.zip
2019-08-07 14:10 - 2019-08-07 18:53 - 000002150 _____ C:\Users\Owner\Desktop\Stalker-COP.lnk
2019-08-07 13:56 - 2019-08-07 14:10 - 000000000 ____D C:\Users\Owner\Desktop\COP
2019-08-06 19:54 - 2019-08-06 20:08 - 3243723703 _____ C:\Users\Owner\Downloads\Call_of_Chernobyl_1_4_12.7z
2019-08-03 13:40 - 2019-08-03 13:40 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Klei
2019-08-03 07:58 - 2019-08-03 07:58 - 000000294 _____ C:\Users\Owner\Desktop\Satisfactory Early Access.url
2019-07-28 23:21 - 2019-07-28 23:21 - 001044296 _____ (EasyAntiCheat Oy) C:\Windows\system32\Drivers\EasyAntiCheat.sys
2019-07-28 23:21 - 2019-07-28 23:21 - 000000000 ____D C:\Users\Owner\AppData\Local\EternalCrusade
2019-07-26 18:19 - 2019-07-26 18:19 - 000000000 ____D C:\Users\Owner\AppData\Local\id Software
2019-07-21 13:12 - 2019-07-21 13:12 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Knuckle Cracker
2019-07-19 21:20 - 2019-07-19 21:20 - 000000000 ____D C:\Users\Owner\AppData\Local\AmidEvil
2019-07-16 22:29 - 2019-07-16 22:30 - 000000000 ____D C:\Users\Owner\Desktop\SCP Unity
2019-07-16 22:29 - 2019-07-16 22:29 - 246972862 _____ C:\Users\Owner\Downloads\SCP - Containment Breach v1.3.11.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 12:15 - 2018-09-24 01:14 - 000000000 ____D C:\Users\Owner\AppData\Local\ClassicShell
2019-08-13 11:45 - 2019-02-28 20:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Origin
2019-08-13 11:45 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\AppReadiness
2019-08-13 11:41 - 2018-09-24 03:03 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-08-12 21:43 - 2019-02-28 20:35 - 000000000 ____D C:\ProgramData\Origin
2019-08-12 21:41 - 2018-09-25 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-12 21:39 - 2018-09-28 21:11 - 000000000 ____D C:\Users\Owner\AppData\Roaming\discord
2019-08-12 18:45 - 2016-07-16 07:36 - 000000000 ____D C:\Windows\CbsTemp
2019-08-12 18:14 - 2018-09-24 00:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-12 18:13 - 2019-06-08 15:55 - 000000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Hamachi
2019-08-12 18:13 - 2018-12-23 13:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2019-08-12 18:13 - 2018-12-23 13:26 - 000000000 ____D C:\ProgramData\IObit
2019-08-12 18:12 - 2018-12-23 13:26 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2019-08-12 18:12 - 2018-09-24 03:10 - 000000000 ____D C:\Users\Owner
2019-08-12 18:12 - 2018-09-24 03:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-12 18:12 - 2016-07-16 02:04 - 000065536 _____ C:\Windows\system32\config\BBI
2019-08-12 18:09 - 2018-12-23 13:27 - 000000000 ____D C:\ProgramData\ProductData
2019-08-12 18:06 - 2018-09-25 01:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-12 18:05 - 2016-07-16 07:47 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-08-12 17:56 - 2018-09-25 12:52 - 000000000 ____D C:\ProgramData\WRData
2019-08-12 17:55 - 2018-10-05 19:15 - 000000000 ____D C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2019-08-09 17:46 - 2018-09-27 16:22 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2019-08-09 17:15 - 2019-07-06 08:50 - 000001555 _____ C:\Users\Public\Desktop\4GB Patch for Soulstorm.lnk
2019-08-08 17:38 - 2018-09-24 01:16 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-06 19:29 - 2018-10-17 09:05 - 000000000 ____D C:\Users\Owner\AppData\Local\Warframe
2019-08-03 13:40 - 2019-03-14 21:43 - 000000000 ____D C:\Users\Owner\Documents\Klei
2019-08-02 15:12 - 2018-10-02 14:08 - 000000000 ____D C:\Program Files\Epic Games
2019-08-02 09:48 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-30 10:35 - 2018-09-25 12:41 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2019-07-28 23:21 - 2018-09-29 21:00 - 000000000 ____D C:\Users\Owner\AppData\Local\UnrealEngine
2019-07-23 17:11 - 2018-10-23 10:00 - 000000000 ____D C:\Program Files (x86)\Origin
2019-07-21 13:12 - 2018-09-25 17:17 - 000000000 ____D C:\Users\Owner\Documents\My Games
2019-07-17 12:19 - 2016-07-16 07:47 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ================

2018-10-26 08:56 - 2018-12-15 21:30 - 000007626 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-10 03:07
==================== End of FRST.txt ============================
 

