Solved trojan.win32/Occamy.C detected a

eric m

TS Rookie
Hi so I was on my PC and downloaded a patch for my ps2 emulator. I extracted the file (didn't run it) and MSE came up with a detection and deleted it.

here are the logs
if youre wondering why I have testsigning on, its because a windows service for my dualshock 3 controller wont work without it

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by Eric (administrator) on MAIN (05-11-2018 13:22:18)
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [66216 2018-07-24] ()
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: {4727379c-182c-11e8-881c-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\setup.exe
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-10-04]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2018-10-25]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-32538046-3854998793-3802812278-1000] => 127.0.0.1:80
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{15F81B08-A815-4CC8-B50E-2B8F15DCB9D5}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{227B6D41-7D5D-48A9-9D03-CE3A6CC3F216}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6D7B8BFD-1463-4A80-800B-2D63C7A581AA}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 62izzuiv.default
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\62izzuiv.default [2018-11-05]
FF Extension: (Telemetry coverage) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\62izzuiv.default\features\{b2d5c4b0-417f-43d5-9062-7193a44e8926}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-09-26] ()
S3 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2018-05-27] (Apple Inc.)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-09-24] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2018-09-24] (Ellora Assets Corp.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-19] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
R3 ALSysIO; \??\C:\Users\Eric\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 csravrcp; system32\DRIVERS\csravrcp.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrduncmdm; system32\DRIVERS\csrdunc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 csr_bthav; system32\drivers\csrbthav.sys [X]
S1 MpKsl1530086a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E64D21B-39A0-492F-BEB4-45A9375A3D7E}\MpKsl1530086a.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S2 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 13:22 - 2018-11-05 13:22 - 000010015 _____ C:\Users\Eric\Desktop\FRST.txt
2018-11-05 13:22 - 2018-11-05 13:22 - 000000000 ____D C:\FRST
2018-11-05 13:21 - 2018-11-05 13:20 - 002414080 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2018-11-05 12:57 - 2018-11-05 12:57 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Temp
2018-11-05 12:51 - 2018-11-05 12:51 - 000009333 _____ C:\Users\Eric\AppData\Local\recently-used.xbel
2018-11-05 12:48 - 2018-11-05 12:49 - 000000000 ____D C:\Users\Eric\Desktop\snes9x
2018-11-05 12:24 - 2018-11-05 12:24 - 000003368 ____N C:\bootsqm.dat
2018-11-05 11:47 - 2018-11-05 11:47 - 000000000 ____D C:\Users\Eric\AppData\Local\mbam
2018-11-05 11:44 - 2018-11-05 11:44 - 000001881 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\Users\Eric\AppData\Local\mbamtray
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-05 11:44 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 16:59 - 2018-11-04 17:10 - 190222918 _____ C:\Users\Eric\Desktop\Front_Mission_2_[T+Eng_PatchF].zip
2018-11-04 16:59 - 2018-11-04 16:59 - 002288693 _____ C:\Users\Eric\Desktop\Front_Mission_[T+Eng1.00].zip
2018-11-04 16:41 - 2018-11-04 16:41 - 000000000 ____D C:\Users\Eric\Desktop\2076.63mb used 11-4-18-1641
2018-11-03 12:51 - 2018-11-04 09:21 - 000220413 _____ C:\Users\Eric\Desktop\fm3.txt
2018-11-02 15:22 - 2018-11-05 12:50 - 000000000 ____D C:\Users\Eric\Desktop\EPSXE
2018-10-31 14:11 - 2018-10-31 14:11 - 000000000 ____D C:\Users\Eric\jagexcache
2018-10-31 14:10 - 2018-10-31 14:11 - 000000000 ____D C:\Users\Eric\.runelite
2018-10-29 14:44 - 2018-10-29 14:44 - 000008720 _____ C:\Users\Eric\Desktop\New Text Document.txt
2018-10-29 07:06 - 2018-11-05 12:29 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\uTorrent
2018-10-25 12:25 - 2018-10-25 15:34 - 000000000 ____D C:\Users\Eric\AppData\Local\visualboyadvance-m
2018-10-25 12:24 - 2018-03-14 11:50 - 017184052 _____ (hxxp://vba-m.com/) C:\Users\Eric\Desktop\visualboyadvance-m.exe
2018-10-25 12:24 - 2018-03-14 11:50 - 000008406 _____ C:\Users\Eric\Desktop\vba-over.ini
2018-10-25 12:21 - 2018-11-05 11:00 - 000000428 _____ C:\Windows\Tasks\ScpUpdater.job
2018-10-25 12:21 - 2018-10-25 12:21 - 000002988 _____ C:\Windows\System32\Tasks\ScpUpdater
2018-10-25 12:21 - 2018-10-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit
2018-10-25 06:05 - 2018-10-25 06:05 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1964.lnk
2018-10-25 06:05 - 2018-10-25 06:05 - 000000000 ____D C:\Program Files (x86)\1964
2018-10-20 22:47 - 2018-10-29 14:33 - 000000000 ____D C:\Users\Eric\AppData\Local\gtk-2.0
2018-10-20 22:27 - 2018-11-05 12:52 - 000000000 ____D C:\Users\Eric\AppData\Local\babl-0.1
2018-10-20 22:27 - 2018-10-29 14:36 - 000000945 _____ C:\Users\Public\Desktop\GIMP 2.10.6.lnk
2018-10-20 22:27 - 2018-10-20 22:27 - 000000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.6.lnk
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Roaming\GIMP
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Local\GIMP
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Local\gegl-0.4
2018-10-20 22:26 - 2018-10-20 22:28 - 000000000 ____D C:\Program Files\GIMP 2
2018-10-20 17:40 - 2018-10-25 12:15 - 000000000 ____D C:\ProgramData\RedFox
2018-10-20 17:40 - 2018-10-20 17:40 - 000000000 ____D C:\Program Files (x86)\RedFox
2018-10-13 12:57 - 2018-10-13 13:01 - 000000000 ____D C:\StarCraft
2018-10-12 23:27 - 2018-10-12 23:38 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-10-07 15:07 - 2018-10-25 12:16 - 000000000 ____D C:\Windows\system32\appmgmt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 13:02 - 2018-09-07 14:08 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Mozilla
2018-11-05 12:34 - 2018-04-16 20:32 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-05 12:33 - 2009-07-13 23:45 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-05 12:33 - 2009-07-13 23:45 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-05 12:30 - 2018-10-04 12:18 - 000000000 ____D C:\Users\Eric\AppData\Roaming\MPC-HC
2018-11-05 12:30 - 2018-03-04 18:44 - 000000000 ____D C:\Users\Eric\AppData\Roaming\uTorrent
2018-11-05 12:30 - 2018-02-24 02:07 - 000000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2018-11-05 12:30 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-05 12:29 - 2009-07-14 00:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-05 12:25 - 2018-07-20 21:28 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-11-05 12:25 - 2018-04-12 15:14 - 000000000 ____D C:\Program Files\Core Temp
2018-11-05 12:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-05 12:24 - 2018-02-22 16:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-05 11:11 - 2018-09-07 14:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-04 21:13 - 2018-04-19 12:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-04 17:45 - 2018-06-10 01:27 - 000000000 ____D C:\Users\Eric\Documents\The Witcher 3
2018-11-01 08:22 - 2018-02-25 14:47 - 000000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
2018-10-31 14:11 - 2018-02-22 16:08 - 000000000 ____D C:\Users\Eric
2018-10-29 14:38 - 2018-05-21 08:47 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-29 14:37 - 2018-02-22 16:45 - 000000000 ____D C:\Users\Eric\AppData\Local\Google
2018-10-23 21:56 - 2018-05-27 06:08 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-10-23 18:52 - 2018-05-27 06:09 - 000000000 ____D C:\Users\Eric\AppData\Local\Battle.net
2018-10-20 06:27 - 2018-05-29 02:07 - 000001078 _____ C:\Users\Public\Desktop\Medivia Online - DirectX.lnk
2018-10-20 06:27 - 2018-04-13 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medivia Online
2018-10-20 06:27 - 2018-04-13 11:35 - 000000000 ____D C:\Program Files (x86)\Medivia Online
2018-10-18 07:15 - 2018-02-22 17:13 - 000000000 ____D C:\Users\Eric\AppData\Local\Spotify
2018-10-18 07:15 - 2018-02-22 17:12 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Spotify
2018-10-07 15:06 - 2018-04-19 18:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2018-11-05 12:51 - 2018-11-05 12:51 - 000009333 _____ () C:\Users\Eric\AppData\Local\recently-used.xbel
2018-06-15 09:54 - 2018-09-10 09:35 - 000007609 _____ () C:\Users\Eric\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

