Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Net popups, Random Audio Playing, Unwanted Exes...


  • This topic is locked This topic is locked
13 replies to this topic

#1 StSebastien

StSebastien

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 01 June 2018 - 08:05 PM

Ok it appears I have picked up a nasty of a few nasties. I am having random audio playing (a bunch of people saying G'day mate over and over), random internet windows opening with just a strange code of numbers and letter at the top, unwanted programs starting up on my PC. I've tried Malwarebytes and superantispyware that both found stuff but the problem persists.Rkill stops a couple of exes but they start straight back up again. Two of the exes are rand.exe and papa.exe which keep coming back each time Rkill stops them.

My PC is basically unusable currently.

Thanks in advance for any help given.

Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by DiMiTrius (administrator) on DIMITRIUS-PC (02-06-2018 01:51:31)
Running from C:\Users\DiMiTrius\Desktop
Loaded Profiles: DiMiTrius (Available Profiles: DiMiTrius)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Scripted\rosco.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files (x86)\hansford\Papa.exe
() C:\Program Files (x86)\Nickle\Rand.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\hansford\Papa.exe
() C:\Program Files (x86)\Nickle\Rand.exe
() C:\Program Files (x86)\hansford\Papa.exe
() C:\Program Files (x86)\Nickle\Rand.exe
() C:\Program Files (x86)\talon\sintered.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\hansford\Papa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\hansford\Papa.exe
() C:\Program Files (x86)\Nickle\Rand.exe
() C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\hansford\Papa.exe
() C:\Program Files (x86)\Nickle\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Nickle\Papa.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Program Files (x86)\Manicurist\Rand.exe
() C:\Users\DiMiTrius\AppData\Local\Papa.exe
() C:\Users\DiMiTrius\AppData\Local\Rand.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM\...\Run: [AVGUI.exe] => "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
HKLM\...\Run: [Spirits] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM\...\Run: [Todd] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKLM\...\Run: [Lacks] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [Unrated] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Multitask] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Cute] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [DUP] => "C:\Program Files (x86)\DriverUpdaterPro\DriverUpdaterPro.exe" /ot /as /ss
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-05-19] (Valve Corporation)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Ooze] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Paymer] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Erotically] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Endearment] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Unpredictability] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Haberdashery] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [sintered] => C:\Program Files (x86)\talon\sintered.exe [51986 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [publicans] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\MountPoints2: {b6704561-7e46-11e6-8175-3085a9453ace} - D:\Startme.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\MountPoints2: {bf7e3697-0a17-11e6-bf90-3085a9453ace} - I:\AutoRun.exe
IFEO\CE i386.exe: [Debugger] Enable
IFEO\ce-x64.exe: [Debugger] Enable
IFEO\Cheat Engine.exe: [Debugger] Enable
IFEO\cheatengine-i386.exe: [Debugger] Enable
IFEO\cheatengine-x86_64.exe: [Debugger] Enable
Startup: C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oklahoma.lnk [2018-06-01]
ShortcutTarget: oklahoma.lnk -> C:\Program Files (x86)\Manicurist\Rand.exe ()
Startup: C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oklahomaoklahoma.lnk [2018-06-01]
ShortcutTarget: oklahomaoklahoma.lnk -> C:\Program Files (x86)\hansford\Papa.exe ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0456DC07-2FAA-4D3E-B020-A160B66154D3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD2E7FBA-34D5-4819-A41E-754431D0525D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={27D80DBF-9CFA-496E-A41D-289720DC7223}&mid=987bcdfc3e9347cc9262e1ccefa1d33d-727bf793f16490c05b83738a91acdf2ba220d452&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117avz&pr=fr&d=2017-01-22 05:37:26&v=4.3.6.255&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2467884633-685454356-10440173-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={27D80DBF-9CFA-496E-A41D-289720DC7223}&mid=987bcdfc3e9347cc9262e1ccefa1d33d-727bf793f16490c05b83738a91acdf2ba220d452&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117avz&pr=fr&d=2017-01-22 05:37:26&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-24] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-24] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 0eck2bys.default-1527173798741
FF ProfilePath: C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741 [2018-06-02]
FF Extension: (Google NoTrack) - C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741\Extensions\googlenotrack@dirtylittlehelpers.com.xpi [2018-06-01]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741\features\{e259790f-830c-49fb-8c11-f330e7d8c5f7}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-31] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-25] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2018-06-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-06-01]

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default [2018-06-02]
CHR Extension: (Google Slides) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Docs) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Drive) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (AVG Secure Search) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-01-24]
CHR Extension: (Tampermonkey) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-08-16]
CHR Extension: (Google Sheets) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-16]
CHR Extension: (Gmail) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-16]
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 6fc72d5de0b459231172b5d2d0bb97c2; C:\Program Files\6fc72d5de0b459231172b5d2d0bb97c2\b1dc9f219781f5bae11953e01e5c53ec.exe [776080 2018-06-01] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
R2 KingoSoftService; C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [377832 2017-08-20] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-01-24] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-01-24] (Electronic Arts)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4376256 2018-05-25] (TotalAV)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-14] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-15] (Microsoft Corporation)
S2 AVG Antivirus; "C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe" [X]
S3 avgbIDSAgent; "C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 3dae7cd23a213ecd0de733cce542c09a; C:\Windows\System32\drivers\3dae7cd23a213ecd0de733cce542c09a.sys [211632 2018-06-01] ()
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-13] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-13] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-13] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-13] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-13] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-13] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-13] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-13] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-13] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-13] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-13] (AVG Technologies CZ, s.r.o.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
R3 Larmkanal; C:\Windows\System32\DRIVERS\Larmkanal.sys [33112 2015-09-02] (Adoriasoft LLC)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2017-02-22] (hxxp://libusb-win32.sourceforge.net)
R3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-08-10] (hxxp://libusb-win32.sourceforge.net)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23968 2015-11-24] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-05-23] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2016-04-26] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-12-13] ()
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
U3 a2gz16x8; C:\Windows\System32\Drivers\a2gz16x8.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 01:55 - 2018-06-02 01:55 - 000000000 _____ C:\akio5dbc4cpzxp5
2018-06-02 01:41 - 2018-06-02 01:57 - 000025646 _____ C:\Users\DiMiTrius\Desktop\FRST.txt
2018-06-02 01:41 - 2018-06-02 01:41 - 000000000 ____D C:\FRST
2018-06-02 01:40 - 2018-06-02 01:40 - 002413056 _____ (Farbar) C:\Users\DiMiTrius\Desktop\FRST64.exe
2018-06-02 01:08 - 2018-06-02 01:08 - 000000000 ____D C:\Users\DiMiTrius\Documents\TotalAV
2018-06-02 01:08 - 2018-06-02 01:08 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-06-02 01:05 - 2018-06-02 01:05 - 000000972 _____ C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2018-06-02 01:05 - 2018-06-02 01:05 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\TotalAV
2018-06-02 01:04 - 2018-06-02 01:21 - 000000000 ____D C:\Program Files (x86)\TotalAV
2018-06-02 01:04 - 2018-06-02 01:04 - 011609024 _____ (SurfRight B.V.) C:\Users\DiMiTrius\Downloads\hitmanpro_x64.exe
2018-06-02 01:04 - 2018-06-02 01:04 - 000000947 _____ C:\Users\DiMiTrius\Desktop\TotalAV.lnk
2018-06-02 01:03 - 2018-06-02 01:03 - 011152808 _____ C:\Users\DiMiTrius\Downloads\TotalAV_Setup.exe
2018-06-02 00:57 - 2018-06-02 00:57 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-06-02 00:56 - 2018-06-02 01:27 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2018-06-02 00:56 - 2018-06-02 00:56 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\SystemHealer