Hellbot711

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Owner (13-08-2019 12:15:43)
Running from C:\Users\Owner\Downloads
Windows 10 Enterprise 2016 LTSB Version 1607 14393.1198 (X64) (2018-09-24 07:10:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2271445690-811326076-4145465977-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2271445690-811326076-4145465977-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2271445690-811326076-4145465977-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2271445690-811326076-4145465977-501 - Limited - Disabled)
Owner (S-1-5-21-2271445690-811326076-4145465977-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {DF901FA1-F926-253B-C464-B01C79DCAD48}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bomber Crew (HKLM-x32\...\{8C105008-09CB-4049-A10F-F4A6C55AA4C7}) (Version: - Curve Digital)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Fallout New California (HKLM-x32\...\FONC) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
IObit Malware Fighter 7 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 7.0.2.5228 - IObit)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.2.0.14 - IObit)
Java(TM) SE Development Kit 11.0.2 (64-bit) (HKLM\...\{07E85AEA-1F8D-5F49-8CC8-319389751152}) (Version: 11.0.2.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Graphics Driver 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: - Parsec Cloud Inc.)
PlanetSide 2 (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RogueKiller version 13.4.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.4.2.0 - Adlice Software)
Skype version 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.1 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.2.6.0 - Splashtop Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.7.45721 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Twitch (HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - )
Tyranny - Commander Edition (HKLM-x32\...\{4194FF96-8A00-4896-B2D3-526BF389806F}) (Version: - Paradox Interactive)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 71.0 - Ubisoft)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.16.15 - Black Tree Gaming Ltd.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.26.61 - Webroot)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
ZeroTier One (HKLM-x32\...\{855E8629-580C-4BDF-8B59-B9290C7E7BA5}) (Version: 1.2.12 - ZeroTier, Inc.) Hidden
ZeroTier One (HKLM-x32\...\ZeroTier One 1.2.12) (Version: 1.2.12 - ZeroTier, Inc.)
ZeroTier One Virtual Network Port (HKLM\...\{4AFE4740-C680-40FE-B6B0-0C15EB0176F1}) (Version: 1.0.0 - ZeroTier) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-08-12] (Webroot Inc. -> Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2019-01-02] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-08-12] (Webroot Inc. -> Webroot)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2019-07-23 17:10 - 2019-07-12 09:23 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2019-07-23 17:10 - 2019-07-12 09:23 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 000883160 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2016-07-30 12:05 - 2016-07-30 12:05 - 000163800 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2016-07-30 12:05 - 2016-07-30 12:05 - 003661784 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2019-07-23 17:10 - 2019-03-04 22:00 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2019-07-23 17:10 - 2019-03-04 22:00 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2019-07-23 17:10 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-07-23 17:11 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2019-07-23 17:10 - 2019-07-12 09:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-07-23 17:11 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ZeroTier\One\
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Desktop\D0aTCZ2.jpg
DNS Servers: 216.144.187.199 - 204.186.0.180
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WpnService => 3
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\...\StartupApproved\Run: => "Parsec.App.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD779A3F-488D-430A-B044-D258D46E2E75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DCFD7ABB-6CC3-4461-ABC2-9F8D0A2B4377}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A560BBC4-024B-4653-8516-1E555B9E11CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3503A7CC-B82E-47AE-A8E1-66E13CE36254}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0D8E8633-E0B6-448F-96A7-D588407C26C9}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{6D989210-6484-4562-BCF3-81F861109055}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{0BCBCA6B-F33C-41BA-B02D-D2BB5FACB090}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{6AE60E52-B7A7-472A-83F5-AB42F4ED1FC5}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [{C9EF2B2C-05A3-422D-BB6C-D230F5C7CB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments ) [File not signed]
FirewallRules: [{8A29B490-F7A5-4B18-BFCD-FB66AFFB9DA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments ) [File not signed]
FirewallRules: [TCP Query User{6E77EB03-7F05-4B76-8826-7B3334E01174}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{E8C204B7-2A59-41AC-AD5B-CFC2887D46D1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{F8C1A779-EA43-4807-B031-BC46976E1EBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{81DEDD13-F51B-4534-90F2-18749E9EC80A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C224D59-995C-48D2-8ECA-E90FFD024649}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{75690FB6-D714-411D-AF6B-2A9FEE4C570A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
 