LastRegBack: 2018-11-04 07:16

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Eric (05-11-2018 13:22:39)
Running from C:\Users\Eric\Desktop
Windows 7 Professional Service Pack 1 (X64) (2018-02-22 21:08:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-32538046-3854998793-3802812278-500 - Administrator - Disabled)
Eric (S-1-5-21-32538046-3854998793-3802812278-1000 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-32538046-3854998793-3802812278-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-32538046-3854998793-3802812278-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Discord (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.2 - Ellora Assets Corporation)
GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PdaNet+ for Android 5.10 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RuneLite (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\RuneLite_is1) (Version: Launcher 1.6.0 - RuneLite)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
Secret of Mana (HKLM-x32\...\Secret of Mana_is1) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Spotify (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Spotify) (Version: 1.0.82.447.g975ad224 - Spotify AB)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Tibia (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Tibia) (Version: - CipSoft GmbH)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 Codec Pack 4.2.1 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.2.1 - Windows 7 Codec Pack)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01453B53-B8F9-4792-81B0-DFA372B3DE1C} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-04-12] (Nefarius Software Solutions)
Task: {1DD01D3A-D831-49F6-9CB1-D187DE3A6F76} - System32\Tasks\{F944355B-1CBD-4865-A598-03F0C4089E3C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PdaNet for Android\drvins.exe" -d "C:\Program Files (x86)\PdaNet for Android" -c /dd 1
Task: {5E3935B7-5ACB-4C52-8123-097E49D7AF27} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {635A868E-ED4B-4DEB-B3E0-A2FD7B003FAC} - System32\Tasks\Core Temp Autostart Eric => C:\Program Files\Core Temp\Core Temp.exe [2017-11-04] (ALCPU)
Task: {8092CDD8-181A-4647-9A57-FE8F4D8B54C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {D3D1474E-3B27-434D-B84E-E704B5C0EDAB} - System32\Tasks\{843061E6-3076-44E5-ADD4-5C3061299AA4} => C:\Windows\system32\pcalua.exe -a E:\psp\Setup.exe -d E:\psp
Task: {E7CA0322-AE8D-41B2-8262-B930CD896E32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-22 16:59 - 2018-03-23 20:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-10-25 12:21 - 2018-10-25 12:21 - 000305152 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\1f5b61a3cbe51d54f3e204837b084d8a\ReactiveSockets.ni.dll
2014-05-02 11:52 - 2014-05-02 11:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 06:55 - 2014-05-02 06:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 06:05 - 2014-05-02 06:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2017-11-08 11:49 - 2017-11-08 11:49 - 000894416 _____ () C:\Windows\SysWOW64\Codecs\TrayMenu.exe
2017-12-19 05:31 - 2017-12-19 05:31 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-32538046-3854998793-3802812278-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: BtSwitcherService => 2
MSCONFIG\Services: CSRBtAudioService => 2
MSCONFIG\Services: CsrBtOBEXService => 2
MSCONFIG\Services: CsrBtService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Codec Pack Update Checker => "C:\Windows\system32\Codecs\UpdateChecker.exe"
MSCONFIG\startupreg: CsrAudioguiCtrl => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
MSCONFIG\startupreg: CSRHarmonySkypePlugin => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
MSCONFIG\startupreg: CsrHCRPServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
MSCONFIG\startupreg: CsrSyncMLServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
MSCONFIG\startupreg: Discord => C:\Users\Eric\AppData\Local\Discord\app-0.0.300\Discord.exe
MSCONFIG\startupreg: HarmonyUserStartup => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: ShaPlus Bandwidth Meter => "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
MSCONFIG\startupreg: Spotify => C:\Users\Eric\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: TrayApplication => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: vksts => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{D0662D67-3A61-4DC9-92C6-316D8014C9E8}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2E587FBA-C8A2-451E-8D4C-348AF779764B}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FAE470BB-39FD-407B-BA7B-512A77C2AF54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9079A9C-9F40-4954-92EA-D128EF1B7153}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{299FB8C4-25FA-451A-8D49-419F45C80417}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{99009399-BB1E-4409-A92A-7495E3661DD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{2C4C19A2-8658-46B4-84BD-AD2E2A97DA28}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{33F6C845-256F-4A82-B7C6-ED12949418EF}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [{1BE7B899-B80E-4E36-8A48-A3D26EC8D5CB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7D19209F-41D7-41ED-B490-C68DFA369F3B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A4C56ED3-71F1-4F9F-AE10-D6B63BFBC4A8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1EC77825-4FB8-4496-8FB2-1BC767181AB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B32BF94C-DFFF-44C1-8F12-FAE88B8CC5DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7F8A8EBB-B1D5-462E-B492-20BE991D15DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D58FFD41-0ACB-4137-9B19-1390AC23E2BD}] => (Allow) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{279CB8A0-94D6-47B3-A31A-659B0AF0137F}] => (Allow) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E845E641-10A3-4B00-B879-806C3F3BB0E6}C:\users\eric\desktop\medivia online\medivia_d3d.exe] => (Block) C:\users\eric\desktop\medivia online\medivia_d3d.exe
FirewallRules: [UDP Query User{0ADAA30A-BE0D-4D98-8B86-7336B15C4510}C:\users\eric\desktop\medivia online\medivia_d3d.exe] => (Block) C:\users\eric\desktop\medivia online\medivia_d3d.exe
FirewallRules: [{E3ED708C-792D-445D-9AE9-E1ECCD5E431B}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{4B36B525-9EDD-4C7D-81FE-F60DD3350AB5}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{DF8B9B05-BD47-458F-83A6-3AC6CBD53D19}] => (Allow) F:\steam games2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{B4820D76-33F9-47AB-959A-D12819AC689B}] => (Allow) F:\steam games2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{5689512E-107C-4FE0-9889-BA572CE65FCD}] => (Allow) F:\steam games2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{573662E9-A977-49DB-8069-D0167F475FEA}] => (Allow) F:\steam games2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{04CEAE52-8CA0-4849-B67F-B9566703E983}] => (Allow) F:\steam games2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{66CD9373-019A-465B-A7C4-2AF99250DAB2}] => (Allow) F:\steam games2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{9F86002B-DE2F-4C9B-B579-44F60E85FCC6}] => (Allow) F:\steam games2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{31333128-B7B6-449C-A0D2-AD9DDB498FCC}] => (Allow) F:\steam games2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{52F757A8-9A1B-424E-BA20-11A26C60AFC9}] => (Allow) F:\steam games2\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{FFCDA522-5DBD-43B2-98C1-BCCAF451801C}] => (Allow) F:\steam games2\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{9D759BB4-99F8-44C1-86FC-D1AC2DF48A9D}] => (Allow) F:\steam games2\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{CA7148BF-EFBA-4744-8A8A-A7B5129A6AC1}] => (Allow) F:\steam games2\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{571376CC-2150-4B5D-88CA-50197D4E89D6}] => (Allow) F:\steam games2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{638E3FAB-E953-434F-BCC8-184D4D92F120}] => (Allow) F:\steam games2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B75A9AF1-9910-4A78-A2C8-362041251336}] => (Allow) F:\steam games2\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{34F6AF2B-367D-4294-9EB3-D459C1C3C3D2}] => (Allow) F:\steam games2\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{A9118359-D07A-4B2E-9AB7-1224C7F19BE8}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{33C2F837-57CC-4F5F-97AA-A2491D628BC1}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{EECAC8DC-60E5-4B93-B883-B549FCAF5052}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{A9C273D2-D8F7-4D10-BC2F-74A8EF1B1B5C}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{684FF846-8509-4942-98A2-A2C6DF712997}] => (Allow) E:\steamgames3\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{BEC3C1BB-4351-422B-9A38-918E8364DD5F}] => (Allow) E:\steamgames3\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{AD55D066-1D87-4C72-9483-87B14D0D4D1A}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{D9FE161A-0D6F-4EB1-90DD-C2EDE24BDF75}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{E84E601F-93CA-4F71-8ECE-461E32516861}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{587011AC-8A7E-4DDF-9498-85C3B4EC990D}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E2914E74-1F83-47A0-AD79-AD3F7BDBB8C4}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{FD7604CC-0FF0-4737-A685-152D559E1E21}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{4B893CBD-6D2D-4A63-AF08-E50C78B4B1BB}] => (Allow) E:\steamgames3\steamapps\common\FINAL FANTASY TYPE-0 HD\fftype0hdlauncher.exe
FirewallRules: [{0EE1E7D8-C338-4C72-952E-235BB11B418F}] => (Allow) E:\steamgames3\steamapps\common\FINAL FANTASY TYPE-0 HD\fftype0hdlauncher.exe
FirewallRules: [{4BDF5FE2-D969-4BE4-88CD-560E1F9CAE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BB1D42F5-B087-44FD-BBF7-2448EE4EB95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1F15E378-170F-4AF6-AC9F-CEB28B11CC17}] => (Allow) F:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe
FirewallRules: [{EA67B253-89DF-44F8-A414-08F988AC353E}] => (Allow) F:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe
FirewallRules: [{6DEE315D-3B0E-4D2E-9D37-4870B1F6CCDF}] => (Allow) E:\SteamLibrary2\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{85C75C1A-551C-4E5A-AF52-6EE95BBA296C}] => (Allow) E:\SteamLibrary2\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{3F420CE0-960F-4138-AF12-43D13E6BC92E}] => (Allow) E:\SteamLibrary2\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{AC6145F1-869C-43C6-83C6-21796FD41077}] => (Allow) E:\SteamLibrary2\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BAC9790A-E3C9-472E-AE67-8FC3F28D5A7E}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{90B7FF3D-AEEF-49BA-B545-E20090AAE88C}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4F82B14E-5E00-46DE-8B8A-DC2503D78624}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6E6BAB44-FA9D-4A16-B2E0-89B3A6BB3F41}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{41333131-B833-463B-B936-29915C70BB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{506A6FDE-CA8A-4D3E-B375-A0FA852E0FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{C36E4D49-324F-4223-97D4-687C1DB5695B}] => (Allow) E:\SteamLibrary2\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{458A8B82-683B-4EB4-AA50-70B4F9A753C4}] => (Allow) E:\SteamLibrary2\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{3450738A-13D5-44E0-B209-73A86FCEB18A}] => (Allow) F:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{CAC00222-9814-4F8E-A341-EDE0B998F6B2}] => (Allow) F:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{374EFFE3-4B49-49C6-B277-00DD705C4B35}] => (Allow) E:\SteamLibrary2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{385CF48E-CC64-413C-BBB8-71A810BC22C7}] => (Allow) E:\SteamLibrary2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{7FBF951D-1124-4D4D-A586-46630768AF06}] => (Allow) F:\SteamLibrary\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{DAB3E2CE-A503-4909-AD82-2D5C7484EA45}] => (Allow) F:\SteamLibrary\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{2C06BAF9-11D2-452A-A8CE-9CA182771AFD}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
FirewallRules: [{6E3E4303-59D5-4C7D-8762-E3D47D29FCF4}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
FirewallRules: [{C8A21510-82D0-4FBE-837B-B6DC2A337F9B}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
FirewallRules: [{C168D683-7D49-4736-B206-248D4DC02D3C}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
FirewallRules: [{6D6BB4D2-7ADE-4F2C-AEF9-A95043034D78}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
FirewallRules: [{CB5A73A7-F185-4EDD-A272-B970568B4C96}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
FirewallRules: [{DBE15709-5F3C-4A76-878D-DF3D3F56A36D}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config.exe
FirewallRules: [{6DC83696-66AF-4956-BB16-AED7989C7EC5}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config.exe
FirewallRules: [{4447F0E0-E39F-4CE0-BFE1-747FD975F5DA}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{2C7D1198-4B9C-47CC-B877-F01ECA43F8A4}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{A3329DD3-86B7-4F65-8744-26D099580254}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\config.exe
FirewallRules: [{9940354B-2B47-4AEC-847E-955DEC9B7888}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\config.exe
FirewallRules: [{BABF78AF-9E37-4776-BBF0-08BF318770D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{8D5C75AA-762B-48EB-A69A-5383FF278A60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1B40711F-8E54-43BE-8386-1E24CF27751A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{1B871F9A-0AFE-48D2-BE7F-CC354FB4173C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{D5557D4A-985E-4707-9EFF-5E889C7E7038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{72BAA2E4-4783-4591-AD7F-CD70260094D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{F1DD4FB3-421B-4520-BA5B-483DA7FC0ABA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{106EED8C-F264-4D13-B520-A038210A4B11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{6051741A-151D-4900-9882-8B281293932E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{31AA8024-824C-4C2A-9AF3-02FB79A05403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{F350D118-01C5-4B40-8BE2-CA438A00D9C4}] => (Allow) F:\SteamLibrary\steamapps\common\Odallus\Launcher.exe
FirewallRules: [{24DB9ABD-28A9-42F0-BDB0-25683F309F5B}] => (Allow) F:\SteamLibrary\steamapps\common\Odallus\Launcher.exe
FirewallRules: [{7E4994ED-536D-4D8A-8C30-7DCE7875F365}] => (Allow) F:\SteamLibrary\steamapps\common\Pixel Heroes\Pixel Heroes - Byte and Magic.exe
FirewallRules: [{3ED01DD5-36FD-44D5-82FB-3668141F10BC}] => (Allow) F:\SteamLibrary\steamapps\common\Pixel Heroes\Pixel Heroes - Byte and Magic.exe
FirewallRules: [{5E826A2B-8DB4-4133-81DB-D183F50786AA}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{B5ED0E4A-7D0F-4D0A-B047-9D21E24A78DD}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{04F97A1B-4F59-4247-895C-F372E0311A2F}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{93DD27F2-E5B3-4526-A7F5-5A6305C73677}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A8D423C4-93A7-4FA3-A3A0-3D16EA91F4F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F953FE40-B51C-4E1D-8063-4BCE8A7A710C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{24C6C26C-FEEA-4FA6-A41D-743101DEA66F}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{F1A5F1D0-28CD-4EB8-B29B-C9EEF410666C}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{33395C6E-34A7-488C-9EDF-081412A1B480}] => (Allow) F:\SteamLibrary\steamapps\common\Genesis Rising\bin\GenesisRising.exe
FirewallRules: [{9BD0D9E4-0778-41DA-82C9-CA2D00241EC2}] => (Allow) F:\SteamLibrary\steamapps\common\Genesis Rising\bin\GenesisRising.exe
FirewallRules: [{26A8C2F7-D82E-4174-88D3-25665F245FFF}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{0CF942FF-E7CB-41C2-B057-A733001014AC}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{6F7D0BE0-90AB-4BF9-908C-314A26448B12}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{47FAE007-4CB4-4921-B732-703403304A27}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{62A7FA4E-8AE2-4490-AFF5-15A3028D8BFC}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{7436B826-2C66-4137-B70E-E60D8604CE5B}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{552AB0A4-535E-4C21-836E-DB827D273243}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{82FD1C30-BD9F-4D41-A662-044F75FAE001}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{42B0794B-E644-485A-A646-F94C82C3F303}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{B0E358F3-AAE3-4DE1-BC49-91D8A3AF1515}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{8C4FEAA3-C4AF-4476-99DC-5BB79C9FD95F}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{495027BF-D666-4136-B757-1A758995A284}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{0A56DB13-FBD0-4EC8-B49A-5548E6C00030}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{923E3A89-9783-4875-ADA5-2184D62419DF}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{607161A2-D1B1-46C8-AB19-40385A3ED28E}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C2DCB0E2-3089-48A8-9034-E24E7F920EAF}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E3155911-FEEC-4288-A531-0E0959F2F089}] => (Allow) F:\SteamLibrary\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{34C88CFF-BD71-45E9-A197-0CD12687005B}] => (Allow) F:\SteamLibrary\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{04E3F7E3-03E5-4AB3-AEBA-1861694114F1}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{CDC5862C-5D6C-4845-940C-E42CD7E216D3}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{3C1DBEAC-85E1-439D-AD79-89375B236557}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{9FA25714-867E-4017-8613-70CD88A6AEA6}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{87EC86E5-43B6-4E89-960F-309A81EA3084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{5E87D560-BC5D-42A1-AE2C-C59D2D743479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{CFC78AFE-CB06-47A8-9170-3FFA345FB0EE}] => (Allow) E:\SteamLibrary2\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{B5097664-21AF-4B63-8561-DF943A411052}] => (Allow) E:\SteamLibrary2\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{F4E971AC-86A2-4687-8946-E1903E253AA2}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{B4502064-C7BB-4CDD-B392-3ED2D7A8D10F}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{C58E7052-2C99-459A-A161-A73C9926BB7E}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{69D1D94F-E862-4B7B-836E-69B4DB1C9FF3}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{FCC3E186-8A0C-405B-BF33-3A0B400DB5BE}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{42F52A82-3D71-4416-8461-FF41ED33AFA4}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{053E1577-5059-4ECD-9904-A013CDAEA1FD}] => (Allow) E:\SteamLibrary2\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{03D85E89-1E7E-41C4-BF2B-36593B6D5EB1}] => (Allow) E:\SteamLibrary2\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{D5BAB270-9223-46C1-9F83-097D9FA669E0}] => (Allow) F:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{7FDDCB46-7ADC-4A3F-AB90-F4E8495952E6}] => (Allow) F:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{8F5554FB-DE86-4E48-967A-AD44BE5DB298}] => (Allow) F:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{BCF854AE-4CAE-4166-A91F-178A9929DDB8}] => (Allow) F:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{41E70B18-2574-4ECA-BECF-1C003FD60FA6}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{D0F4110C-631E-410F-BAB5-B3C40212800B}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{CC27D10B-539C-4385-808B-5FE60D7159CB}] => (Allow) E:\SteamLibrary2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{F7449DD7-0CC0-4AF6-B1CB-EF9445000093}] => (Allow) E:\SteamLibrary2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{AB3C0038-DD1E-4C4B-8487-69855BCCCD99}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\div.exe
FirewallRules: [{2DDC379E-2FAE-4E24-97FA-BDB7C3025134}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\div.exe
FirewallRules: [{4B3BEFEE-5979-45CC-8678-2CEA36B0D3C5}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{329B0852-27A3-411A-A397-F84250DCD57A}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{0493BDFC-3EFA-40C6-8DAE-A8B239CA3ED5}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\div.exe
FirewallRules: [{B4AB3F10-D611-4A36-8C4D-15D34A821257}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\div.exe
FirewallRules: [{38DF7DD3-78C9-40DC-904D-00643D508595}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\configtool.exe
FirewallRules: [{1E7CF80F-F521-45D7-AAF2-FC0A107FBD59}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\configtool.exe
FirewallRules: [{14171DD5-84ED-4835-9845-2FACD454047F}] => (Allow) F:\SteamLibrary\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{3982DA93-24C4-4FCB-9BBD-5D224FAED6A1}] => (Allow) F:\SteamLibrary\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{9D210652-5E1B-4743-84D0-2779189CF1AE}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{6E769CFA-AE8B-47F5-9664-13DB0C6E9192}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{BC9C37C8-7D98-4FA2-9B87-D6F3BBE7F6FB}] => (Allow) F:\SteamLibrary\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{02A54BD4-C086-4EFA-B172-E4C3F654E443}] => (Allow) F:\SteamLibrary\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{5C5148BC-134E-4BEE-9C88-4D925CE54956}] => (Allow) F:\SteamLibrary\steamapps\common\Tkl Online\start.exe
FirewallRules: [{2E942973-C838-4B9F-A4C3-7A6C0F23F67C}] => (Allow) F:\SteamLibrary\steamapps\common\Tkl Online\start.exe
FirewallRules: [{680BC201-731A-4DEC-AEC4-388F2F58DDC2}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
 