2018-06-02 00:37 - 2018-06-02 00:37 - 000001065 _____ C:\Users\DiMiTrius\Desktop\MALWAREBYTES LOG.txt
2018-06-02 00:33 - 2018-06-02 00:33 - 000000000 ____D C:\Program Files\6fc72d5de0b459231172b5d2d0bb97c2
2018-06-02 00:10 - 2018-06-02 00:17 - 000222984 _____ C:\TDSSKiller.3.1.0.17_02.06.2018_00.10.22_log.txt
2018-06-02 00:10 - 2018-06-02 00:10 - 000006452 _____ C:\TDSSKiller.3.1.0.17_02.06.2018_00.10.00_log.txt
2018-06-02 00:08 - 2018-06-02 00:09 - 004949824 _____ (AO Kaspersky Lab) C:\Users\DiMiTrius\Downloads\tdsskiller.exe
2018-06-02 00:00 - 2018-06-02 00:00 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-02 00:00 - 2018-06-02 00:00 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-02 00:00 - 2018-06-02 00:00 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-02 00:00 - 2018-06-02 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-02 00:00 - 2018-06-02 00:00 - 000000000 ____D C:\Program Files\CCleaner
2018-06-01 23:58 - 2018-06-01 23:58 - 015838840 _____ (Piriform Ltd) C:\Users\DiMiTrius\Downloads\ccsetup543.exe
2018-06-01 23:42 - 2018-06-02 01:51 - 000002056 _____ C:\Users\DiMiTrius\Desktop\Rkill.txt
2018-06-01 23:41 - 2018-06-01 23:41 - 000003734 _____ C:\Windows\System32\Tasks\teams
2018-06-01 23:41 - 2018-06-01 23:41 - 000003726 _____ C:\Windows\System32\Tasks\fluorouracil
2018-06-01 23:41 - 2018-06-01 23:41 - 000003724 _____ C:\Windows\System32\Tasks\magruder dinkins wynn
2018-06-01 23:41 - 2018-06-01 23:41 - 000003716 _____ C:\Windows\System32\Tasks\grittiness_norelco
2018-06-01 23:41 - 2018-06-01 23:41 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\AdvinstAnalytics
2018-06-01 23:40 - 2018-06-02 00:35 - 000000000 ____D C:\Program Files (x86)\santayana
2018-06-01 23:40 - 2018-06-01 23:41 - 000003724 _____ C:\Windows\System32\Tasks\mifflin
2018-06-01 23:40 - 2018-06-01 23:40 - 000003724 _____ C:\Windows\System32\Tasks\uncouth_exhumed
2018-06-01 23:40 - 2018-06-01 23:40 - 000003720 _____ C:\Windows\System32\Tasks\olfactory-collages
2018-06-01 23:40 - 2018-06-01 23:40 - 000003716 _____ C:\Windows\System32\Tasks\bloodline uplifted
2018-06-01 23:40 - 2018-06-01 23:40 - 000003586 _____ C:\Windows\System32\Tasks\teamsteams
2018-06-01 23:40 - 2018-06-01 23:40 - 000003578 _____ C:\Windows\System32\Tasks\fluorouracilfluorouracil
2018-06-01 23:40 - 2018-06-01 23:40 - 000003576 _____ C:\Windows\System32\Tasks\uncouth_exhumeduncouth_exhumed
2018-06-01 23:40 - 2018-06-01 23:40 - 000003576 _____ C:\Windows\System32\Tasks\mifflinmifflin
2018-06-01 23:40 - 2018-06-01 23:40 - 000003574 _____ C:\Windows\System32\Tasks\olfactory-collagesolfactory-collages
2018-06-01 23:40 - 2018-06-01 23:40 - 000003574 _____ C:\Windows\System32\Tasks\magruder dinkins wynnmagruder dinkins wynn
2018-06-01 23:40 - 2018-06-01 23:40 - 000003570 _____ C:\Windows\System32\Tasks\grittiness_norelcogrittiness_norelco
2018-06-01 23:40 - 2018-06-01 23:40 - 000003570 _____ C:\Windows\System32\Tasks\bloodline upliftedbloodline uplifted
2018-06-01 23:40 - 2018-06-01 23:40 - 000000012 _____ C:\Windows\b23544935
2018-06-01 23:40 - 2018-06-01 23:40 - 000000000 ___HD C:\Program Files (x86)\talon
2018-06-01 23:40 - 2018-06-01 23:40 - 000000000 ___HD C:\Program Files (x86)\Nickle
2018-06-01 23:40 - 2018-06-01 23:40 - 000000000 ____D C:\Program Files (x86)\Scripted
2018-06-01 23:40 - 2018-06-01 23:40 - 000000000 ____D C:\Program Files (x86)\Manicurist
2018-06-01 23:40 - 2018-06-01 23:40 - 000000000 ____D C:\Program Files (x86)\hansford
2018-06-01 23:32 - 2018-06-02 00:36 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-06-01 23:30 - 2018-06-01 23:30 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Package Cache
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Windows\pneumococcus.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 15:53 - 2018-06-01 15:53 - 000211632 _____ C:\Windows\system32\Drivers\3dae7cd23a213ecd0de733cce542c09a.sys
2018-06-01 15:53 - 2018-06-01 15:53 - 000037098 _____ C:\Windows\uninstaller.dat
2018-05-30 17:53 - 2018-05-30 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remothered Tormented Fathers HD
2018-05-30 13:06 - 2018-05-30 13:06 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Agony
2018-05-30 10:53 - 2018-05-30 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agony
2018-05-29 14:55 - 2018-05-29 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom Come Deliverance
2018-05-29 11:05 - 2018-05-29 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devil May Cry HD Collection
2018-05-29 03:38 - 2018-05-29 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2018-05-29 03:23 - 2018-05-29 03:23 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2018-05-28 22:41 - 2018-05-28 22:41 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\NVIDIA
2018-05-28 22:41 - 2018-05-28 22:41 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\fs-uae
2018-05-28 15:32 - 2018-05-28 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outcast - Second Contact
2018-05-28 13:22 - 2018-05-28 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-28 13:21 - 2018-05-22 21:09 - 000132392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-28 13:21 - 2018-05-14 17:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-28 13:20 - 2018-05-28 13:20 - 000000000 ____D C:\Windows\system32\unknown
2018-05-28 13:20 - 2018-05-28 13:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-28 13:17 - 2018-05-23 19:24 - 040089632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-28 13:17 - 2018-05-23 19:24 - 032359864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 016997632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-28 13:17 - 2018-05-23 19:23 - 003964960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 003496992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001562016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001467800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001418840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001092000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 000626776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 000517536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 031276288 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 025990096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 017782384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 015192624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000904904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000420000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000164944 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-28 13:17 - 2018-05-22 22:52 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-28 13:17 - 2018-05-22 22:52 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-28 13:17 - 2018-05-22 22:52 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-28 13:17 - 2018-05-22 22:52 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-28 07:13 - 2018-05-28 07:13 - 000076402 _____ C:\Windows\SysWOW64\dxdiag.xml
2018-05-28 02:48 - 2018-05-28 02:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein II The New Colossus
2018-05-28 02:43 - 2018-05-28 02:52 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\FreeReign
2018-05-28 02:43 - 2018-05-28 02:43 - 000000000 ____D C:\Users\DiMiTrius\Documents\FreeReign
2018-05-28 02:43 - 2018-05-28 02:43 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CrashRpt
2018-05-27 22:19 - 2018-05-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-05-27 22:00 - 2018-05-27 22:00 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\Deceptive Games Ltd_
2018-05-27 21:43 - 2018-05-27 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Descent
2018-05-27 17:45 - 2018-05-27 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall 2
2018-05-27 10:51 - 2018-05-28 13:21 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-27 10:51 - 2018-05-27 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan SDK 1.1.73.0
2018-05-27 10:46 - 2018-05-27 10:46 - 000000000 ____D C:\VulkanSDK
2018-05-26 17:22 - 2018-05-26 17:22 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\com.stateofplaygames.LuminoCity
2018-05-26 17:22 - 2018-05-26 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Play Games
2018-05-26 17:20 - 2018-05-26 17:20 - 000000000 ____D C:\Program Files (x86)\State of Play Games
2018-05-26 10:53 - 2018-05-26 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5
2018-05-26 10:04 - 2018-06-01 23:55 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-26 10:04 - 2018-05-27 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-26 10:04 - 2018-05-26 10:04 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\SUPERAntiSpyware.com
2018-05-26 10:04 - 2018-05-26 10:04 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-26 09:47 - 2018-06-02 00:23 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\BitTorrent
2018-05-25 15:41 - 2018-05-25 15:41 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-25 12:23 - 2018-05-25 12:24 - 000000000 ____D C:\Users\DiMiTrius\Documents\Assassin's Creed Origins
2018-05-25 11:47 - 2018-05-25 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Origins
2018-05-25 10:27 - 2018-05-25 11:48 - 000000000 ____D C:\Program Files (x86)\Assassin's Creed Origins
2018-05-25 00:03 - 2018-05-25 00:03 - 000000000 ____D C:\Games
2018-05-24 19:58 - 2018-06-02 00:43 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-24 19:58 - 2018-05-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-24 18:24 - 2018-06-01 08:56 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-05-24 16:00 - 2018-05-27 13:43 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 01:23 - 2016-11-16 17:57 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\Mozilla
2018-06-02 01:15 - 2016-06-21 20:12 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\MPC-HC