Hellbot711

TS Rookie
FirewallRules: [{3E0BFE29-C07A-4819-946A-D3A297001718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{F4364C8F-9155-4B0F-9837-EAE43D47FDDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{79234903-E283-4C7B-8BF6-E24496C754CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [{234702BB-B92F-4BD7-835F-C194E62E8D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [TCP Query User{33FEAA8C-041A-4F22-8F1F-C0D6BB33BEEF}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [UDP Query User{5494827B-D9F4-4372-A8F9-95A6F37EA4D8}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [{41FC60D9-7E1D-49BA-B324-476CB13C32A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{4F28AF93-B812-4A5D-B104-944E9ADB099B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{D4E6CF0E-79E9-4EC5-8737-B90EC0F63651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe () [File not signed]
FirewallRules: [{C4FBD8F3-6D95-4AC8-99BC-FDD3D02E94F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe () [File not signed]
FirewallRules: [{4E20D086-D2F9-4EF2-944E-AD795A4017DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{103917D3-2D9F-4968-8919-69D59A462231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{CBD38826-59FF-414C-A106-1D0DAFB4F9CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [{350B6A0E-C9A5-4C25-8251-54362FAE5092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [{1806A984-B00B-4289-A0B3-3C18F4486A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{510EDB34-1A23-4401-A273-2C0E289059BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{75869808-7B97-4F63-9C07-A2F41B770ACA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{8C9DDACB-6AB9-4879-BDB3-58E69094F7F9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{7EA7CC32-CE60-4BDA-A778-1DAEBDA3D262}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{2DDD8EDA-BF50-439B-A0DA-30435919CAAF}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{B6ECCB83-80BC-4645-AF56-0DE7C07C1136}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.)
FirewallRules: [TCP Query User{258BAAD2-DF4E-4F0A-9289-3BD3E81EA7B3}C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{8AE5A3A5-8EE8-4BFE-A8CE-AE17DA407ABA}C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\desolate\desolate\binaries\win64\sh-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{BA03D54C-E000-4326-9EB1-2D02157350DF}C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe (Focus Home Interactive -> Epic Games, Inc.)
FirewallRules: [UDP Query User{36314BCE-F746-40D7-91DB-E9BC464B5A9F}C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe (Focus Home Interactive -> Epic Games, Inc.)
FirewallRules: [{113C4F4D-0E56-41CD-A12D-73DA05735E10}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{FDF2DE05-5ECE-44FD-996B-4BAAAD1D309E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{AB148CFD-DBC5-4BD1-838F-16066EF3A537}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{5EE173E4-E10F-47A6-BB77-5C0EFE2398D7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{1D83C4AA-ACB5-4CCA-93A1-98ECC539CEC9}C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{76A33C12-2C60-4DF2-9921-1467F2A33ECD}C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\users\owner\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{D23B6204-DF25-46E5-8E4A-0C6F83172CF3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B8D0A0A4-AEE9-4B5C-84E4-D0DD7673C126}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BC40762-4AD1-4398-AE71-84A96C7726BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{DC91153C-9F04-4C84-A57B-02BC41AEBB53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{14EE5001-4533-4AA1-8860-F15042D6AB81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [{3D85B1C8-DB35-48C9-987E-BF41239555C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [TCP Query User{9B5AA2D2-ACBF-4D6A-9B4C-351CABF9070E}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{0C385633-1DC5-42D6-98DF-D96C5355A3C4}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6C0BDAEA-4241-4A66-8228-3C3BE619DC33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe () [File not signed]
FirewallRules: [{24A50B69-9DFE-44FE-BA9F-14426844C416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_game.exe () [File not signed]
FirewallRules: [{7E83CA79-FE87-47F8-AA91-9D5200851AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe () [File not signed]
FirewallRules: [{26D2118F-D4B4-45FA-8FAB-17ED9C2836E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RunningWithRifles\rwr_config.exe () [File not signed]
FirewallRules: [{8A23D2F1-0DCA-4D5C-BA1C-28331D1A1084}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDE1D258-321B-418B-AFC9-E2B57C85E02D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C0A4898-6FA6-4943-9F9B-ED3F36DF9769}] => (Allow) LPort=9993
FirewallRules: [{998548CF-1829-4405-B09E-C0EED26A5647}] => (Allow) LPort=9993
FirewallRules: [{0ADF28A6-8B46-4586-9B5B-83E82E3E9E45}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{F9807BEF-28AE-44A6-B118-99BF7C06D5D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{D94B35F0-B554-4B5E-A523-5DDB3AEC3651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{10756A76-607C-488A-99A9-1621C7040C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{A7CBB1A5-0D37-4513-923B-A093152D0EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{4AA43365-1D77-4D9E-966E-40D2AF2AF11E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed]
FirewallRules: [{638442A0-8217-4484-B3F2-BBCBBE67D5F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed]
FirewallRules: [{B8C1FC5A-34BA-4F76-A67B-8C0995803308}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed]
FirewallRules: [{3353284F-A485-4CC3-B271-D38089A9C2BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed]
FirewallRules: [TCP Query User{CC9F7AF5-5B16-4673-B32C-B7C440CAC4F7}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [UDP Query User{2EEDD602-A9F7-4F0B-8596-DFA0D930A580}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [{4A079A3C-9B3A-4417-AF03-08AC731D0686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{2A74149B-BE28-4FEA-AB37-B20C1B187E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{CAB078D3-3033-479F-9B1D-BCFAF062E079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{7CD76518-72E7-4031-9AE1-C60CD40757E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{3935BB53-3531-4CD8-99DA-4EF58673332F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe () [File not signed]
FirewallRules: [{A175C573-C2A8-45F6-A3E3-5E9500C5D2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe () [File not signed]
FirewallRules: [{A4874703-12A3-46B6-9EFF-AD7F5E6A538D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{C77FA002-115B-4EE5-BBD8-9FF705149621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{7CDEF27F-5AC1-4F41-964B-B1361840B79C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlefleet Gothic Armada II\BattlefleetGothic2.exe (Focus Home Interactive -> EasyAntiCheat Ltd)
FirewallRules: [{4F031BFE-F045-4C1B-B5C5-E44397D143EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlefleet Gothic Armada II\BattlefleetGothic2.exe (Focus Home Interactive -> EasyAntiCheat Ltd)