Broni

Malware Annihilator
FirewallRules: [{7CB844BE-16D7-46CE-9B5C-54BA50A35CCF}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{A2E28BD4-B67A-4B0B-913F-194F2D5A7C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{152688AC-F6F1-4298-BC33-8931AD325065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{C18FB50E-C011-4581-80A3-64EC28DF657C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{E29614AD-ECCF-4D8F-ABF5-5291349DA5AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{AB91390B-7EE4-4F6D-9052-1348D9374137}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{03670C2C-8D51-4761-ADBB-3BC9F2338309}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [TCP Query User{3E122BD9-6101-44FB-811E-3C3EF6E38FD1}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [UDP Query User{18D4EB6F-6965-4366-990C-9C73B86B5B4B}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [{E05D78D0-0234-4576-877C-F3357B639117}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{3675A73C-4A89-4070-96A7-1E252BE0BAF0}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{331FA05D-197B-4191-A25E-2531CEE318FA}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [UDP Query User{A8E25823-FA6E-4CB0-8325-B4EEA0E125C8}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [{4C18AB5F-F198-46D8-98A1-8C7BF0D7EF1C}] => (Allow) F:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{D160C2D0-C087-418F-91C5-E912383A9130}] => (Allow) F:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{7D31AEFB-EC9B-44E3-A663-FBBEBA5DCE7D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{9FF510D1-FCB8-4BF2-9864-02D9F04414CB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{088163E2-0E3F-4AC1-AD8C-2872717DDD84}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{8262B617-F17B-4D99-99DA-D4C71F15857B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{A8D61361-9A1D-4B26-9C1D-90CDF4A733C9}] => (Allow) E:\SteamLibrary2\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{EABF8CE2-31A1-4F76-BBA7-28F345796F3D}] => (Allow) E:\SteamLibrary2\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{47FA0A65-75FC-47B7-A094-4A027EC06CF0}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{7EAF6AC0-D94D-4D16-8CBF-12CC9CD7A615}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [TCP Query User{C449A80C-784D-4303-B687-2A6124B1C249}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{A2A8A22C-E1ED-4CDB-9F10-A822D162B84D}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [TCP Query User{510CB4AE-487A-43D6-8F06-430D89A2AE01}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{F5E87C9D-B38E-4CC7-BFB5-343DDDDFF1B7}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [TCP Query User{89EE4A8B-03A2-4640-A0B5-E2DDE4297575}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{543E5481-B3FA-4A05-B80B-59B31574AE27}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{10D4191E-9D82-4FEC-BE9D-C5059CB969A8}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{FA627076-1865-4210-843F-FE4363A63290}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe
FirewallRules: [{E0BF1B9D-F623-4617-BFD9-B24FDD1E85E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northmark HOTW\northmark.exe
FirewallRules: [{AEE1CA17-0EAE-4316-803A-F474D76992D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northmark HOTW\northmark.exe
FirewallRules: [{11A93B47-DD0C-47ED-A632-392C5A8B7222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{74984A49-BC65-43CE-BB33-41CA9C33C2DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{E844DE08-1F34-4C0D-8647-80C66A67CF98}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B18B2DF2-3E9A-4D86-B30A-B7C47633B344}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{58C14573-C1D1-47C0-B817-552DD990238F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{1D14ABCE-C5AC-4936-BD31-25A64106FD80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{F23D6B7F-8268-4E15-9565-658658B4872E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{B5CC4ACD-569D-4CD3-B70A-4FD7DC32EB4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{AC232A18-062F-41BA-B54C-BCA22A75353B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{4AF4C74D-E060-48CE-971F-B241053439A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{D4763308-B367-4BD8-B4AE-4558BD0A1A80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{AF52C647-93AD-4C9A-B3FF-516E264033FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{41C41496-0F19-46DB-867A-5A1670033B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{E06B6143-9FCB-436D-8876-10506BC15B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{95AC8E0C-2CD4-4FC8-9701-5EAA95CD4DF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{5D0B1ACB-DCC8-4F2E-9074-75E630FBBA28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{A0493BC5-6C96-49AC-881E-2FE5C3413D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dayofinfamy\dayofinfamy_BE.exe
FirewallRules: [{CD4A73C2-960C-4D76-84FF-858B054A5F3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dayofinfamy\dayofinfamy_BE.exe
FirewallRules: [{BA11FBB3-511C-4CBD-AC36-3FC036FC7C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{80374704-79D7-40CF-9CD7-975B18D522D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D5F1B5D0-65D6-4EEE-8AA0-8AE8C17F5183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe
FirewallRules: [{8CD9D0DE-DD92-4167-82DB-2F498A9B2E3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe
FirewallRules: [{812341F2-7BCE-4C89-B420-18A461DC521F}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER RESURRECTION\GER.exe
FirewallRules: [{D2191C2C-520A-4E36-A6ED-FCBDFA23A39F}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER RESURRECTION\GER.exe
FirewallRules: [{7707B502-C295-4804-8D94-303A2373BF86}] => (Allow) F:\SteamLibrary\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{F7B2F4A1-E50C-431E-9A9A-70D4FC876034}] => (Allow) F:\SteamLibrary\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{DC22A536-0AD3-4B8F-885F-712778E1EC48}] => (Allow) F:\SteamLibrary\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{0A360DDD-EE82-4342-AFB4-0C1110B1086A}] => (Allow) F:\SteamLibrary\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{3A949ED5-F463-40C2-9F64-C24FFA68CDFD}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{F72C4131-C0AF-48A4-B588-80E9E009A5CB}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{33D74E5D-4E19-4378-811A-DC916D2181C3}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{CA69AD5E-58B4-4DB2-B8A0-A0794B868AFF}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{2A0F52CF-A665-4198-8CC9-F72CA35DECD9}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{7ED4F241-E5B4-455A-9469-D535279AB200}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{E7B9FBA6-B4EE-47E6-8FF3-38111F177FE5}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{46046ADE-70A3-427E-A527-2CC462B325D3}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{2655D42F-070D-4823-9A9D-33B9DBCFD652}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{46C42C70-9E25-4F83-BF3B-2C3B247DC7EB}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [TCP Query User{5D9C6E48-40D0-4571-B970-A1F02FCCC194}E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{804C7882-0C0E-4BD1-BFE1-9B047D1DFD8B}E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{7E0E1D6E-FD51-48BD-8390-3CC7F630E455}F:\starcraft\starcraft.exe] => (Allow) F:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{F934F446-65AC-4226-ABFC-5DDDF7C47590}F:\starcraft\starcraft.exe] => (Allow) F:\starcraft\starcraft.exe
FirewallRules: [{0A0302C7-7158-4C34-BDEF-B810494172D0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B5224403-8676-4E22-BF46-6DD340D0A2EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B85E5B65-792B-4798-AF31-C1F3442D71AE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{05074617-1DF6-415F-AB18-8C347FABD73E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6C19B838-CBAD-452D-8D8C-49CA3EEB646D}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [UDP Query User{C6B8B12A-6950-4B9E-AE48-EE2690A63F34}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [{6F6E6822-0C41-48D8-A9CF-CD030F821976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{16EF3ADC-6C85-4CD8-A7E4-6CE840F1A4F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D0AF8E68-41A2-4F73-9AD5-6533D2E6A993}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{692C0A85-9E8B-4182-98A1-AC7167B8B9B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{EA957D64-DC1A-46AF-8533-56BDCB995A9B}] => (Allow) E:\SteamLibrary2\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F7E819F2-BFEB-4651-9CB1-093566DE4A59}] => (Allow) E:\SteamLibrary2\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{918BA74D-FDBE-4598-AB21-56A2EA2B05D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F3B3C34-A2CF-45FE-98D4-B02916F37C5D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E79AE2D0-C18C-4AAC-B0A9-95B4EE74E8D8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D9500DAF-1AC0-40C5-B439-D449E24EE4E5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{84BACC4A-85B5-4F4D-B71C-0941B12609D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0E54C54C-6656-427B-8129-60DE13B20DDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{206EB28A-F8CF-4AE5-92F7-723AECC80AF7}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [{495DAFBF-F8AC-484A-ACB4-443D8F3A1979}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [TCP Query User{D910E2E8-A705-4F4A-BB29-A6707E338BB5}C:\starcraft\starcraft.exe] => (Allow) C:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{3D6A14F1-EF02-4D39-9FD3-86C0400468E6}C:\starcraft\starcraft.exe] => (Allow) C:\starcraft\starcraft.exe

==================== Restore Points =========================

05-11-2018 13:01:06 Removed CpuCoreParking

==================== Faulty Device Manager Devices =============

Name: MpKsl1530086a
Description: MpKsl1530086a
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl1530086a
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WinRing0_1_2_0
Description: WinRing0_1_2_0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WinRing0_1_2_0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VBox Support Driver
Description: VBox Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: YSDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2018 12:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 11:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsx2.exe, version: 0.0.0.0, time stamp: 0x568bfd0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x30000084
Faulting process id: 0xd4c
Faulting application start time: 0x01d475221fa5acb7
Faulting application path: C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe
Faulting module path: unknown
Report Id: 95451fe3-e116-11e8-bbef-a632e4350b19

Error: (11/05/2018 07:54:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/04/2018 06:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/03/2018 02:59:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2018 07:54:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/30/2018 06:39:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/30/2018 08:10:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/05/2018 12:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 119.0.0.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.14600.4&sig=119.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: Network Inspection System

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 2.1.14600.4

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (11/05/2018 12:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.279.1150.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1150.0&asdelta=1.279.1150.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.15400.4

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (11/05/2018 12:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.279.1150.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1150.0&asdelta=1.279.1150.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.15400.4

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (11/05/2018 12:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.279.1150.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.15400.4

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (11/05/2018 12:25:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/05/2018 12:25:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/05/2018 12:25:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/05/2018 12:25:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2018-02-24 03:03:40.620
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:40.575
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:24.260
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:24.212
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:23.133
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:23.084
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:21.515
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:21.468
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-4350 Quad-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 11237.89 MB
Available physical RAM: 9152.87 MB
Total Virtual: 22473.94 MB
Available Virtual: 20331.02 MB

==================== Drives ================================

Drive c: (OPERATING SSD ) (Fixed) (Total:223.34 GB) (Free:30.46 GB) NTFS
Drive e: (INTERNAL 2.5) (Fixed) (Total:297.87 GB) (Free:70.76 GB) NTFS
Drive f: (INTERNAL 3.5) (Fixed) (Total:232.72 GB) (Free:59.17 GB) NTFS
Drive g: (29 GB) (Removable) (Total:29.1 GB) (Free:18.31 GB) FAT32

\\?\Volume{48257164-6090-4e2e-a6ec-c5b1fcb4b4c3}\ (New Volume) (Fixed) (Total:0.11 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5A8F2260)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0A28444F)

Partition: GPT.

========================================================
Disk: 2 (Size: 232.8 GB) (Disk ID: 6BB5AA5A)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 29.1 GB) (Disk ID: 0C8815C3)
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

eric m

TS Rookie
Here are the rk, adwc and mbam logs

RK log
RogueKiller Anti-Malware V13.0.7.0 (x64) [Nov 5 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Website : https://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Eric [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2018/11/05 18:26:25 (Duration : 00:08:05)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.Auslogics (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Auslogics -- N/A -> Found
>>>>>> O23 - Services
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsl1530086a -- c:\ProgramData\Microsoft\Microsoft (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MpKsl1530086a -- c:\ProgramData\Microsoft\Microsoft (missing) -> Found
>>>>>> R5 - Proxy
[PUM.Proxy (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-32538046-3854998793-3802812278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- 127.0.0.1:80 -> Found
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-32538046-3854998793-3802812278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- 127.0.0.1:80 -> Found
>>>>>> XX - System Policies
[PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
[PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
>>>>>> XX - Explorer Advanced
[PUM.StartMenu (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-32538046-3854998793-3802812278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Found
[PUM.StartMenu (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-32538046-3854998793-3802812278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

mbam log
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/5/18
Scan Time: 7:44 PM
Log File: 12ff7ce8-e15d-11e8-b872-002637bd3942.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7703
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Main\Eric

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 221829
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



adwcleaner log
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-05-2018
# Duration: 00:00:00
# OS: Windows 7 Professional
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ProductUpdater
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\TrayApplication
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Codec Settings UAC Manager

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1553 octets] - [05/11/2018 19:49:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