2018-06-02 00:51 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-02 00:51 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-02 00:42 - 2017-07-23 18:32 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 00:41 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-02 00:39 - 2016-08-20 13:40 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-02 00:39 - 2016-08-20 13:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-02 00:39 - 2016-04-23 19:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-02 00:39 - 2016-04-23 19:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-02 00:39 - 2016-04-22 15:03 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\BitTorrent
2018-06-02 00:35 - 2017-08-22 17:37 - 000000000 ____D C:\Program Files\Darkwood
2018-06-02 00:16 - 2016-08-09 15:12 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-06-02 00:03 - 2016-06-04 13:45 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\FileZilla
2018-06-02 00:02 - 2016-11-25 20:53 - 000000000 ____D C:\Windows\Minidump
2018-06-02 00:02 - 2016-06-10 14:08 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CrashDumps
2018-06-02 00:02 - 2014-02-22 10:19 - 000000000 ____D C:\Windows\Panther
2018-06-02 00:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\ModemLogs
2018-06-02 00:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-06-01 23:43 - 2016-08-18 01:34 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-01 23:40 - 2017-02-17 17:09 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-01 23:40 - 2016-11-16 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-01 10:59 - 2016-12-12 18:54 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\vlc
2018-06-01 10:59 - 2014-02-22 02:26 - 000000000 ____D C:\Users\DiMiTrius
2018-06-01 10:52 - 2016-04-22 18:16 - 000000000 ____D C:\Users\DiMiTrius\Desktop\PICS FROM BINKS CAM
2018-06-01 10:49 - 2016-04-22 18:15 - 000000000 ____D C:\Users\DiMiTrius\Desktop\PICS and VIDS FROM PHONE
2018-05-31 13:46 - 2016-04-22 19:10 - 000000000 ____D C:\Users\DiMiTrius\Documents\My Games
2018-05-31 00:08 - 2016-04-22 20:47 - 000000000 ____D C:\Users\DiMiTrius\Desktop\GAMES
2018-05-30 18:38 - 2016-04-22 19:13 - 000042721 _____ C:\Users\DiMiTrius\Documents\ax_files.xml
2018-05-30 13:06 - 2016-04-25 12:17 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\UnrealEngine
2018-05-30 13:00 - 2016-12-01 21:26 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Ubisoft Game Launcher
2018-05-29 13:37 - 2016-08-20 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-28 23:31 - 2016-06-28 15:13 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Kodi
2018-05-28 20:46 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-28 13:22 - 2017-07-23 18:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-28 13:22 - 2017-07-23 18:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-28 13:21 - 2017-07-23 19:12 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\NVIDIA
2018-05-28 13:21 - 2016-04-24 13:38 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-27 22:19 - 2016-06-28 15:10 - 000000000 ____D C:\Program Files (x86)\Kodi
2018-05-27 21:25 - 2016-05-11 12:25 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CAPCOM
2018-05-27 16:21 - 2016-05-16 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-05-27 16:21 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-27 12:40 - 2016-07-07 13:05 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-27 11:41 - 2014-02-22 03:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 10:29 - 2016-04-22 15:04 - 000000817 _____ C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-05-24 22:04 - 2017-02-02 14:00 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-24 22:03 - 2017-02-02 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-24 22:01 - 2017-02-02 14:01 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-24 18:32 - 2017-01-21 14:14 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Skype
2018-05-24 18:32 - 2017-01-21 14:14 - 000000000 ____D C:\ProgramData\Skype
2018-05-24 16:00 - 2014-02-22 03:19 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Mozilla
2018-05-24 14:38 - 2016-08-18 01:32 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 14:38 - 2016-08-18 01:32 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 14:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\security
2018-05-23 19:23 - 2017-07-23 18:30 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 004613408 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 004081624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 000505736 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-22 22:52 - 2017-07-23 18:32 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-22 22:52 - 2017-07-23 18:30 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-22 22:52 - 2017-07-23 18:30 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-22 20:58 - 2017-07-23 18:32 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-22 07:43 - 2017-07-23 18:32 - 008186102 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2016-06-23 09:57 - 2016-06-23 09:57 - 000128512 _____ () C:\Users\DiMiTrius\AppData\Roaming\Installer.dat
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
2017-04-14 13:47 - 2017-04-14 13:47 - 000000552 _____ () C:\Users\DiMiTrius\AppData\Local\TroubleshooterConfig.json

Some files in TEMP:
====================
2018-06-01 23:29 - 2018-06-01 23:29 - 000016384 _____ (RodeobeX) C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 001793368 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 002653184 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe
2018-06-01 14:51 - 2018-06-01 14:51 - 009596780 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll
2018-06-01 23:29 - 2018-06-01 23:29 - 003415488 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ntUsrrI_1_0.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 08:27

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by DiMiTrius (02-06-2018 01:58:38)
Running from C:\Users\DiMiTrius\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-02-22 01:26:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2467884633-685454356-10440173-500 - Administrator - Disabled)
DiMiTrius (S-1-5-21-2467884633-685454356-10440173-1000 - Administrator - Enabled) => C:\Users\DiMiTrius
Guest (S-1-5-21-2467884633-685454356-10440173-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Ad-aware 6 Professional (HKLM-x32\...\Ad-aware 6 Professional) (Version: 6.0.1.158 - Lavasoft Sweden)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Agony (HKLM-x32\...\Agony_is1) (Version:  - )
Àíàáèîç. Ñîí ðàçóìà (HKLM-x32\...\{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1) (Version: 1.0.2.608 - Ôèðìà 1C)
Alan Wake American Nightmare (HKLM-x32\...\GOGPACKALANWAKEAMERICANNIGHTMARE_is1) (Version: 2.1.0.24 - GOG.com)
Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version:  - )
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Armikrog (HKLM-x32\...\1433157800_is1) (Version: 2.0.0.1 - GOG.com)
Asemblance (HKLM-x32\...\Asemblance_is1) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed Origins (HKLM-x32\...\{DAC281DD-7006-49D4-905B-E8BDA474A230}_is1) (Version:  - Ubisoft)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3021 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
BitTorrent (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty - WWII version 1.41 (HKLM-x32\...\Call of Duty - WWII_is1) (Version: 1.41 - )
Carmageddon (HKLM-x32\...\GOGPACKCARMAGEDDON_is1) (Version: 2.0.0.63 - GOG.com)
Carmageddon 2 Carpocalypse Now (HKLM-x32\...\GOGPACKCARMAGEDDON2_is1) (Version: 2.0.0.26 - GOG.com)
Carmageddon Max Damage (HKLM-x32\...\Carmageddon Max Damage_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Cryostasis Sleep of Reason (HKLM-x32\...\Cryostasis Sleep of Reason_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Darkwood (HKLM\...\ZGFya3dvb2Q_is1) (Version: 1 - )
Deadlight Directors Cut (HKLM-x32\...\Deadlight Directors Cut_is1) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.11 - NCH Software)
Devil May Cry HD Collection (HKLM-x32\...\Devil May Cry HD Collection_is1) (Version:  - )
De-Void (HKLM-x32\...\De-Void_is1) (Version:  - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Drizzlepath: Glass (HKLM\...\ZHJpenpsZXBhdGhnbGFzcw_is1) (Version: 1 - )
Duke Nukem 3D Twentieth Anniversary World Tour (HKLM-x32\...\Duke Nukem 3D Twentieth Anniversary World Tour_is1) (Version:  - )
Dying Light (HKLM-x32\...\1448452156_is1) (Version: 2.0.0.8 - GOG.com)
Dying Light: The Following - Enhanced Edition Reinforcements (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EVERSPACE (HKLM-x32\...\1513949567_is1) (Version: 2.0.0.2 - GOG.com)
FaceRig virtual audio driver version 1.0 (HKLM-x32\...\{D605CD1D-D626-4740-B657-86DC30723FCF}_is1) (Version: 1.0 - Adoriasoft LLC)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Far Cry 5 (HKLM-x32\...\{73B938C4-0DDA-448D-8E46-87401EA87339}_is1) (Version:  - Ubisoft)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
FlatOut (HKLM-x32\...\1207658693_is1) (Version: 2.1.0.7 - GOG.com)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
FonePaw Android Data Recovery 1.8.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.8.0 - FonePaw)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Fossil Echo (HKLM-x32\...\1230646427_is1) (Version: 2.0.0.1 - GOG.com)
Gears of War (HKLM-x32\...\{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Gears of War (HKLM-x32\...\Gears of War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Gears of War (HKLM-x32\...\InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios)
GetEven (HKLM-x32\...\GetEven_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro VR Player 2.1 (HKLM\...\GoPro VR Player 2.1) (Version: V2.1.2 - GoPro)
Hard Reset Redux (HKLM-x32\...\Hard Reset Redux_is1) (Version:  - )
Hellblade: Senua's Sacrifice (HKLM-x32\...\1573355755_is1) (Version: 1.0 - GOG.com)
Hitman (HKLM-x32\...\Hitman_is1) (Version:  - )
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Impaq Speed (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\{513624C8-A6E3-44FA-A449-5C2BDAA72CC4}_is1) (Version:  - Avalanche Studios)
Kingdom Come Deliverance (HKLM-x32\...\Kingdom Come Deliverance_is1) (Version:  - )
Kingo ROOT version 1.5.4.3126 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.4.3126 - Kingosoft Technology Ltd.)