FirewallRules: [{3B698CC4-56B9-4E59-A817-AD7028CF609F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C59DD5B1-15F8-4C8F-90CF-59CB81E398C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8D244AE4-028C-498A-AD05-3C902A86DFD6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{0A1B1EC2-2D09-435A-8A10-BF5DE579454C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4E27EFB8-3283-4EE0-A1FC-825F8C698A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B7211FA8-467F-472A-BE76-A9D74DEF1F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{DD02CBB9-E1E4-48F8-B362-76B174B4A215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{2A1ED83D-D466-4FD1-9D6D-DB1424DFA7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{606D2346-20BE-471B-9D87-3907BA760D1F}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [UDP Query User{55FDC532-79CD-433F-AC7B-6D4CB26FE55B}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{CFA8B73D-1905-456C-BFBB-5F9A83DED554}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{057763CB-F52C-45E2-ACCA-8EC8105988F1}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [TCP Query User{00E765D5-E5AE-495E-912A-57EB3ED398A3}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [UDP Query User{C78B8765-6D72-400E-836D-8B83C4516D34}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{EF15D042-6A78-449F-B011-84FC51AFA7AE}] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{1732CA1B-25C5-4D29-9F54-302931C4D6BA}] => (Block) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe () [File not signed]
FirewallRules: [{49BCEE39-9F29-44CF-B5F9-8545CFB83952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{704292BC-C54F-4037-93AA-573D4B44C932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{07CE884D-52A5-4303-B8D9-460562DB21EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]
FirewallRules: [{C9ED3E66-37C7-400B-850F-58EA7320AF96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]
FirewallRules: [{57999AED-2759-42EE-9C70-20F59943DF69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [{86979058-0A30-42AA-883B-E81F7E096560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [TCP Query User{A3558CB1-5459-4A78-87CC-69B1CB363EBC}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [UDP Query User{D3B664DC-53F0-4D97-BCF8-10C5E47DAF8A}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4E883957-BC3A-474D-BA9E-6EA901946910}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{64AC7242-C18E-4C18-A70D-12C4C1592076}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4BF4482C-B5CC-41E2-BD69-DD969C165DA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [{C401057F-60BA-4A27-8EF4-F6454E6B3D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [{F565443D-013E-4481-98EE-E73511011163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{AEC6120B-E690-4F83-9E51-11A9F1FE394E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [TCP Query User{675E1D93-9ADB-4721-9964-BA4F3B1EEE9E}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [UDP Query User{09EABC76-C5B9-4DB5-8A12-32E970CDCBF0}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{4EBC878C-8853-43AE-A348-99497F7BAEBE}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{BFBF584E-FF02-477D-9D31-20A6F5F1F2C3}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{04ED20CE-0374-4179-86CC-272C6F6CB4D2}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{9D37F4A0-6486-4223-B196-4CC85932F572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paint the Town Red\PaintTheTownRed.exe () [File not signed]
FirewallRules: [{335FBDB0-F5DF-448C-86FC-911F7CF06DE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paint the Town Red\PaintTheTownRed.exe () [File not signed]
FirewallRules: [{A28D0697-F07B-4EE6-B61C-B0EDB2DF8E9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Granny Simulator\Granny Simulator.exe () [File not signed]
FirewallRules: [{C614892C-9A18-4E2D-8A43-18589442F88F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Granny Simulator\Granny Simulator.exe () [File not signed]
FirewallRules: [{A35A750B-988D-43B1-B630-75F9F757E1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [File not signed]
FirewallRules: [{8BEB7936-F25A-4876-BF2D-274D3B17F8CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [File not signed]
FirewallRules: [TCP Query User{02B0A332-6DA9-4DC8-8EA1-FAC3F3B3BB47}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [UDP Query User{0CD5482F-E15D-4E61-845A-1A3882A7B3EE}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{2D972E7A-0972-4F61-87B8-D9FB64D8B136}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{36732D1D-630B-439D-92C7-0419AE7C74BB}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{5980B126-E913-4848-8C57-A8227ADE8A9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{DA338659-A039-41B7-BB63-BEF700653DCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [TCP Query User{41A700A8-E143-4A03-8591-DC936BBD55B7}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [UDP Query User{3E266A6C-DEE6-4232-93A5-4A70B5313DDC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [{2CE9B85F-683A-414B-92EC-ED1905947C89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{F226DBD0-61B3-4BC6-BDA4-5CA6517B7983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{3605D029-D99F-4E58-9E25-231A8FE25350}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [{4C752ADF-9CB6-4A55-93DF-C9D9D0DA3A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [TCP Query User{322AC644-FD00-4986-89FE-9E5BE9EC4D51}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{77274EBC-ECD2-40BA-8E25-D51E28F3E725}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{AE3E0B69-124B-42B7-B4E9-2F0D37C8CE8D}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{8045EA88-8BE3-46BC-B31D-8D2DC4D51151}] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6905BB93-6F25-4FD9-954C-9ACA8105D02C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barotrauma\Barotrauma.exe () [File not signed]
FirewallRules: [{79C43DE6-AE10-4681-ABA2-34D1D6A34489}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barotrauma\Barotrauma.exe () [File not signed]
FirewallRules: [TCP Query User{9B1F3009-517E-46A6-829A-2DA9E59FA549}C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [UDP Query User{31A1C306-64DB-4517-9969-07E2CC7AB233}C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [{ADDF277B-476E-471A-849B-5A41794B29C4}] => (Block) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [{3324ACEF-3257-4697-BE41-13EB7F86B96C}] => (Block) C:\program files (x86)\steam\steamapps\common\barotrauma\dedicatedserver.exe () [File not signed]
FirewallRules: [TCP Query User{6EE78D79-1DCB-4CA9-9A34-1163D6AF97D0}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{BB8E11E8-359A-4AE1-B136-9867DACC5137}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [{D6D364CD-6437-4A12-9D46-6F1B244E12F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{81738A30-1178-4B96-B16A-1DDE2F986FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6FEA3677-98FE-4B84-9C3A-C00C17A06EF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [{168167D6-B6E9-4640-AF35-690D0B590543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [{4E023788-CE63-4611-9AD8-B855CA6564A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole\War.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4E9273D6-795B-4223-AA99-E63F263503FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole\War.