eric m

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Eric (administrator) on MAIN (06-11-2018 05:17:49)
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: {4727379c-182c-11e8-881c-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\setup.exe
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-10-04]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2018-10-25]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{15F81B08-A815-4CC8-B50E-2B8F15DCB9D5}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{227B6D41-7D5D-48A9-9D03-CE3A6CC3F216}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6D7B8BFD-1463-4A80-800B-2D63C7A581AA}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 62izzuiv.default
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\62izzuiv.default [2018-11-05]
FF Extension: (Telemetry coverage) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\62izzuiv.default\features\{b2d5c4b0-417f-43d5-9062-7193a44e8926}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-09-26] ()
S3 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2018-05-27] (Apple Inc.)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-09-24] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2018-09-24] (Ellora Assets Corp.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-06] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-19] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
R3 ALSysIO; \??\C:\Users\Eric\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 csravrcp; system32\DRIVERS\csravrcp.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrduncmdm; system32\DRIVERS\csrdunc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 csr_bthav; system32\drivers\csrbthav.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S2 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 05:17 - 2018-11-06 05:17 - 000000000 ____D C:\Users\Eric\Desktop\FRST-OlderVersion
2018-11-05 19:52 - 2018-11-06 05:17 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-05 19:50 - 2018-11-05 19:50 - 000001553 _____ C:\Users\Eric\Desktop\AdwCleaner[S00].txt
2018-11-05 19:49 - 2018-11-05 19:51 - 000000000 ____D C:\AdwCleaner
2018-11-05 19:48 - 2018-11-05 19:49 - 000001213 _____ C:\Users\Eric\Desktop\mbam.txt
2018-11-05 19:42 - 2018-11-05 19:42 - 000005634 _____ C:\Users\Eric\Desktop\RK report.txt
2018-11-05 18:25 - 2018-11-05 19:43 - 000000000 ____D C:\Program Files\RogueKiller
2018-11-05 18:25 - 2018-11-05 19:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-11-05 18:25 - 2018-11-05 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-11-05 18:23 - 2018-11-05 18:23 - 007592144 _____ (Malwarebytes) C:\Users\Eric\Downloads\AdwCleaner.exe
2018-11-05 18:22 - 2018-11-05 18:23 - 029189000 _____ (Adlice Software ) C:\Users\Eric\Downloads\RogueKiller_setup_ref3.exe
2018-11-05 13:22 - 2018-11-06 05:18 - 000009957 _____ C:\Users\Eric\Desktop\FRST.txt
2018-11-05 13:22 - 2018-11-06 05:17 - 000000000 ____D C:\FRST
2018-11-05 13:22 - 2018-11-05 13:22 - 000074612 _____ C:\Users\Eric\Desktop\Addition.txt
2018-11-05 13:21 - 2018-11-06 05:17 - 002414592 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2018-11-05 12:57 - 2018-11-05 12:57 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Temp
2018-11-05 12:51 - 2018-11-05 12:51 - 000009333 _____ C:\Users\Eric\AppData\Local\recently-used.xbel
2018-11-05 12:48 - 2018-11-05 12:49 - 000000000 ____D C:\Users\Eric\Desktop\snes9x
2018-11-05 11:47 - 2018-11-05 11:47 - 000000000 ____D C:\Users\Eric\AppData\Local\mbam
2018-11-05 11:44 - 2018-11-05 11:44 - 000001881 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\Users\Eric\AppData\Local\mbamtray
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-05 11:44 - 2018-11-05 11:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-05 11:44 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 16:59 - 2018-11-04 17:10 - 190222918 _____ C:\Users\Eric\Desktop\Front_Mission_2_[T+Eng_PatchF].zip
2018-11-04 16:59 - 2018-11-04 16:59 - 002288693 _____ C:\Users\Eric\Desktop\Front_Mission_[T+Eng1.00].zip
2018-11-04 16:41 - 2018-11-04 16:41 - 000000000 ____D C:\Users\Eric\Desktop\2076.63mb used 11-4-18-1641
2018-11-03 12:51 - 2018-11-04 09:21 - 000220413 _____ C:\Users\Eric\Desktop\fm3.txt
2018-11-02 15:22 - 2018-11-05 12:50 - 000000000 ____D C:\Users\Eric\Desktop\EPSXE
2018-10-31 14:11 - 2018-10-31 14:11 - 000000000 ____D C:\Users\Eric\jagexcache
2018-10-31 14:10 - 2018-10-31 14:11 - 000000000 ____D C:\Users\Eric\.runelite
2018-10-29 14:44 - 2018-10-29 14:44 - 000008720 _____ C:\Users\Eric\Desktop\New Text Document.txt
2018-10-29 07:06 - 2018-11-05 12:29 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\uTorrent
2018-10-25 12:25 - 2018-10-25 15:34 - 000000000 ____D C:\Users\Eric\AppData\Local\visualboyadvance-m
2018-10-25 12:24 - 2018-03-14 11:50 - 017184052 _____ (hxxp://vba-m.com/) C:\Users\Eric\Desktop\visualboyadvance-m.exe
2018-10-25 12:24 - 2018-03-14 11:50 - 000008406 _____ C:\Users\Eric\Desktop\vba-over.ini
2018-10-25 12:21 - 2018-11-05 11:00 - 000000428 _____ C:\Windows\Tasks\ScpUpdater.job
2018-10-25 12:21 - 2018-10-25 12:21 - 000002988 _____ C:\Windows\System32\Tasks\ScpUpdater
2018-10-25 12:21 - 2018-10-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit
2018-10-25 06:05 - 2018-10-25 06:05 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1964.lnk
2018-10-25 06:05 - 2018-10-25 06:05 - 000000000 ____D C:\Program Files (x86)\1964
2018-10-20 22:47 - 2018-10-29 14:33 - 000000000 ____D C:\Users\Eric\AppData\Local\gtk-2.0
2018-10-20 22:27 - 2018-11-05 12:52 - 000000000 ____D C:\Users\Eric\AppData\Local\babl-0.1
2018-10-20 22:27 - 2018-10-29 14:36 - 000000945 _____ C:\Users\Public\Desktop\GIMP 2.10.6.lnk
2018-10-20 22:27 - 2018-10-20 22:27 - 000000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.6.lnk
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Roaming\GIMP
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Local\GIMP
2018-10-20 22:27 - 2018-10-20 22:27 - 000000000 ____D C:\Users\Eric\AppData\Local\gegl-0.4
2018-10-20 22:26 - 2018-10-20 22:28 - 000000000 ____D C:\Program Files\GIMP 2
2018-10-20 17:40 - 2018-10-25 12:15 - 000000000 ____D C:\ProgramData\RedFox
2018-10-20 17:40 - 2018-10-20 17:40 - 000000000 ____D C:\Program Files (x86)\RedFox
2018-10-13 12:57 - 2018-10-13 13:01 - 000000000 ____D C:\StarCraft
2018-10-12 23:27 - 2018-10-12 23:38 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-10-07 15:07 - 2018-10-25 12:16 - 000000000 ____D C:\Windows\system32\appmgmt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 05:17 - 2018-07-20 21:28 - 000000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-11-06 05:17 - 2018-04-12 15:14 - 000000000 ____D C:\Program Files\Core Temp
2018-11-06 05:16 - 2018-02-22 16:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-06 05:16 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-05 20:39 - 2018-04-16 20:32 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-05 19:59 - 2009-07-13 23:45 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-05 19:59 - 2009-07-13 23:45 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-05 19:57 - 2009-07-14 00:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-05 19:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-05 19:53 - 2018-09-07 14:08 - 000000000 ____D C:\Users\Eric\AppData\LocalLow\Mozilla
2018-11-05 13:34 - 2018-07-18 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2018-11-05 13:34 - 2018-07-18 10:45 - 000000000 ____D C:\Program Files (x86)\Project64 2.3
2018-11-05 12:30 - 2018-10-04 12:18 - 000000000 ____D C:\Users\Eric\AppData\Roaming\MPC-HC
2018-11-05 12:30 - 2018-03-04 18:44 - 000000000 ____D C:\Users\Eric\AppData\Roaming\uTorrent
2018-11-05 12:30 - 2018-02-24 02:07 - 000000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2018-11-05 11:11 - 2018-09-07 14:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-04 21:13 - 2018-04-19 12:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-04 17:45 - 2018-06-10 01:27 - 000000000 ____D C:\Users\Eric\Documents\The Witcher 3
2018-11-01 08:22 - 2018-02-25 14:47 - 000000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
2018-10-31 14:11 - 2018-02-22 16:08 - 000000000 ____D C:\Users\Eric
2018-10-29 14:38 - 2018-05-21 08:47 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-29 14:37 - 2018-02-22 16:45 - 000000000 ____D C:\Users\Eric\AppData\Local\Google
2018-10-23 21:56 - 2018-05-27 06:08 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-10-23 18:52 - 2018-05-27 06:09 - 000000000 ____D C:\Users\Eric\AppData\Local\Battle.net
2018-10-20 06:27 - 2018-05-29 02:07 - 000001078 _____ C:\Users\Public\Desktop\Medivia Online - DirectX.lnk
2018-10-20 06:27 - 2018-04-13 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medivia Online
2018-10-20 06:27 - 2018-04-13 11:35 - 000000000 ____D C:\Program Files (x86)\Medivia Online
2018-10-18 07:15 - 2018-02-22 17:13 - 000000000 ____D C:\Users\Eric\AppData\Local\Spotify
2018-10-18 07:15 - 2018-02-22 17:12 - 000000000 ____D C:\Users\Eric\AppData\Roaming\Spotify
2018-10-07 15:06 - 2018-04-19 18:07 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2018-11-05 12:51 - 2018-11-05 12:51 - 000009333 _____ () C:\Users\Eric\AppData\Local\recently-used.xbel
2018-06-15 09:54 - 2018-09-10 09:35 - 000007609 _____ () C:\Users\Eric\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