Kingpin - Life of Crime (HKLM-x32\...\Kingpin - Life of Crime_is1) (Version:  - GOG.com)
Kingpin: Life of Crime (HKLM-x32\...\Kingpin) (Version:  - )
K-Lite Codec Pack 12.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.5 - KLCP)
Kodi (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Kodi) (Version:  - XBMC Foundation)
Life is Strange (HKLM-x32\...\Life is Strange_is1) (Version:  - )
Little Inferno (HKLM-x32\...\1444053723_is1) (Version: 2.0.0.1 - GOG.com)
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
Lumino City (HKLM-x32\...\Lumino City_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 Complete Edition (HKLM\...\bWF4cGF5bmUz_is1) (Version: 1 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-GB)) (Version: 56.0 - Mozilla)
Mozilla Firefox 60.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-GB)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Otems Defiance (HKLM-x32\...\Otems Defiance_is1) (Version:  - )
Outcast - Second Contact (HKLM-x32\...\Outcast - Second Contact_is1) (Version:  - )
Outlast 2 (HKLM-x32\...\Outlast 2_is1) (Version:  - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PIXPRO_360_STITCH (HKLM-x32\...\{73CC0E00-3FDF-4A6B-90EA-ACC912BDA9DF}) (Version: 1.3.6 - JK Imaging)
PIXPRO_SP360_4K (HKLM-x32\...\{CA6FE01C-9B4B-4248-8B62-CF609F0884CD}) (Version: 2.2.5 - JK Imaging)
ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Redneck Rampage Collection (HKLM-x32\...\Redneck Rampage Collection_is1) (Version:  - GOG.com)
Redout (HKLM-x32\...\Redout_is1) (Version:  - )
Remothered Tormented Fathers HD (HKLM-x32\...\Remothered Tormented Fathers HD_is1) (Version:  - )
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version:  - )
Resident Evil 4 (HKLM-x32\...\UmVzaWRlbnRFdmlsNA==_is1) (Version: 1 - )
Resident Evil 5 Gold Edition (HKLM-x32\...\Resident Evil 5 Gold Edition_is1) (Version: 1.0 - PLAZA)
Ridge (HKLM-x32\...\Ridge_is1) (Version:  - )
Riftcat (HKLM-x32\...\{8346dab5-9676-4878-9891-b24811bf4ce4}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
Root Of Evil The Tailor (HKLM-x32\...\Root Of Evil The Tailor_is1) (Version:  - )
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Shadwen (HKLM\...\c2hhZHdlbg_is1) (Version: 1 - )
Silent Descent (HKLM-x32\...\Silent Descent_is1) (Version:  - )
Slain! (HKLM-x32\...\1458053826_is1) (Version: 2.4.0.5 - GOG.com)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Stacking (HKLM-x32\...\GOGPACKSTACKING_is1) (Version: 2.0.0.6 - GOG.com)
STAR WARS® Jedi Knight - Dark Forces 2 (HKLM-x32\...\1422286819_is1) (Version: 2.0.0.6 - GOG.com)
STAR WARS® Jedi Knight - Mysteries of the Sith (HKLM-x32\...\1422285784_is1) (Version: 2.0.0.5 - GOG.com)
STAR WARS™ - Shadows of the Empire (HKLM-x32\...\1449669419_is1) (Version: 2.0.0.9 - GOG.com)
STAR WARS™ Jedi Knight™ II - Jedi Outcast™ (HKLM-x32\...\1428935917_is1) (Version: 2.0.0.3 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Heist - Hatbox - Hatful Eight + 2 (HKLM-x32\...\1567936393_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist - Hatbox - Three 4 Free (HKLM-x32\...\1872178582_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist - The Outsider (HKLM-x32\...\1108458982_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist (HKLM-x32\...\1668986402_is1) (Version: 2.0.0.3 - GOG.com)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
System Requirements Lab Detection (HKLM-x32\...\{76976233-78C8-41B3-AC22-B4701643B99B}) (Version: 6.1.1.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
The Final Station (HKLM-x32\...\1580842560_is1) (Version: 2.0.0.2 - GOG.com)
The Old City Leviathan (HKLM-x32\...\The Old City Leviathan_is1) (Version:  - )
The Room Two (HKLM-x32\...\The Room Two_is1) (Version:  - )
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Solus Project (HKLM-x32\...\The Solus Project_is1) (Version:  - )
The Technomancer (HKLM-x32\...\The Technomancer_is1) (Version:  - )
This War of Mine - The Little Ones (HKLM-x32\...\This War of Mine - The Little Ones_is1) (Version:  - )
Titanfall 2 (HKLM-x32\...\Titanfall 2_is1) (Version:  - )
Tom Clancy's Ghost Recon Wildlands (HKLM\...\Tom Clancys Ghost Recon Wildlands_is1) (Version: 1.0 - )
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.7.19 - TotalAV)
Troll and I (HKLM-x32\...\Troll and I_is1) (Version:  - )
Unravel (HKLM\...\Unravel_is1) (Version: 1.0.0.0 - )
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
Victor Vran (HKLM-x32\...\Victor Vran_is1) (Version:  - )
Video Card Stability Test (HKLM-x32\...\Video Card Stability Test) (Version: v.1.0.0.3 - FreeStone Group)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VulkanSDK 1.1.73.0 (HKLM\...\VulkanSDK1.1.73.0) (Version: 1.1.73.0 - LunarG, Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\webmdshow) (Version:  - )
Wickr Me (HKLM-x32\...\{7668652D-F198-4E7B-8FF4-5E2DC13D9AD7}) (Version: 2.6.0.4 - Wickr Inc.)
Windows Password Recovery Tool Professional  (HKLM-x32\...\Windows Password Recovery Tool Professional) (Version:  - Tenorshare, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinToUSB version 2.9 (HKLM\...\WinToUSB_is1) (Version: 2.9 - The EasyUEFI Development Team.)