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{53CB8C6F-AEF3-4CBF-BD81-E48B896B22EB}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [UDP Query User{BB7A6980-6888-4948-84A0-FC9CC165D42D}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [{9520CCF6-D44C-40CC-89F7-9133726CFE7B}] => (Block) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [{6BDAD3B9-19F7-43F0-949B-C1BDBEA5F0A6}] => (Block) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [TCP Query User{0D90A084-B356-449B-9D29-6C0461B62811}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{013D66BD-3414-4AE7-A569-FE278B32BB7A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [{F7CABE0C-761D-4C57-9409-7F3F2DF25346}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{C5968DBC-88F6-460E-8D97-E94D11071948}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{F57D5BF4-5E97-4F72-9321-6B2BE0CD360E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{D7D7A7A9-D11D-412F-B19A-EEDE7CB3C7C5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{66430ECC-AFD3-422F-9BCD-1F468381F3DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{C008B26E-F6CD-4B85-AA97-4BB0D865329A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [TCP Query User{2E126707-B3F6-4BDB-8FAB-700C577293A3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [UDP Query User{2A285BE9-4B87-435E-8D59-04D01964C038}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0AE0BC01-B7B0-46BA-B13E-38A8C747C83D}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0F6901F1-924C-47D9-9317-4DD174DB5B20}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [TCP Query User{7A0BA955-B807-4050-A3FF-A7F045A247B2}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [UDP Query User{1F510B9E-32F6-449E-A264-EE9CCD73BDEE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [{5B850649-13FB-4894-8712-A55A359BD2A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volcanoids\Volcanoids.exe () [File not signed]
FirewallRules: [{046D197F-8C9A-4E4E-9127-239E343109D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Volcanoids\Volcanoids.exe () [File not signed]
FirewallRules: [{77612197-49B2-4A1A-8E5B-C8577203AE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{FC4A7AFF-591A-47BB-9AE0-299DAA5D1F43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{B0606F19-8D9C-4227-9E33-8614DF9E08C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{C3115065-CC76-4CCC-B6E3-CFE916FA7574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{ED8D199F-A2D1-48ED-9191-F47C9EF3E959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [{ED413007-9BD3-4135-8FB9-A8E474ADC5D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [TCP Query User{A3096961-E4C2-451A-9D73-6DC38E1B2FD9}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [UDP Query User{B2760310-206A-4DEC-8228-9ACB2572B34A}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [{CDF73355-25DD-4812-B77E-1E13469313B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49D15974-F040-45AE-B693-D72F9D3DA0E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{04DF47D3-7382-4125-820A-8873364D0ECB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5F52F0CF-74C8-4D50-B2D3-303F3B9C5F1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8AA8ACA2-25C0-4353-A171-BCD214FEB381}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holdfast Nations At War\Holdfast NaW.exe () [File not signed]
FirewallRules: [{E3507826-BB3E-4F65-9C27-599A61DCA338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holdfast Nations At War\Holdfast NaW.exe () [File not signed]
FirewallRules: [{01FB1C92-D134-434E-B144-9B9940ACCD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{61B51A3F-C98C-49C4-BB74-BBB68C13B639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe () [File not signed]
FirewallRules: [{9C2DE563-64FB-465C-8FFB-F99BA1197A5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{24B4C0DB-443F-4156-B9A9-F585401A26F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DFCA6719-ACCF-400A-84CA-A502328822C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{16B1CBD4-BB7F-4775-BB25-5B44000761F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{C9CB3C78-026E-4EE2-A284-BA94F24B601F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{71255C4F-4B19-4F5A-93B2-7BD5733291F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{5D194118-8D66-4164-93B7-47E58F827BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{43FBF755-9612-476F-ABB4-3DEE9E770AC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{778A4C66-23CE-43DA-8626-53B3FE9B412B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A0EB706E-E405-4B78-B66E-CD53A1B295BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{204C08C5-9EAE-45A1-AE92-E8276D6C3414}C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [UDP Query User{6AB66CDA-E90B-4E86-9728-168FE9C3EB4E}C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [{B31E7E86-324E-42B6-A405-9BBC5F345BBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{72492DA6-B863-4E42-969B-FC47B5133993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{3F843689-9C8B-4C56-902A-E505F70730D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Particle Fleet Emergence\ParticleFleet.exe () [File not signed]
FirewallRules: [{A0E91996-5C8A-4B95-96CB-D79BC939C551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Particle Fleet Emergence\ParticleFleet.exe () [File not signed]
FirewallRules: [{8B0C443D-EAAC-4B18-A109-2FB74A3CE447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{F8865CDF-125A-4435-922D-C45FCC961B4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{C22D120B-89E8-4DA5-89BE-1E8C1AD9D094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{6229EE91-C4ED-42B1-8B05-8DCAA1AEF2D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E2D4CB71-3EA4-4AF4-8C35-93D4FD3FE7D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAGE 2\RAGE2.exe () [File not signed]
FirewallRules: [{0CDE6FFE-8C80-4AED-B6AF-88AF5B64F584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RAGE 2\RAGE2.exe () [File not signed]
FirewallRules: [{A25DE06A-3B51-4CE6-8026-5D7CAA86EAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{386B872D-99A0-460C-AEFF-CEA7FE6504C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [TCP Query User{5FCB1679-8EBA-47A3-91A7-EAC2B5B6FA5F}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File
FirewallRules: [UDP Query User{95B98706-2411-40CD-87E7-DCC906EB8C3D}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File
FirewallRules: [{BD931C43-D7E3-4A14-9C07-75D420916810}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{FBF69159-BDE9-411A-993F-399A1FEDC32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{00388304-3C16-4A16-A251-17C8B5E45E79}C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [UDP Query User{1CB07A88-04DE-4AED-B28B-F1D639647DCC}C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Allow) C:\program files\epic games\satisfactoryearlyaccess\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [{2CD0D1C7-BF60-4614-8EBD-BB4C21D724C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World) [File not signed]
FirewallRules: [{92A04A29-8228-4F1C-AFF9-1D847D7E212D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World) [File not signed]
FirewallRules: [{164FA76A-5D8E-41E9-B6FE-17A90C445E70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{92DFBFA2-BB74-404F-AFBA-A7D7507AA3AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{0B13E42B-EA25-4974-BEFE-EC232877290B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{6CC56ECA-748F-46B1-8A30-644EE47AB38D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0CA5E405-02BC-4DC4-9580-E07E3E05401C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7F3A4D50-B115-452F-816C-425FE06686CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed]
FirewallRules: [{55C1DAEF-1077-49A8-9720-AB4B015F8508}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed]
FirewallRules: [{3AB15016-EA2A-47EF-AEE9-FB09745306A6}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{D0632FA0-D873-4C36-8550-8ED339FA869A}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{B68DFA7A-D4F9-4DCC-B371-228CA332FF7C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{03E39064-B946-474D-B823-407B5DA9CA9E}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{4FE6C4EF-9FB9-4D0A-9EDC-EB2AA0165B89}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9913AC37-1CB5-4478-88E9-D23A64330AB9}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