LastRegBack: 2018-11-04 07:16

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Eric (06-11-2018 05:18:23)
Running from C:\Users\Eric\Desktop
Windows 7 Professional Service Pack 1 (X64) (2018-02-22 21:08:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-32538046-3854998793-3802812278-500 - Administrator - Disabled)
Eric (S-1-5-21-32538046-3854998793-3802812278-1000 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-32538046-3854998793-3802812278-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-32538046-3854998793-3802812278-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
Discord (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.2 - Ellora Assets Corporation)
GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PdaNet+ for Android 5.10 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RogueKiller version 13.0.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.7.0 - Adlice Software)
RuneLite (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\RuneLite_is1) (Version: Launcher 1.6.0 - RuneLite)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
Secret of Mana (HKLM-x32\...\Secret of Mana_is1) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Spotify (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Spotify) (Version: 1.0.82.447.g975ad224 - Spotify AB)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Tibia (HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\Tibia) (Version: - CipSoft GmbH)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 Codec Pack 4.2.1 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.2.1 - Windows 7 Codec Pack)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-32538046-3854998793-3802812278-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01453B53-B8F9-4792-81B0-DFA372B3DE1C} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-04-12] (Nefarius Software Solutions)
Task: {1DD01D3A-D831-49F6-9CB1-D187DE3A6F76} - System32\Tasks\{F944355B-1CBD-4865-A598-03F0C4089E3C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PdaNet for Android\drvins.exe" -d "C:\Program Files (x86)\PdaNet for Android" -c /dd 1
Task: {4B87D338-FC67-4B21-910B-DF7AC4E41298} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {635A868E-ED4B-4DEB-B3E0-A2FD7B003FAC} - System32\Tasks\Core Temp Autostart Eric => C:\Program Files\Core Temp\Core Temp.exe [2017-11-04] (ALCPU)
Task: {8092CDD8-181A-4647-9A57-FE8F4D8B54C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {D3D1474E-3B27-434D-B84E-E704B5C0EDAB} - System32\Tasks\{843061E6-3076-44E5-ADD4-5C3061299AA4} => C:\Windows\system32\pcalua.exe -a E:\psp\Setup.exe -d E:\psp
Task: {E7CA0322-AE8D-41B2-8262-B930CD896E32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-22 16:59 - 2018-03-23 20:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-10-25 12:21 - 2018-10-25 12:21 - 000305152 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\1f5b61a3cbe51d54f3e204837b084d8a\ReactiveSockets.ni.dll
2014-05-02 11:52 - 2014-05-02 11:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 06:55 - 2014-05-02 06:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 06:05 - 2014-05-02 06:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2018-11-05 11:44 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-08 11:49 - 2017-11-08 11:49 - 000894416 _____ () C:\Windows\SysWOW64\Codecs\TrayMenu.exe
2018-07-20 21:13 - 2017-12-04 09:46 - 001263016 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2017-12-19 05:31 - 2017-12-19 05:31 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-32538046-3854998793-3802812278-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: BtSwitcherService => 2
MSCONFIG\Services: CSRBtAudioService => 2
MSCONFIG\Services: CsrBtOBEXService => 2
MSCONFIG\Services: CsrBtService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Codec Pack Update Checker => "C:\Windows\system32\Codecs\UpdateChecker.exe"
MSCONFIG\startupreg: CsrAudioguiCtrl => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
MSCONFIG\startupreg: CSRHarmonySkypePlugin => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
MSCONFIG\startupreg: CsrHCRPServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
MSCONFIG\startupreg: CsrSyncMLServer => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
MSCONFIG\startupreg: Discord => C:\Users\Eric\AppData\Local\Discord\app-0.0.300\Discord.exe
MSCONFIG\startupreg: HarmonyUserStartup => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: ShaPlus Bandwidth Meter => "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
MSCONFIG\startupreg: Spotify => C:\Users\Eric\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: uTorrent => "C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: vksts => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{D0662D67-3A61-4DC9-92C6-316D8014C9E8}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2E587FBA-C8A2-451E-8D4C-348AF779764B}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FAE470BB-39FD-407B-BA7B-512A77C2AF54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9079A9C-9F40-4954-92EA-D128EF1B7153}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{299FB8C4-25FA-451A-8D49-419F45C80417}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{99009399-BB1E-4409-A92A-7495E3661DD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{2C4C19A2-8658-46B4-84BD-AD2E2A97DA28}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{33F6C845-256F-4A82-B7C6-ED12949418EF}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [{1BE7B899-B80E-4E36-8A48-A3D26EC8D5CB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7D19209F-41D7-41ED-B490-C68DFA369F3B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A4C56ED3-71F1-4F9F-AE10-D6B63BFBC4A8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1EC77825-4FB8-4496-8FB2-1BC767181AB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B32BF94C-DFFF-44C1-8F12-FAE88B8CC5DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7F8A8EBB-B1D5-462E-B492-20BE991D15DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D58FFD41-0ACB-4137-9B19-1390AC23E2BD}] => (Allow) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{279CB8A0-94D6-47B3-A31A-659B0AF0137F}] => (Allow) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E845E641-10A3-4B00-B879-806C3F3BB0E6}C:\users\eric\desktop\medivia online\medivia_d3d.exe] => (Block) C:\users\eric\desktop\medivia online\medivia_d3d.exe
FirewallRules: [UDP Query User{0ADAA30A-BE0D-4D98-8B86-7336B15C4510}C:\users\eric\desktop\medivia online\medivia_d3d.exe] => (Block) C:\users\eric\desktop\medivia online\medivia_d3d.exe
FirewallRules: [{E3ED708C-792D-445D-9AE9-E1ECCD5E431B}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{4B36B525-9EDD-4C7D-81FE-F60DD3350AB5}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{DF8B9B05-BD47-458F-83A6-3AC6CBD53D19}] => (Allow) F:\steam games2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{B4820D76-33F9-47AB-959A-D12819AC689B}] => (Allow) F:\steam games2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{5689512E-107C-4FE0-9889-BA572CE65FCD}] => (Allow) F:\steam games2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{573662E9-A977-49DB-8069-D0167F475FEA}] => (Allow) F:\steam games2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{04CEAE52-8CA0-4849-B67F-B9566703E983}] => (Allow) F:\steam games2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{66CD9373-019A-465B-A7C4-2AF99250DAB2}] => (Allow) F:\steam games2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{9F86002B-DE2F-4C9B-B579-44F60E85FCC6}] => (Allow) F:\steam games2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{31333128-B7B6-449C-A0D2-AD9DDB498FCC}] => (Allow) F:\steam games2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{52F757A8-9A1B-424E-BA20-11A26C60AFC9}] => (Allow) F:\steam games2\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{FFCDA522-5DBD-43B2-98C1-BCCAF451801C}] => (Allow) F:\steam games2\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{9D759BB4-99F8-44C1-86FC-D1AC2DF48A9D}] => (Allow) F:\steam games2\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{CA7148BF-EFBA-4744-8A8A-A7B5129A6AC1}] => (Allow) F:\steam games2\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{571376CC-2150-4B5D-88CA-50197D4E89D6}] => (Allow) F:\steam games2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{638E3FAB-E953-434F-BCC8-184D4D92F120}] => (Allow) F:\steam games2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B75A9AF1-9910-4A78-A2C8-362041251336}] => (Allow) F:\steam games2\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{34F6AF2B-367D-4294-9EB3-D459C1C3C3D2}] => (Allow) F:\steam games2\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{A9118359-D07A-4B2E-9AB7-1224C7F19BE8}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{33C2F837-57CC-4F5F-97AA-A2491D628BC1}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{EECAC8DC-60E5-4B93-B883-B549FCAF5052}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{A9C273D2-D8F7-4D10-BC2F-74A8EF1B1B5C}] => (Allow) E:\steamgames3\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{684FF846-8509-4942-98A2-A2C6DF712997}] => (Allow) E:\steamgames3\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{BEC3C1BB-4351-422B-9A38-918E8364DD5F}] => (Allow) E:\steamgames3\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{AD55D066-1D87-4C72-9483-87B14D0D4D1A}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{D9FE161A-0D6F-4EB1-90DD-C2EDE24BDF75}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{E84E601F-93CA-4F71-8ECE-461E32516861}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{587011AC-8A7E-4DDF-9498-85C3B4EC990D}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E2914E74-1F83-47A0-AD79-AD3F7BDBB8C4}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{FD7604CC-0FF0-4737-A685-152D559E1E21}] => (Allow) E:\steamgames3\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{4B893CBD-6D2D-4A63-AF08-E50C78B4B1BB}] => (Allow) E:\steamgames3\steamapps\common\FINAL FANTASY TYPE-0 HD\fftype0hdlauncher.exe
FirewallRules: [{0EE1E7D8-C338-4C72-952E-235BB11B418F}] => (Allow) E:\steamgames3\steamapps\common\FINAL FANTASY TYPE-0 HD\fftype0hdlauncher.exe
FirewallRules: [{4BDF5FE2-D969-4BE4-88CD-560E1F9CAE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BB1D42F5-B087-44FD-BBF7-2448EE4EB95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1F15E378-170F-4AF6-AC9F-CEB28B11CC17}] => (Allow) F:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe
FirewallRules: [{EA67B253-89DF-44F8-A414-08F988AC353E}] => (Allow) F:\SteamLibrary\steamapps\common\LowMagicAge\low_magic_age.exe
FirewallRules: [{6DEE315D-3B0E-4D2E-9D37-4870B1F6CCDF}] => (Allow) E:\SteamLibrary2\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{85C75C1A-551C-4E5A-AF52-6EE95BBA296C}] => (Allow) E:\SteamLibrary2\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
FirewallRules: [{3F420CE0-960F-4138-AF12-43D13E6BC92E}] => (Allow) E:\SteamLibrary2\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{AC6145F1-869C-43C6-83C6-21796FD41077}] => (Allow) E:\SteamLibrary2\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BAC9790A-E3C9-472E-AE67-8FC3F28D5A7E}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{90B7FF3D-AEEF-49BA-B545-E20090AAE88C}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4F82B14E-5E00-46DE-8B8A-DC2503D78624}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6E6BAB44-FA9D-4A16-B2E0-89B3A6BB3F41}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{41333131-B833-463B-B936-29915C70BB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{506A6FDE-CA8A-4D3E-B375-A0FA852E0FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{C36E4D49-324F-4223-97D4-687C1DB5695B}] => (Allow) E:\SteamLibrary2\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{458A8B82-683B-4EB4-AA50-70B4F9A753C4}] => (Allow) E:\SteamLibrary2\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{3450738A-13D5-44E0-B209-73A86FCEB18A}] => (Allow) F:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{CAC00222-9814-4F8E-A341-EDE0B998F6B2}] => (Allow) F:\SteamLibrary\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{374EFFE3-4B49-49C6-B277-00DD705C4B35}] => (Allow) E:\SteamLibrary2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{385CF48E-CC64-413C-BBB8-71A810BC22C7}] => (Allow) E:\SteamLibrary2\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{7FBF951D-1124-4D4D-A586-46630768AF06}] => (Allow) F:\SteamLibrary\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{DAB3E2CE-A503-4909-AD82-2D5C7484EA45}] => (Allow) F:\SteamLibrary\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{2C06BAF9-11D2-452A-A8CE-9CA182771AFD}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
FirewallRules: [{6E3E4303-59D5-4C7D-8762-E3D47D29FCF4}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win_dx9.exe
FirewallRules: [{C8A21510-82D0-4FBE-837B-B6DC2A337F9B}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
FirewallRules: [{C168D683-7D49-4736-B206-248D4DC02D3C}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config_dx9.exe
FirewallRules: [{6D6BB4D2-7ADE-4F2C-AEF9-A95043034D78}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
FirewallRules: [{CB5A73A7-F185-4EDD-A272-B970568B4C96}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\ysf_win.exe
FirewallRules: [{DBE15709-5F3C-4A76-878D-DF3D3F56A36D}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config.exe
FirewallRules: [{6DC83696-66AF-4956-BB16-AED7989C7EC5}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys The Oath in Felghana\config.exe
FirewallRules: [{4447F0E0-E39F-4CE0-BFE1-747FD975F5DA}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{2C7D1198-4B9C-47CC-B877-F01ECA43F8A4}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\yso_win.exe
FirewallRules: [{A3329DD3-86B7-4F65-8744-26D099580254}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\config.exe
FirewallRules: [{9940354B-2B47-4AEC-847E-955DEC9B7888}] => (Allow) E:\SteamLibrary2\steamapps\common\Ys Origin\config.exe
FirewallRules: [{BABF78AF-9E37-4776-BBF0-08BF318770D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{8D5C75AA-762B-48EB-A69A-5383FF278A60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1B40711F-8E54-43BE-8386-1E24CF27751A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{1B871F9A-0AFE-48D2-BE7F-CC354FB4173C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{D5557D4A-985E-4707-9EFF-5E889C7E7038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{72BAA2E4-4783-4591-AD7F-CD70260094D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{F1DD4FB3-421B-4520-BA5B-483DA7FC0ABA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{106EED8C-F264-4D13-B520-A038210A4B11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{6051741A-151D-4900-9882-8B281293932E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{31AA8024-824C-4C2A-9AF3-02FB79A05403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{F350D118-01C5-4B40-8BE2-CA438A00D9C4}] => (Allow) F:\SteamLibrary\steamapps\common\Odallus\Launcher.exe
FirewallRules: [{24DB9ABD-28A9-42F0-BDB0-25683F309F5B}] => (Allow) F:\SteamLibrary\steamapps\common\Odallus\Launcher.exe
FirewallRules: [{7E4994ED-536D-4D8A-8C30-7DCE7875F365}] => (Allow) F:\SteamLibrary\steamapps\common\Pixel Heroes\Pixel Heroes - Byte and Magic.exe
FirewallRules: [{3ED01DD5-36FD-44D5-82FB-3668141F10BC}] => (Allow) F:\SteamLibrary\steamapps\common\Pixel Heroes\Pixel Heroes - Byte and Magic.exe
FirewallRules: [{5E826A2B-8DB4-4133-81DB-D183F50786AA}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{B5ED0E4A-7D0F-4D0A-B047-9D21E24A78DD}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{04F97A1B-4F59-4247-895C-F372E0311A2F}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{93DD27F2-E5B3-4526-A7F5-5A6305C73677}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A8D423C4-93A7-4FA3-A3A0-3D16EA91F4F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F953FE40-B51C-4E1D-8063-4BCE8A7A710C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{24C6C26C-FEEA-4FA6-A41D-743101DEA66F}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{F1A5F1D0-28CD-4EB8-B29B-C9EEF410666C}] => (Allow) F:\SteamLibrary\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{33395C6E-34A7-488C-9EDF-081412A1B480}] => (Allow) F:\SteamLibrary\steamapps\common\Genesis Rising\bin\GenesisRising.exe
FirewallRules: [{9BD0D9E4-0778-41DA-82C9-CA2D00241EC2}] => (Allow) F:\SteamLibrary\steamapps\common\Genesis Rising\bin\GenesisRising.exe
FirewallRules: [{26A8C2F7-D82E-4174-88D3-25665F245FFF}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{0CF942FF-E7CB-41C2-B057-A733001014AC}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{6F7D0BE0-90AB-4BF9-908C-314A26448B12}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{47FAE007-4CB4-4921-B732-703403304A27}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{62A7FA4E-8AE2-4490-AFF5-15A3028D8BFC}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{7436B826-2C66-4137-B70E-E60D8604CE5B}] => (Allow) E:\SteamLibrary2\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{552AB0A4-535E-4C21-836E-DB827D273243}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{82FD1C30-BD9F-4D41-A662-044F75FAE001}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{42B0794B-E644-485A-A646-F94C82C3F303}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{B0E358F3-AAE3-4DE1-BC49-91D8A3AF1515}] => (Allow) F:\SteamLibrary\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{8C4FEAA3-C4AF-4476-99DC-5BB79C9FD95F}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{495027BF-D666-4136-B757-1A758995A284}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{0A56DB13-FBD0-4EC8-B49A-5548E6C00030}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{923E3A89-9783-4875-ADA5-2184D62419DF}] => (Allow) F:\SteamLibrary\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{607161A2-D1B1-46C8-AB19-40385A3ED28E}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C2DCB0E2-3089-48A8-9034-E24E7F920EAF}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E3155911-FEEC-4288-A531-0E0959F2F089}] => (Allow) F:\SteamLibrary\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{34C88CFF-BD71-45E9-A197-0CD12687005B}] => (Allow) F:\SteamLibrary\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{04E3F7E3-03E5-4AB3-AEBA-1861694114F1}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{CDC5862C-5D6C-4845-940C-E42CD7E216D3}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{3C1DBEAC-85E1-439D-AD79-89375B236557}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
 