Wolfenstein II The New Colossus (HKLM-x32\...\Wolfenstein II The New Colossus_is1) (Version:  - )
Woolfe - The Red Hood Diaries (HKLM-x32\...\Woolfe - The Red Hood Diaries_is1) (Version:  - GRIN)
World of Goo (HKLM-x32\...\1421855536_is1) (Version: 2.1.0.2 - GOG.com)
XECUTER CK3 PRO - USB (HKLM-x32\...\{B5734BB9-56FC-4937-88F2-AB34ABF49821}) (Version: 1.00.000 - XECUTER)
Zombie Driver HD - Complete Edition (HKLM-x32\...\Zombie Driver HD - Complete Edition_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2013-09-17] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2013-09-17] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {195BFF64-290C-475A-954A-C6F896AA59CC} - System32\Tasks\fluorouracilfluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {1B1B8FB2-8E39-430B-8519-04EDDB7D1725} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {1D84FC13-4FCD-414F-8CEC-0D61F3B3C2D3} - System32\Tasks\{76B2D188-9A2C-42C3-8CB1-B62C13673E8B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Reddinhome\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Reddinhome\uninstall.dat" -a uninstallme 63569479-C0B9-441A-8CEB-16887EDB0DCB DeviceId=cb87367d-6712-7e1f-043a-1a44d25be8dd BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {36C8516A-0AC1-4E47-A71F-BD6450232420} - System32\Tasks\bloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {427A6FAC-D38D-4D71-9B98-E5C9CDC9EA71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {45E35CB5-5C52-4B58-9700-7C2842705AA5} - System32\Tasks\grittiness_norelcogrittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {46E17068-F3C5-4989-9E5D-23BB11D48B16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {4D4C5615-354B-4C99-9CDC-EB04289E28FF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {4F61B1B4-E980-433D-9D5A-05ABDF540030} - System32\Tasks\fluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {59A372C9-69F1-4E3C-950E-27D2329263C1} - System32\Tasks\mifflinmifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
Task: {59C8AB18-E5C3-4423-BB32-42B94FAAD372} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Task: {6CBD7DBF-E259-43B4-A12F-B6837D46C125} - System32\Tasks\magruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
Task: {74068405-4B4D-4DBE-BE8E-4B6142E6E138} - System32\Tasks\teams => C:\Program Files (x86)\santayana\santayana.exe
Task: {74DA9B72-7E90-4576-BB79-3027C4000755} - System32\Tasks\grittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {863874E6-B012-41A2-BD56-3D815387B258} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {946B4102-0BFA-45F7-BFB6-735237A4427D} - System32\Tasks\olfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {9D97A0B1-8ED9-4CF8-916A-786ED052128C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-02] (Adobe Systems Incorporated)
Task: {AA879C58-0711-4418-AE8D-9EA2E427BA66} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2017-03-10] (Advanced Micro Devices, Inc.)
Task: {AE53C39D-DB7F-4A05-837F-B6DCA9EB8A9F} - System32\Tasks\olfactory-collagesolfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {B023BDAE-8AB4-48D8-9576-916E18B67574} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-25] (Adobe Systems Incorporated)
Task: {B876B4F1-81C4-4342-A2ED-C20AFC47147A} - System32\Tasks\mifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
Task: {C061C446-AB7A-43AD-8519-1D7753B74A32} - System32\Tasks\bloodline upliftedbloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {C0B70750-0C43-4422-92BC-5BF83522A75B} - System32\Tasks\uncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {CEFF1A6E-7140-4D52-8BB8-279A4D1A122A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} - System32\Tasks\uncouth_exhumeduncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {F3782BCE-2784-4E8B-8373-6CB9A426C61F} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {F8AB912E-6922-446A-A962-A5B0408F4A5C} - System32\Tasks\teamsteams => C:\Program Files (x86)\santayana\santayana.exe
Task: {FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} - System32\Tasks\magruder dinkins wynnmagruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\DiMiTrius\Desktop\GAMES\It Came from the Desert.lnk -> I:\Games\It Came From The Desert\ItCameFromTheDesert.bat ()
Shortcut: C:\Users\DiMiTrius\Desktop\GAMES\Wolverine.lnk -> E:\Wolverine\Run_Wolverine.bat (No File)

ShortcutWithArgument: C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-06-01 21:34 - 2018-06-01 21:34 - 000078280 _____ () C:\Program Files (x86)\Scripted\rosco.exe
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-22 19:47 - 2017-02-22 19:47 - 000307712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\f68d1e915dbc0bc68152573db01c25af\ReactiveSockets.ni.dll
2014-05-02 12:52 - 2014-05-02 12:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 07:55 - 2014-05-02 07:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 07:05 - 2014-05-02 07:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\hansford\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Manicurist\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000051986 _____ () C:\Program Files (x86)\talon\sintered.exe
2017-08-20 14:54 - 2017-08-20 14:53 - 000017384 _____ () C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-05-24 20:00 - 2018-05-01 08:32 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-05-24 20:00 - 2018-05-19 00:01 - 002632480 _____ () C:\Program Files (x86)\Steam\video.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-05-24 20:00 - 2018-05-19 00:01 - 000979232 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-05-24 20:00 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-05-24 20:02 - 2018-05-01 08:32 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-05-24 20:02 - 2018-05-14 20:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-05-24 20:00 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-05-24 20:03 - 2018-05-14 20:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-05-24 20:02 - 2018-05-14 20:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-05-27 02:04 - 000000992 ____R C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 superantispyware.com
0.0.0.0 license.superantispyware.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2467884633-685454356-10440173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A9F9E8CB-EC07-43BF-B432-55994599F47C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBE9800A-680C-407E-851E-B6001D57E68C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9624A6E-3187-4226-A05F-C911E705FB7B}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D28B991B-8D42-49F2-9FAB-3A3E031D0B5A}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB86E974-BA9C-41ED-B3B4-69AC5E16E5F0}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D4234910-9C99-486B-8578-81E00C141A2C}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AAD027A2-8368-48BD-BE93-DCCE9DBACD17}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C0E7D820-87E7-47F5-BCD7-0BBB437C0460}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{56A95247-2ED5-4477-9A1B-251EE6F85B12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A923D42F-BB9A-4361-834C-C1F688AED171}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AFD49C77-9086-44A3-9403-F44C82C1A710}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7F96C87-E161-4F81-BEB6-2414AD0A7524}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6BA293C9-6377-470C-8890-828795B5F520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{FD7FBE5F-3112-43C9-80B6-52B40D984AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{9FE6D89C-1974-41F9-B3AE-B749187A5610}E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [UDP Query User{16C5E45E-195F-4516-BDCE-0DF6E5022FBC}E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [TCP Query User{360241C9-1156-4594-9209-57DDCB40B8B2}E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe] => (Allow) E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe
FirewallRules: [UDP Query User{9A84E1FF-E1E8-4E40-9D29-CE052C9D9289}E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe] => (Allow) E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe
FirewallRules: [{B1EDCF3F-23E9-44A0-AF74-E10B23AEED49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{DB9E2470-54C2-4EA3-87AD-884381C42B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{25CE2228-ACDF-46F3-B91F-D0916F838F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1 Multiplayer\sin.exe
FirewallRules: [{8F4D86E4-71D9-48A7-AD95-A6CA1C05F9D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1 Multiplayer\sin.exe
FirewallRules: [{84B4CAB2-A7D3-46E4-8C1D-4C1AE6128B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1\runme.exe
FirewallRules: [{3B5F6535-1653-478F-9801-C3662588FA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1\runme.exe
FirewallRules: [{A73E38AE-D445-4FA7-8FD9-258C28BAEA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{70C41D4A-B6D8-49FA-A530-766817BFFFBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{D04846FC-2510-4F9E-9668-71B1314208C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{1DB9FD0D-7DC4-4306-A7DC-24E020DAAE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{C9E3C67E-D752-4C35-B491-02996CAE80F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{63E933D2-CC0B-42B6-A2D2-912257F93D6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{BBB06810-B552-4886-BEA8-4146BA7E497A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{50988B0A-4497-424E-BAD2-F451C4B1FA05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{619A7E58-D8F8-47DD-8ACC-F3F5C6A3897C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{3AE6C3AD-BAAC-4880-A015-BBBCB1E7C460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [TCP Query User{B5B2FF80-D5C3-40B3-B01F-BE8C7367C09C}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{0DDB898E-103E-4CE6-8445-59D6A7B7A2A8}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{2E8ECD25-7968-4830-B9DA-3D7F06017330}E:\dear esther\dearesther.exe] => (Allow) E:\dear esther\dearesther.exe
FirewallRules: [UDP Query User{5A20AB4D-682E-4385-9528-6A2549D1A4D9}E:\dear esther\dearesther.exe] => (Allow) E:\dear esther\dearesther.exe
FirewallRules: [TCP Query User{0ED6454F-B01C-4BC4-960B-9634170A3D93}E:\doom 3 bfg edition\doom3bfg.exe] => (Allow) E:\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [UDP Query User{0E983465-48C1-464B-8138-AB72EBF64ED8}E:\doom 3 bfg edition\doom3bfg.exe] => (Allow) E:\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [TCP Query User{F8A26CFE-8141-483D-B44C-1D5AF4C9C096}E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe] => (Allow) E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe
FirewallRules: [UDP Query User{86D67C51-8ABB-4E02-9F75-9B15E31CAD3C}E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe] => (Allow) E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe
FirewallRules: [{4B752BEE-19AD-4B37-806A-288023B50224}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{51EC85BC-F7D5-4557-91CD-600BFBD96A51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{CD91CCF9-EE7E-493B-8355-FAFB37660E88}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [UDP Query User{6953AC09-5FA8-4583-9133-F323FA641C31}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [TCP Query User{7451656D-80E6-478B-8896-DFEF3C352BFA}E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{CB434AAE-CA25-42CE-8F56-FBE967538B69}E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{81DD0DF8-945A-4235-BD40-A4040D5B1CE5}E:\in verbis virtus\binaries\win32\ivv.exe] => (Allow) E:\in verbis virtus\binaries\win32\ivv.exe
FirewallRules: [UDP Query User{87BE2481-7BE8-495A-890C-06DB921B44C1}E:\in verbis virtus\binaries\win32\ivv.exe] => (Allow) E:\in verbis virtus\binaries\win32\ivv.exe
FirewallRules: [TCP Query User{545FB4FC-1ACE-45BD-A8D1-C84B8B6C5A08}E:\john woo presents stranglehold\binaries\retail-stranglehold.exe] => (Allow) E:\john woo presents stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [UDP Query User{6B0BC25D-52F8-4603-BE96-6BC4FEE035E6}E:\john woo presents stranglehold\binaries\retail-stranglehold.exe] => (Allow) E:\john woo presents stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [TCP Query User{641B9794-D569-471C-8303-E7723BDBCA5D}E:\lex mortis\bin32\lexmortis.exe] => (Allow) E:\lex mortis\bin32\lexmortis.exe
FirewallRules: [UDP Query User{BB52E892-EA01-44EB-87E8-DEEC0C6C6636}E:\lex mortis\bin32\lexmortis.exe] => (Allow) E:\lex mortis\bin32\lexmortis.exe
FirewallRules: [TCP Query User{E1B03D8E-4F49-4CA0-ACD7-E0638E3603D1}E:\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{972AAD0D-60F3-4D9D-AD6F-7918A6E732E8}E:\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{B45239BA-970C-4081-A371-3BD88F50A269}E:\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) E:\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [UDP Query User{CC96A55A-8A22-4C45-9B89-BCE41AE918CD}E:\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) E:\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [TCP Query User{2A67D9B2-6F2C-4E3C-9C81-A930BD548E93}E:\styx master of shadows\binaries\win64\styxgame.exe] => (Allow) E:\styx master of shadows\binaries\win64\styxgame.exe
FirewallRules: [UDP Query User{DC720624-CA8C-4516-8876-E9E98DFDEDE2}E:\styx master of shadows\binaries\win64\styxgame.exe] => (Allow) E:\styx master of shadows\binaries\win64\styxgame.exe
FirewallRules: [TCP Query User{862DE122-5E6C-41D5-A8C8-8CD8BFE8A872}E:\renegade ops\renegadeops.exe] => (Allow) E:\renegade ops\renegadeops.exe
FirewallRules: [UDP Query User{8C29CF03-7CD0-4F30-B5C6-B8866AD39D96}E:\renegade ops\renegadeops.exe] => (Allow) E:\renegade ops\renegadeops.exe
FirewallRules: [TCP Query User{B73F8969-8598-4384-A3F1-56ED777D4D44}E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [UDP Query User{605F071B-7842-492A-87E3-B2FDA8D25585}E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [TCP Query User{A7D33893-34F7-4CAF-899D-BEABFE6790D7}E:\the lost valley\lv\bin64\lv.exe] => (Allow) E:\the lost valley\lv\bin64\lv.exe
FirewallRules: [UDP Query User{5758AD92-A3F3-4CA2-BB6F-839350BD36BD}E:\the lost valley\lv\bin64\lv.exe] => (Allow) E:\the lost valley\lv\bin64\lv.exe
FirewallRules: [TCP Query User{0366A561-826B-4F6F-933A-18859EF73A66}E:\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) E:\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [UDP Query User{AF21199C-9E36-4EC9-B5DD-F72F36C476CB}E:\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) E:\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [TCP Query User{7984C037-69D3-477D-BFBF-54A08E431FF0}E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{2623E991-694E-46C4-83BC-241B04405780}E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{40E23C3E-5222-4B54-BA19-EA43AE0E9147}E:\woolfetrhd\binaries\win64\woolfegame.exe] => (Allow) E:\woolfetrhd\binaries\win64\woolfegame.exe
FirewallRules: [UDP Query User{9EE15996-4F90-449C-A9D0-2617206891A8}E:\woolfetrhd\binaries\win64\woolfegame.exe] => (Allow) E:\woolfetrhd\binaries\win64\woolfegame.exe
FirewallRules: [{849BFCF3-0FDB-4879-98CA-9F7DEBDE1222}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6EE0E2D1-1905-4939-93CE-F3A3C5719376}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2AEA3C49-71D9-4EB7-A2FF-21230E6CD521}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E3EA24FE-CDB9-43B8-BCA6-880A206A67B5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [TCP Query User{259E1888-2295-4A93-81A3-E83E3A3CABA2}I:\games\dying light\dyinglightgame.exe] => (Allow) I:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{17F31D14-5A0D-4AE4-BEB0-881C433B54F2}I:\games\dying light\dyinglightgame.exe] => (Allow) I:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{D3FCE1CC-34EB-489B-B4E4-28A6339439A9}C:\program files (x86)\renegade ops\renegadeops.exe] => (Allow) C:\program files (x86)\renegade ops\renegadeops.exe
FirewallRules: [UDP Query User{5A3D9A24-AE2C-46AC-A4D5-81E15ADF0517}C:\program files (x86)\renegade ops\renegadeops.exe] => (Allow) C:\program files (x86)\renegade ops\renegadeops.exe