==================== Restore Points =========================

13-08-2019 11:45:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

==================== Faulty Device Manager Devices =============

Name: Razer Control Device
Description: Razer Control Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2019 11:45:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/13/2019 11:45:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (08/13/2019 11:44:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/13/2019 11:44:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/12/2019 12:37:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/12/2019 12:37:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/12/2019 10:43:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/10/2019 11:38:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 

Hellbot711

TS Rookie
System errors:
=============
Error: (08/13/2019 11:43:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 10:31:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 07:11:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 06:12:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WdNisSvc service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (08/12/2019 06:12:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The XboxNetApiSvc service depends on the IKEEXT service which failed to start because of the following error:
Load failed

Error: (08/12/2019 06:12:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKEEXT service terminated with the following error:
Load failed

Error: (08/12/2019 06:12:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2019 06:12:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2019-04-09 14:22:57.520
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {A72E09D3-C162-400D-8FD9-05E77B879057}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-09 13:37:01.411
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {348DD682-6324-4C67-BC6D-7BEA7D65275A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-01 12:51:35.170
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {CD53D76A-B3DF-4296-BC44-8A3A0BA359B0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-29 12:04:45.387
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DBB791F7-AECE-4C72-85EC-A4FA6F2364E0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-26 13:35:06.701
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {6815D147-C31B-4C0F-94E5-A9A9CF970F3A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-19 21:32:17.231
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-04-01 15:17:11.341
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-03-28 12:57:27.607
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2019-03-17 12:23:11.376
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

Date: 2018-12-29 15:06:21.655
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Reason: The Network Inspection System did not successfully start due to an error.