Broni

Malware Annihilator
FirewallRules: [{9FA25714-867E-4017-8613-70CD88A6AEA6}] => (Allow) F:\SteamLibrary\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{87EC86E5-43B6-4E89-960F-309A81EA3084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{5E87D560-BC5D-42A1-AE2C-C59D2D743479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{CFC78AFE-CB06-47A8-9170-3FFA345FB0EE}] => (Allow) E:\SteamLibrary2\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{B5097664-21AF-4B63-8561-DF943A411052}] => (Allow) E:\SteamLibrary2\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{F4E971AC-86A2-4687-8946-E1903E253AA2}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{B4502064-C7BB-4CDD-B392-3ED2D7A8D10F}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{C58E7052-2C99-459A-A161-A73C9926BB7E}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{69D1D94F-E862-4B7B-836E-69B4DB1C9FF3}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{FCC3E186-8A0C-405B-BF33-3A0B400DB5BE}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{42F52A82-3D71-4416-8461-FF41ED33AFA4}] => (Allow) E:\SteamLibrary2\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{053E1577-5059-4ECD-9904-A013CDAEA1FD}] => (Allow) E:\SteamLibrary2\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{03D85E89-1E7E-41C4-BF2B-36593B6D5EB1}] => (Allow) E:\SteamLibrary2\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{D5BAB270-9223-46C1-9F83-097D9FA669E0}] => (Allow) F:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{7FDDCB46-7ADC-4A3F-AB90-F4E8495952E6}] => (Allow) F:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{8F5554FB-DE86-4E48-967A-AD44BE5DB298}] => (Allow) F:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{BCF854AE-4CAE-4166-A91F-178A9929DDB8}] => (Allow) F:\SteamLibrary\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{41E70B18-2574-4ECA-BECF-1C003FD60FA6}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{D0F4110C-631E-410F-BAB5-B3C40212800B}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{CC27D10B-539C-4385-808B-5FE60D7159CB}] => (Allow) E:\SteamLibrary2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{F7449DD7-0CC0-4AF6-B1CB-EF9445000093}] => (Allow) E:\SteamLibrary2\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{AB3C0038-DD1E-4C4B-8487-69855BCCCD99}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\div.exe
FirewallRules: [{2DDC379E-2FAE-4E24-97FA-BDB7C3025134}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\div.exe
FirewallRules: [{4B3BEFEE-5979-45CC-8678-2CEA36B0D3C5}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{329B0852-27A3-411A-A397-F84250DCD57A}] => (Allow) F:\SteamLibrary\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{0493BDFC-3EFA-40C6-8DAE-A8B239CA3ED5}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\div.exe
FirewallRules: [{B4AB3F10-D611-4A36-8C4D-15D34A821257}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\div.exe
FirewallRules: [{38DF7DD3-78C9-40DC-904D-00643D508595}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\configtool.exe
FirewallRules: [{1E7CF80F-F521-45D7-AAF2-FC0A107FBD59}] => (Allow) F:\SteamLibrary\steamapps\common\beyond_divinity\configtool.exe
FirewallRules: [{14171DD5-84ED-4835-9845-2FACD454047F}] => (Allow) F:\SteamLibrary\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{3982DA93-24C4-4FCB-9BBD-5D224FAED6A1}] => (Allow) F:\SteamLibrary\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{9D210652-5E1B-4743-84D0-2779189CF1AE}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{6E769CFA-AE8B-47F5-9664-13DB0C6E9192}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{BC9C37C8-7D98-4FA2-9B87-D6F3BBE7F6FB}] => (Allow) F:\SteamLibrary\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{02A54BD4-C086-4EFA-B172-E4C3F654E443}] => (Allow) F:\SteamLibrary\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{5C5148BC-134E-4BEE-9C88-4D925CE54956}] => (Allow) F:\SteamLibrary\steamapps\common\Tkl Online\start.exe
FirewallRules: [{2E942973-C838-4B9F-A4C3-7A6C0F23F67C}] => (Allow) F:\SteamLibrary\steamapps\common\Tkl Online\start.exe
FirewallRules: [{680BC201-731A-4DEC-AEC4-388F2F58DDC2}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{7CB844BE-16D7-46CE-9B5C-54BA50A35CCF}] => (Allow) E:\SteamLibrary2\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{A2E28BD4-B67A-4B0B-913F-194F2D5A7C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{152688AC-F6F1-4298-BC33-8931AD325065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{C18FB50E-C011-4581-80A3-64EC28DF657C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{E29614AD-ECCF-4D8F-ABF5-5291349DA5AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{AB91390B-7EE4-4F6D-9052-1348D9374137}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [{03670C2C-8D51-4761-ADBB-3BC9F2338309}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER 2 Rage Burst\GE2RB.exe
FirewallRules: [TCP Query User{3E122BD9-6101-44FB-811E-3C3EF6E38FD1}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [UDP Query User{18D4EB6F-6965-4366-990C-9C73B86B5B4B}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [{E05D78D0-0234-4576-877C-F3357B639117}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{3675A73C-4A89-4070-96A7-1E252BE0BAF0}] => (Allow) F:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{331FA05D-197B-4191-A25E-2531CEE318FA}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [UDP Query User{A8E25823-FA6E-4CB0-8325-B4EEA0E125C8}C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayofinfamy\dayofinfamy_x64.exe
FirewallRules: [{4C18AB5F-F198-46D8-98A1-8C7BF0D7EF1C}] => (Allow) F:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{D160C2D0-C087-418F-91C5-E912383A9130}] => (Allow) F:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{7D31AEFB-EC9B-44E3-A663-FBBEBA5DCE7D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{9FF510D1-FCB8-4BF2-9864-02D9F04414CB}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{088163E2-0E3F-4AC1-AD8C-2872717DDD84}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{8262B617-F17B-4D99-99DA-D4C71F15857B}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{A8D61361-9A1D-4B26-9C1D-90CDF4A733C9}] => (Allow) E:\SteamLibrary2\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{EABF8CE2-31A1-4F76-BBA7-28F345796F3D}] => (Allow) E:\SteamLibrary2\steamapps\common\Assassins Creed\AssassinsCreed_Game.exe
FirewallRules: [{47FA0A65-75FC-47B7-A094-4A027EC06CF0}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{7EAF6AC0-D94D-4D16-8CBF-12CC9CD7A615}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [TCP Query User{C449A80C-784D-4303-B687-2A6124B1C249}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [UDP Query User{A2A8A22C-E1ED-4CDB-9F10-A822D162B84D}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe
FirewallRules: [TCP Query User{510CB4AE-487A-43D6-8F06-430D89A2AE01}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{F5E87C9D-B38E-4CC7-BFB5-343DDDDFF1B7}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [TCP Query User{89EE4A8B-03A2-4640-A0B5-E2DDE4297575}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{543E5481-B3FA-4A05-B80B-59B31574AE27}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{10D4191E-9D82-4FEC-BE9D-C5059CB969A8}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{FA627076-1865-4210-843F-FE4363A63290}E:\starcraft\starcraft.exe] => (Allow) E:\starcraft\starcraft.exe
FirewallRules: [{E0BF1B9D-F623-4617-BFD9-B24FDD1E85E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northmark HOTW\northmark.exe
FirewallRules: [{AEE1CA17-0EAE-4316-803A-F474D76992D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northmark HOTW\northmark.exe
FirewallRules: [{11A93B47-DD0C-47ED-A632-392C5A8B7222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{74984A49-BC65-43CE-BB33-41CA9C33C2DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{E844DE08-1F34-4C0D-8647-80C66A67CF98}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B18B2DF2-3E9A-4D86-B30A-B7C47633B344}] => (Allow) F:\SteamLibrary\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{58C14573-C1D1-47C0-B817-552DD990238F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{1D14ABCE-C5AC-4936-BD31-25A64106FD80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{F23D6B7F-8268-4E15-9565-658658B4872E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{B5CC4ACD-569D-4CD3-B70A-4FD7DC32EB4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{AC232A18-062F-41BA-B54C-BCA22A75353B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{4AF4C74D-E060-48CE-971F-B241053439A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{D4763308-B367-4BD8-B4AE-4558BD0A1A80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{AF52C647-93AD-4C9A-B3FF-516E264033FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{41C41496-0F19-46DB-867A-5A1670033B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{E06B6143-9FCB-436D-8876-10506BC15B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{95AC8E0C-2CD4-4FC8-9701-5EAA95CD4DF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{5D0B1ACB-DCC8-4F2E-9074-75E630FBBA28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{A0493BC5-6C96-49AC-881E-2FE5C3413D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dayofinfamy\dayofinfamy_BE.exe
FirewallRules: [{CD4A73C2-960C-4D76-84FF-858B054A5F3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dayofinfamy\dayofinfamy_BE.exe
FirewallRules: [{BA11FBB3-511C-4CBD-AC36-3FC036FC7C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{80374704-79D7-40CF-9CD7-975B18D522D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D5F1B5D0-65D6-4EEE-8AA0-8AE8C17F5183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe
FirewallRules: [{8CD9D0DE-DD92-4167-82DB-2F498A9B2E3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe
FirewallRules: [{812341F2-7BCE-4C89-B420-18A461DC521F}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER RESURRECTION\GER.exe
FirewallRules: [{D2191C2C-520A-4E36-A6ED-FCBDFA23A39F}] => (Allow) E:\SteamLibrary2\steamapps\common\GOD EATER RESURRECTION\GER.exe
FirewallRules: [{7707B502-C295-4804-8D94-303A2373BF86}] => (Allow) F:\SteamLibrary\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{F7B2F4A1-E50C-431E-9A9A-70D4FC876034}] => (Allow) F:\SteamLibrary\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{DC22A536-0AD3-4B8F-885F-712778E1EC48}] => (Allow) F:\SteamLibrary\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{0A360DDD-EE82-4342-AFB4-0C1110B1086A}] => (Allow) F:\SteamLibrary\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{3A949ED5-F463-40C2-9F64-C24FFA68CDFD}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{F72C4131-C0AF-48A4-B588-80E9E009A5CB}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{33D74E5D-4E19-4378-811A-DC916D2181C3}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{CA69AD5E-58B4-4DB2-B8A0-A0794B868AFF}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{2A0F52CF-A665-4198-8CC9-F72CA35DECD9}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{7ED4F241-E5B4-455A-9469-D535279AB200}] => (Allow) F:\SteamLibrary\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{E7B9FBA6-B4EE-47E6-8FF3-38111F177FE5}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{46046ADE-70A3-427E-A527-2CC462B325D3}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\DQH.exe
FirewallRules: [{2655D42F-070D-4823-9A9D-33B9DBCFD652}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [{46C42C70-9E25-4F83-BF3B-2C3B247DC7EB}] => (Allow) E:\SteamLibrary2\steamapps\common\Dragon Quest Heroes\Config.exe
FirewallRules: [TCP Query User{5D9C6E48-40D0-4571-B970-A1F02FCCC194}E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{804C7882-0C0E-4BD1-BFE1-9B047D1DFD8B}E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary2\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{7E0E1D6E-FD51-48BD-8390-3CC7F630E455}F:\starcraft\starcraft.exe] => (Allow) F:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{F934F446-65AC-4226-ABFC-5DDDF7C47590}F:\starcraft\starcraft.exe] => (Allow) F:\starcraft\starcraft.exe
FirewallRules: [{0A0302C7-7158-4C34-BDEF-B810494172D0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B5224403-8676-4E22-BF46-6DD340D0A2EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B85E5B65-792B-4798-AF31-C1F3442D71AE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{05074617-1DF6-415F-AB18-8C347FABD73E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{6C19B838-CBAD-452D-8D8C-49CA3EEB646D}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [UDP Query User{C6B8B12A-6950-4B9E-AE48-EE2690A63F34}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [{6F6E6822-0C41-48D8-A9CF-CD030F821976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{16EF3ADC-6C85-4CD8-A7E4-6CE840F1A4F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D0AF8E68-41A2-4F73-9AD5-6533D2E6A993}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{692C0A85-9E8B-4182-98A1-AC7167B8B9B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{EA957D64-DC1A-46AF-8533-56BDCB995A9B}] => (Allow) E:\SteamLibrary2\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F7E819F2-BFEB-4651-9CB1-093566DE4A59}] => (Allow) E:\SteamLibrary2\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{918BA74D-FDBE-4598-AB21-56A2EA2B05D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F3B3C34-A2CF-45FE-98D4-B02916F37C5D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E79AE2D0-C18C-4AAC-B0A9-95B4EE74E8D8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D9500DAF-1AC0-40C5-B439-D449E24EE4E5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{84BACC4A-85B5-4F4D-B71C-0941B12609D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0E54C54C-6656-427B-8129-60DE13B20DDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{206EB28A-F8CF-4AE5-92F7-723AECC80AF7}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [{495DAFBF-F8AC-484A-ACB4-443D8F3A1979}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [TCP Query User{D910E2E8-A705-4F4A-BB29-A6707E338BB5}C:\starcraft\starcraft.exe] => (Allow) C:\starcraft\starcraft.exe
FirewallRules: [UDP Query User{3D6A14F1-EF02-4D39-9FD3-86C0400468E6}C:\starcraft\starcraft.exe] => (Allow) C:\starcraft\starcraft.exe