FirewallRules: [TCP Query User{02D020AA-2066-4A9C-99CA-B8AC6631016A}I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [UDP Query User{C9E06C92-7616-48D9-A96E-F733CF0FAA28}I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [{B82E33BB-5642-4A19-A6B4-757FFD21BAC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{7ED4DF74-CD1A-44FE-8BDA-B2295DF200D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{CBF850B1-F206-4D3A-A372-27B3F271CBCC}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [UDP Query User{929B9FEE-B4F2-4FEB-A688-75F5A9ECBDD0}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [TCP Query User{4C9FEF15-1D75-407D-9262-2E4F3CC40908}I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe] => (Allow) I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe
FirewallRules: [UDP Query User{01A77A6E-0D57-4153-8B1F-9610EF19BC18}I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe] => (Allow) I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe
FirewallRules: [TCP Query User{AC9109B6-A726-459C-B405-3CA483070C58}I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{3ABB8DA5-0389-4366-8E46-37A4D11DCCFE}I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{4E89F378-936B-4E29-940D-9FD79FD9F07A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{83239BCF-B2B3-4DCC-AC4A-AE4F18A4CCE9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{C1273853-2920-40E4-8A4D-20D705F53985}I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe] => (Allow) I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe
FirewallRules: [UDP Query User{A298844B-3FC6-4679-B2A6-D54AAEF22409}I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe] => (Allow) I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe
FirewallRules: [TCP Query User{1B7EA231-C788-472F-8E01-937E34541740}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CA7D2377-AB4B-4AE5-9F09-A05D9D4C9E8E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9B6C743F-1217-4529-97F4-DC5821CDBA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transmissions Element 120\hl2.exe
FirewallRules: [{9D83FE67-BEEB-46F7-B9FE-F0082707D9B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transmissions Element 120\hl2.exe
FirewallRules: [TCP Query User{F87E9BDE-EFE7-44E7-A41B-F93970DB98AF}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{F3683F7C-4338-4780-BDE7-09497336C151}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{BAF5B61D-F6AD-4BA4-BFD4-E50BDE47983D}I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe] => (Allow) I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe
FirewallRules: [UDP Query User{4022252C-9EF8-4422-92FA-C2839EE54DD7}I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe] => (Allow) I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe
FirewallRules: [{002E72FB-301A-4E0F-A2C1-5AA09EED8BB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\brainbread2\hl2.exe
FirewallRules: [{C6984D8A-82E8-49EA-9C91-D4771B6A7A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\brainbread2\hl2.exe
FirewallRules: [{D3CFD7D3-5A57-4829-BF42-81D71EDE80E5}] => (Allow) I:\INSIDE\Steam\Steam.exe
FirewallRules: [{E32BF3B8-3FCD-4B56-B72D-4439509BA0CB}] => (Allow) I:\INSIDE\Steam\Steam.exe
FirewallRules: [TCP Query User{25FEC8F6-20AD-4131-8E37-4D36439B6CFF}I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{DDB8CDF4-214D-496E-9529-5F236FE7A342}I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{489FD761-1636-4E07-B664-91A18CE64422}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [UDP Query User{4C07F4A9-C43C-46B5-B201-0713883DCA2A}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [{75EE9CD7-2224-4F5B-8759-41296A48BDE0}] => (Allow) I:\ABZU.Incl.Update.1\Steam\Steam.exe
FirewallRules: [{FD2EE5A7-550F-4791-921C-CC8B51C5C468}] => (Allow) I:\ABZU.Incl.Update.1\Steam\Steam.exe
FirewallRules: [TCP Query User{DA54A9EE-F29A-4EDB-BB93-C5338B133BCF}I:\games\left4dead2\left 4 dead 2\left4dead2.exe] => (Allow) I:\games\left4dead2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{64032AC4-BF4C-4C23-AA03-742310F59275}I:\games\left4dead2\left 4 dead 2\left4dead2.exe] => (Allow) I:\games\left4dead2\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{27A2ABB1-94E8-4B70-A194-087123E6BDAA}I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{716726C5-88E7-445E-B919-A275F60ACD32}I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{A7E5E219-53D5-400F-8D5D-F7FEBE15FD02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{E4CBB5EC-B573-4ED5-9EED-95F1B1C46834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{866959C2-8B0F-48C4-87EC-E28B31535950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source 2007 Dedicated Server\srcds.exe
FirewallRules: [{982AEEA7-9088-4FED-A9C7-4E17FEAA79D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source 2007 Dedicated Server\srcds.exe
FirewallRules: [TCP Query User{5AEE7C2F-1BE9-4E54-8453-1AD7A02FA5CC}I:\games\ridge\ridge\binaries\win64\ridge.exe] => (Allow) I:\games\ridge\ridge\binaries\win64\ridge.exe
FirewallRules: [UDP Query User{30237996-CF75-4C12-8E3D-0EA3FDE7835C}I:\games\ridge\ridge\binaries\win64\ridge.exe] => (Allow) I:\games\ridge\ridge\binaries\win64\ridge.exe
FirewallRules: [TCP Query User{C348A79C-3D3A-4E60-8584-948E8953CA46}C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{270615BC-DB1E-4D80-A250-3B11DC192B6D}C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{A87CE058-6463-4E73-B5DE-CF426E1F0AF5}] => (Allow) I:\Games\WarThunder\launcher.exe
FirewallRules: [{5B6DE542-75FE-4CB6-8C32-3F1316CB8732}] => (Allow) I:\Games\WarThunder\launcher.exe
FirewallRules: [{A147A5DA-5599-41EA-982D-CFA8DAFA6125}] => (Allow) LPort=80
FirewallRules: [{9AAE19AB-BE34-44F6-A950-5D297970B059}] => (Allow) LPort=443
FirewallRules: [{D70FDCDE-ECCC-496C-9037-223716BC7780}] => (Allow) LPort=20010
FirewallRules: [{B8712ADE-4A9F-49F3-B7CF-C31B6345C4A1}] => (Allow) LPort=3478
FirewallRules: [{F78B59C3-0B13-4B61-AFA8-D1871EF02F03}] => (Allow) LPort=7850
FirewallRules: [{243F2979-9AE9-47B7-9CAC-0A0B7B88CE8A}] => (Allow) LPort=7852
FirewallRules: [{6E270EF5-847E-4B84-AE42-D1B7DDCD0BB6}] => (Allow) LPort=7853
FirewallRules: [{400D4E37-232D-48AE-92EE-AE841A8498E7}] => (Allow) LPort=27022
FirewallRules: [{9FD7D7C0-F5D8-49B9-98C2-7A8279D4051F}] => (Allow) LPort=6881
FirewallRules: [{13D0ED48-2B1E-4B45-B462-F7910D2892D3}] => (Allow) LPort=33333
FirewallRules: [{A3C9895E-A1F1-4225-B3E3-FA234D641B92}] => (Allow) LPort=20443
FirewallRules: [{81FFA30C-B004-401B-9E4A-59ADAB409A20}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{18A766E0-020E-4FDB-8F58-AD62C3A4BF4D}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{D07B16B4-3F3F-45E9-917A-96ACCE48FBDA}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{7DF53B2F-0F42-4093-BF8D-382248BDC372}I:\games\nether - resurrected\game\binaries\win64\nether.exe] => (Allow) I:\games\nether - resurrected\game\binaries\win64\nether.exe
FirewallRules: [UDP Query User{C7026B93-271F-47E8-A226-16EE7232416E}I:\games\nether - resurrected\game\binaries\win64\nether.exe] => (Allow) I:\games\nether - resurrected\game\binaries\win64\nether.exe
FirewallRules: [TCP Query User{3783952A-E6C4-41AF-8B10-25BE35E23CA4}I:\games\resident evil 5 gold edition\launcher.exe] => (Allow) I:\games\resident evil 5 gold edition\launcher.exe
FirewallRules: [UDP Query User{5828B75B-4E76-4286-9A84-95D814FA0947}I:\games\resident evil 5 gold edition\launcher.exe] => (Allow) I:\games\resident evil 5 gold edition\launcher.exe
FirewallRules: [TCP Query User{2D7394B6-1CED-4125-B614-A1DDCD62CB85}I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{F2FCC9B9-37CC-409E-99C8-5185DB9DF74B}I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{11268F14-CB99-4FD9-B3F6-3FF233F7CCC8}I:\games\singularity\binaries\singularity.exe] => (Allow) I:\games\singularity\binaries\singularity.exe
FirewallRules: [UDP Query User{BC170854-3CAF-4FA1-BC67-4B76C38022E6}I:\games\singularity\binaries\singularity.exe] => (Allow) I:\games\singularity\binaries\singularity.exe
FirewallRules: [{B73B6160-3C6F-46D9-B8E9-BD8A1E27B982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minds Eyes\MindsEyesLaunch.exe
FirewallRules: [{0DF5A29E-A92F-4C44-AE75-D89BF44ACCC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minds Eyes\MindsEyesLaunch.exe