CodeIntegrity:
===================================

Date: 2019-08-12 18:12:53.682
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-12 18:09:22.237
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-07-30 17:22:11.010
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-11 01:12:37.219
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-07-08 14:50:32.319
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-28 01:02:31.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-26 22:15:42.902
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-18 16:42:46.814
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3703 12/27/2017
Motherboard: ASUSTeK COMPUTER INC. SABERTOOTH Z170 S
Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 22%
Total physical RAM: 20418.63 MB
Available physical RAM: 15790.02 MB
Total Virtual: 20818.63 MB
Available Virtual: 15302.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:127.39 GB) NTFS

\\?\Volume{857adc38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 857ADC38)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Hellbot711

TS Rookie
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Owner (14-08-2019 17:09:22) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
U4 DiagTrack; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
2018-10-26 08:56 - 2018-12-15 21:30 - 000007626 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
FirewallRules: [TCP Query User{0BCBCA6B-F33C-41BA-B02D-D2BB5FACB090}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{6AE60E52-B7A7-472A-83F5-AB42F4ED1FC5}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [TCP Query User{33FEAA8C-041A-4F22-8F1F-C0D6BB33BEEF}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [UDP Query User{5494827B-D9F4-4372-A8F9-95A6F37EA4D8}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe No File
FirewallRules: [TCP Query User{CC9F7AF5-5B16-4673-B32C-B7C440CAC4F7}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [UDP Query User{2EEDD602-A9F7-4F0B-8596-DFA0D930A580}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe No File
FirewallRules: [TCP Query User{606D2346-20BE-471B-9D87-3907BA760D1F}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [UDP Query User{55FDC532-79CD-433F-AC7B-6D4CB26FE55B}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{CFA8B73D-1905-456C-BFBB-5F9A83DED554}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [{057763CB-F52C-45E2-ACCA-8EC8105988F1}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe No File
FirewallRules: [TCP Query User{A3558CB1-5459-4A78-87CC-69B1CB363EBC}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [UDP Query User{D3B664DC-53F0-4D97-BCF8-10C5E47DAF8A}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4E883957-BC3A-474D-BA9E-6EA901946910}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{64AC7242-C18E-4C18-A70D-12C4C1592076}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe No File
FirewallRules: [{4BF4482C-B5CC-41E2-BD69-DD969C165DA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [{C401057F-60BA-4A27-8EF4-F6454E6B3D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe No File
FirewallRules: [TCP Query User{675E1D93-9ADB-4721-9964-BA4F3B1EEE9E}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [UDP Query User{09EABC76-C5B9-4DB5-8A12-32E970CDCBF0}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{4EBC878C-8853-43AE-A348-99497F7BAEBE}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [{BFBF584E-FF02-477D-9D31-20A6F5F1F2C3}] => (Block) C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe No File
FirewallRules: [TCP Query User{02B0A332-6DA9-4DC8-8EA1-FAC3F3B3BB47}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [UDP Query User{0CD5482F-E15D-4E61-845A-1A3882A7B3EE}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{2D972E7A-0972-4F61-87B8-D9FB64D8B136}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{36732D1D-630B-439D-92C7-0419AE7C74BB}] => (Block) C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [TCP Query User{6EE78D79-1DCB-4CA9-9A34-1163D6AF97D0}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{BB8E11E8-359A-4AE1-B136-9867DACC5137}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [{6FEA3677-98FE-4B84-9C3A-C00C17A06EF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [{168167D6-B6E9-4640-AF35-690D0B590543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe No File
FirewallRules: [TCP Query User{0D90A084-B356-449B-9D29-6C0461B62811}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{013D66BD-3414-4AE7-A569-FE278B32BB7A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [{F7CABE0C-761D-4C57-9409-7F3F2DF25346}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{C5968DBC-88F6-460E-8D97-E94D11071948}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DriverBooster.exe No File
FirewallRules: [{F57D5BF4-5E97-4F72-9321-6B2BE0CD360E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{D7D7A7A9-D11D-412F-B19A-EEDE7CB3C7C5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\DBDownloader.exe No File
FirewallRules: [{66430ECC-AFD3-422F-9BCD-1F468381F3DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [{C008B26E-F6CD-4B85-AA97-4BB0D865329A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.5.0\AutoUpdate.exe No File
FirewallRules: [TCP Query User{2E126707-B3F6-4BDB-8FAB-700C577293A3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [UDP Query User{2A285BE9-4B87-435E-8D59-04D01964C038}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0AE0BC01-B7B0-46BA-B13E-38A8C747C83D}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [{0F6901F1-924C-47D9-9317-4DD174DB5B20}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe No File
FirewallRules: [TCP Query User{7A0BA955-B807-4050-A3FF-A7F045A247B2}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [UDP Query User{1F510B9E-32F6-449E-A264-EE9CCD73BDEE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe No File
FirewallRules: [{B0606F19-8D9C-4227-9E33-8614DF9E08C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{C3115065-CC76-4CCC-B6E3-CFE916FA7574}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War THREE KINGDOMS\launcher\launcher.exe No File
FirewallRules: [{ED8D199F-A2D1-48ED-9191-F47C9EF3E959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [{ED413007-9BD3-4135-8FB9-A8E474ADC5D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe No File