==================== Restore Points =========================

05-11-2018 13:01:06 Removed CpuCoreParking

==================== Faulty Device Manager Devices =============

Name: UL40
Description: UL40
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: UL40
Description: UL40
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: UL40
Description: UL40
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WinRing0_1_2_0
Description: WinRing0_1_2_0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WinRing0_1_2_0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VBox Support Driver
Description: VBox Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: YSDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2018 05:18:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 07:53:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 12:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 11:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcsx2.exe, version: 0.0.0.0, time stamp: 0x568bfd0e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x30000084
Faulting process id: 0xd4c
Faulting application start time: 0x01d475221fa5acb7
Faulting application path: C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe
Faulting module path: unknown
Report Id: 95451fe3-e116-11e8-bbef-a632e4350b19

Error: (11/05/2018 07:54:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/04/2018 06:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/03/2018 02:59:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/31/2018 07:54:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/06/2018 05:17:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (11/06/2018 05:17:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/06/2018 05:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2018-02-24 03:03:40.620
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:40.575
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:24.260
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:24.212
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:23.133
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:23.084
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:21.515
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-24 03:03:21.468
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ScpVBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-4350 Quad-Core Processor
Percentage of memory in use: 16%
Total physical RAM: 11237.89 MB
Available physical RAM: 9356.15 MB
Total Virtual: 22473.94 MB
Available Virtual: 20393.67 MB

==================== Drives ================================

Drive c: (OPERATING SSD ) (Fixed) (Total:223.34 GB) (Free:30.02 GB) NTFS
Drive e: (INTERNAL 2.5) (Fixed) (Total:297.87 GB) (Free:70.76 GB) NTFS
Drive f: (INTERNAL 3.5) (Fixed) (Total:232.72 GB) (Free:59.17 GB) NTFS

\\?\Volume{48257164-6090-4e2e-a6ec-c5b1fcb4b4c3}\ (New Volume) (Fixed) (Total:0.11 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5A8F2260)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 0A28444F)

Partition: GPT.

========================================================
Disk: 2 (Size: 232.8 GB) (Disk ID: 6BB5AA5A)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

eric m

TS Rookie
In the interest of saving time I attached it again. it wouldnt let me post due to inappropriate text or spam.. what ever that means lol.
 

Attachments

Broni

Malware Annihilator
Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Eric (06-11-2018 11:45:24) Run:1
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric (Available Profiles: Eric)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\...\MountPoints2: {4727379c-182c-11e8-881c-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\setup.exe
GroupPolicy: Restriction ? <==== ATTENTION
R3 ALSysIO; \??\C:\Users\Eric\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 csravrcp; system32\DRIVERS\csravrcp.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrduncmdm; system32\DRIVERS\csrdunc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 csr_bthav; system32\drivers\csrbthav.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S2 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]
2018-11-05 12:51 - 2018-11-05 12:51 - 000009333 _____ () C:\Users\Eric\AppData\Local\recently-used.xbel
2018-06-15 09:54 - 2018-09-10 09:35 - 000007609 _____ () C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Eric\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKU\S-1-5-21-32538046-3854998793-3802812278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4727379c-182c-11e8-881c-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{4727379c-182c-11e8-881c-806e6f6e6963} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
ALSysIO => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\csravrcp => removed successfully
csravrcp => service removed successfully
HKLM\System\CurrentControlSet\Services\CsrBtPort => removed successfully
CsrBtPort => service removed successfully
HKLM\System\CurrentControlSet\Services\csrduncmdm => removed successfully
csrduncmdm => service removed successfully
HKLM\System\CurrentControlSet\Services\csrpan => removed successfully
csrpan => service removed successfully
HKLM\System\CurrentControlSet\Services\csrserial => removed successfully
csrserial => service removed successfully
HKLM\System\CurrentControlSet\Services\csrusb => removed successfully
csrusb => service removed successfully
HKLM\System\CurrentControlSet\Services\csr_bthav => removed successfully
csr_bthav => service removed successfully
HKLM\System\CurrentControlSet\Services\NPF => removed successfully
NPF => service removed successfully
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\YSDrv => removed successfully
YSDrv => service removed successfully
C:\Users\Eric\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Eric\AppData\Local\Resmon.ResmonCfg => moved successfully

========================= bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\[CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\[CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found


The system needed a reboot.

==== End of Fixlog 11:45:38 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

eric m

TS Rookie
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````






Farbar Service Scanner Version: 27-01-2016
Ran by Eric (administrator) on 06-11-2018 at 12:29:35
Running from "C:\Users\Eric\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Malware Annihilator
Your computer is clean


1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

eric m

TS Rookie
Thanks for your help :) what was the type of infection? I think the original trojan was a false positive but I wasnt sure. and the one sophos found I dont have any idea how it could have gotten on my pc
 

Broni

Malware Annihilator
I didn't really see much there.
We cleared mostly some garbage.

Good luck and stay safe :)