FirewallRules: [TCP Query User{A3096961-E4C2-451A-9D73-6DC38E1B2FD9}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [UDP Query User{B2760310-206A-4DEC-8228-9ACB2572B34A}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [TCP Query User{5FCB1679-8EBA-47A3-91A7-EAC2B5B6FA5F}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File
FirewallRules: [UDP Query User{95B98706-2411-40CD-87E7-DCC906EB8C3D}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\AscFileControl => removed successfully
AscFileControl => service removed successfully
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC => removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
HKLM\System\CurrentControlSet\Services\DiagTrack => removed successfully
DiagTrack => service removed successfully
HKLM\System\CurrentControlSet\Services\SR => removed successfully
SR => service removed successfully
HKLM\System\CurrentControlSet\Services\srservice => removed successfully
srservice => service removed successfully
C:\Users\Owner\AppData\Local\Resmon.ResmonCfg => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKU\.DEFAULT\Software\Classes\exefile => removed successfully
HKU\.DEFAULT\Software\Classes\.exe => removed successfully
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\exefile => removed successfully
HKU\S-1-5-21-2271445690-811326076-4145465977-1001\Software\Classes\.exe => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0BCBCA6B-F33C-41BA-B02D-D2BB5FACB090}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6AE60E52-B7A7-472A-83F5-AB42F4ED1FC5}C:\program files (x86)\steam\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{33FEAA8C-041A-4F22-8F1F-C0D6BB33BEEF}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5494827B-D9F4-4372-A8F9-95A6F37EA4D8}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC9F7AF5-5B16-4673-B32C-B7C440CAC4F7}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2EEDD602-A9F7-4F0B-8596-DFA0D930A580}C:\program files (x86)\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{606D2346-20BE-471B-9D87-3907BA760D1F}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{55FDC532-79CD-433F-AC7B-6D4CB26FE55B}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFA8B73D-1905-456C-BFBB-5F9A83DED554}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{057763CB-F52C-45E2-ACCA-8EC8105988F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A3558CB1-5459-4A78-87CC-69B1CB363EBC}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D3B664DC-53F0-4D97-BCF8-10C5E47DAF8A}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E883957-BC3A-474D-BA9E-6EA901946910}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64AC7242-C18E-4C18-A70D-12C4C1592076}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BF4482C-B5CC-41E2-BD69-DD969C165DA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C401057F-60BA-4A27-8EF4-F6454E6B3D99}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{675E1D93-9ADB-4721-9964-BA4F3B1EEE9E}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{09EABC76-C5B9-4DB5-8A12-32E970CDCBF0}C:\program files\epic games\worldwarz\en_us\client\bin\pc\wwzretailegs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EBC878C-8853-43AE-A348-99497F7BAEBE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFBF584E-FF02-477D-9D31-20A6F5F1F2C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02B0A332-6DA9-4DC8-8EA1-FAC3F3B3BB47}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0CD5482F-E15D-4E61-845A-1A3882A7B3EE}C:\program files (x86)\steam\steamapps\common\total war three kingdoms\three_kingdoms.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D972E7A-0972-4F61-87B8-D9FB64D8B136}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36732D1D-630B-439D-92C7-0419AE7C74BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6EE78D79-1DCB-4CA9-9A34-1163D6AF97D0}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB8E11E8-359A-4AE1-B136-9867DACC5137}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FEA3677-98FE-4B84-9C3A-C00C17A06EF5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168167D6-B6E9-4640-AF35-690D0B590543}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0D90A084-B356-449B-9D29-6C0461B62811}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{013D66BD-3414-4AE7-A569-FE278B32BB7A}C:\program files (x86)\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7CABE0C-761D-4C57-9409-7F3F2DF25346}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5968DBC-88F6-460E-8D97-E94D11071948}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F57D5BF4-5E97-4F72-9321-6B2BE0CD360E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7D7A7A9-D11D-412F-B19A-EEDE7CB3C7C5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66430ECC-AFD3-422F-9BCD-1F468381F3DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C008B26E-F6CD-4B85-AA97-4BB0D865329A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2E126707-B3F6-4BDB-8FAB-700C577293A3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2A285BE9-4B87-435E-8D59-04D01964C038}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AE0BC01-B7B0-46BA-B13E-38A8C747C83D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F6901F1-924C-47D9-9317-4DD174DB5B20}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A0BA955-B807-4050-A3FF-A7F045A247B2}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1F510B9E-32F6-449E-A264-EE9CCD73BDEE}C:\program files (x86)\steam\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0606F19-8D9C-4227-9E33-8614DF9E08C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3115065-CC76-4CCC-B6E3-CFE916FA7574}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED8D199F-A2D1-48ED-9191-F47C9EF3E959}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED413007-9BD3-4135-8FB9-A8E474ADC5D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A3096961-E4C2-451A-9D73-6DC38E1B2FD9}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B2760310-206A-4DEC-8228-9ACB2572B34A}C:\program files (x86)\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5FCB1679-8EBA-47A3-91A7-EAC2B5B6FA5F}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{95B98706-2411-40CD-87E7-DCC906EB8C3D}C:\program files (x86)\steam\steamapps\common\warhammer 40,000 - eternal crusade\eternalcrusade\binaries\win64\eternalcrusadeclient.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 17:09:33 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Broni

Malware Annihilator
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.