FirewallRules: [TCP Query User{85F6FDF1-788F-4086-85CE-E353796B1419}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{D72D6A51-9025-418F-865C-CFC6114D06CD}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{933027F9-710C-4D59-8CE5-2FF410743AE6}I:\games\call of duty - modern warfare 2\iw4mp.exe] => (Allow) I:\games\call of duty - modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{940A3306-35F8-48D9-B460-8EA30F2A7B7B}I:\games\call of duty - modern warfare 2\iw4mp.exe] => (Allow) I:\games\call of duty - modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{1684D466-BFAD-4485-932C-8E5952CB2A85}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [UDP Query User{05C9798C-0520-4DDB-93D6-D0433C1BA562}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{0C208F8D-E124-452E-905B-B16DF1BC4954}E:\quantum break\dx11\quantumbreak.exe] => (Allow) E:\quantum break\dx11\quantumbreak.exe
FirewallRules: [UDP Query User{6F0C4AE1-EED9-4B15-B703-C50AF7FFCF68}E:\quantum break\dx11\quantumbreak.exe] => (Allow) E:\quantum break\dx11\quantumbreak.exe
FirewallRules: [{F8617DEF-0CE9-469F-8C49-1F3BE6BFA0C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{41608E1D-AFA8-42EC-86BF-5CBD7FD1E14B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{2980BA8F-E468-46BA-A657-26C675EC9E95}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{BA537403-D714-4363-8994-3F24A08BBB87}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{4C2FF566-C4DD-4DE6-9C64-6F3A05BA9DCD}] => (Allow) E:\SteamLibrary\steamapps\common\Piercing Blow\PiercingBlow.exe
FirewallRules: [{4725A9D3-0333-461B-978D-3037E8D1449B}] => (Allow) E:\SteamLibrary\steamapps\common\Piercing Blow\PiercingBlow.exe
FirewallRules: [TCP Query User{E1517768-D5AF-4992-AC31-3EC3A1373A82}G:\games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\games\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{9C4177E1-D67A-4AFB-9254-D12F02D6D969}G:\games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\games\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [TCP Query User{D1952B89-19B1-4C08-BA65-D63C331C4A66}I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C3500F0C-F28C-49EB-84FE-895997572410}I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [TCP Query User{11CBC411-0D1C-4DAE-AF52-2C01CC2FE5AD}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{E53534B7-1003-4F66-89D3-CEA0A9A1DE8F}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{B1926DBE-C4A7-4709-BC4A-C04A87224637}I:\games\dishonored\binaries\win32\game.exe] => (Allow) I:\games\dishonored\binaries\win32\game.exe
FirewallRules: [UDP Query User{D578A124-CB43-4FA9-AF3A-357D0ED23E5E}I:\games\dishonored\binaries\win32\game.exe] => (Allow) I:\games\dishonored\binaries\win32\game.exe
FirewallRules: [{D3EFD966-A252-46B8-B325-6C885AB32D47}] => (Allow) I:\Games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{084756E4-5AE8-4661-890D-9DB60ED3D6F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F3F143A-87CE-47B2-A7E7-D4406ECD04E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBAF905A-8EF1-4E76-8524-CAA29C3B7391}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9612400C-E72F-4827-99A6-55A97D14615E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5346EA76-70B3-4082-A01C-DC568F9FF103}I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{7D4EF6AB-6727-4FC6-94D3-72CE5C3D66E7}I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{F51D460A-CA81-49DD-97B8-7D371C95770B}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [UDP Query User{6575B2BE-E0FD-4D5D-8357-588DD32BB091}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [{3E4996A4-72D7-445F-A9FA-B2B45B29157A}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{7DDEB095-F74B-47A7-A97D-18404705D06F}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{721CA5A5-F33A-4F39-827D-FCFEC8723B03}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{93882085-DE64-4540-A95E-A566452C34E7}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{4D812C41-436A-4B60-A7B7-09D929D00402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{6E5EC2A7-C8E8-49BB-8CEE-5E34B62CB2D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{682125A7-98E2-4CD7-A200-7A5842505E1F}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [UDP Query User{442A077F-CD02-400C-A87E-5ACEAE6B5F24}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [TCP Query User{E302BDB8-DC08-4A31-B5F8-BD4975DE99E4}C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{E5415488-BE6E-4532-B655-D6A43B4E8AB9}C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{E12511B6-845D-4D67-B4B4-8B35A525EE71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E64B8A8B-B089-4533-ACE6-D04C6E8ABAEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{58680256-6140-4355-B7D2-9A4FCFAA455E}I:\games\et armies\binaries\win32\udk.exe] => (Allow) I:\games\et armies\binaries\win32\udk.exe
FirewallRules: [UDP Query User{BB97C660-E4FE-4E77-AD74-3847DAA90DDB}I:\games\et armies\binaries\win32\udk.exe] => (Allow) I:\games\et armies\binaries\win32\udk.exe
FirewallRules: [{CE4D0FF6-8D8F-49CB-9CD8-48273E7C6DF1}] => (Allow) G:\Games\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{B4FDB598-1A74-4AE6-8F3B-FE8D9968FDAE}] => (Allow) G:\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{0F28FC83-B6F2-4C3D-9B81-2EA66A67F5EE}] => (Allow) G:\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{5ABA9722-F9A5-4E7C-B746-E47794E2707B}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{30631058-2C19-4CCD-A0DC-13273302247E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A83DC6B2-8E67-42DF-80A7-D91B2CE29EBC}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{0E8A5635-3DFC-4B4A-B914-E9A5AD30406C}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{7CD809F5-88D9-43C5-8A0A-A1C0CF5943B6}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{DB14B12B-7F0D-4153-82DB-18CE260470A0}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [TCP Query User{29290EEA-2F82-4CA2-8509-AC42E668CC0E}C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe] => (Allow) C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe
FirewallRules: [UDP Query User{9D161B92-2BBC-4302-831C-3DC04FFC4C21}C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe] => (Allow) C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe
FirewallRules: [TCP Query User{1A06B82B-6D33-47E5-833F-6D8D1924B75E}I:\rise of the triad\binaries\win64\rott.exe] => (Allow) I:\rise of the triad\binaries\win64\rott.exe
FirewallRules: [UDP Query User{E5972520-8FF4-4543-AAF3-0894C4FB4775}I:\rise of the triad\binaries\win64\rott.exe] => (Allow) I:\rise of the triad\binaries\win64\rott.exe
FirewallRules: [{55695AB5-4A7D-45DB-AD09-AA9F4DD33FA1}] => (Allow) I:\Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{BB41C833-2391-4A77-A266-BB7A16ED2292}] => (Allow) I:\Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{FD16F011-E4D7-468A-8C98-CC6197D566D0}] => (Allow) I:\Games\Battlefield 1\bf1.exe
FirewallRules: [{D7D24DCE-EDD1-43B6-8520-74A0154404EE}] => (Allow) I:\Games\Battlefield 1\bf1.exe
FirewallRules: [{CD0826D9-067B-422D-8246-74E663A43656}] => (Allow) I:\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{FD7C013C-47D1-4BD3-8F9D-E9E189D895DA}] => (Allow) I:\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [TCP Query User{5D4444BF-CC6B-4897-9C88-D6B3CAD0A103}E:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{747F12B5-9484-412B-82F4-19FB6F2BA7F6}E:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{D21C8C29-EF53-4C3E-B613-00D5D173DFBE}I:\games\renegade ops collection\renegadeops.exe] => (Allow) I:\games\renegade ops collection\renegadeops.exe
FirewallRules: [UDP Query User{ADDA0653-814A-42AC-913A-C7F4948B5E50}I:\games\renegade ops collection\renegadeops.exe] => (Allow) I:\games\renegade ops collection\renegadeops.exe
FirewallRules: [{86444982-13EB-4D8B-890A-A9E8A953B09E}] => (Allow) I:\Games\AC Syndicate\ACS.exe
FirewallRules: [{545744AC-C30B-488D-A7D6-7188D4EEB09E}] => (Allow) I:\Games\AC Syndicate\ACS.exe
FirewallRules: [TCP Query User{8A74A08C-78C7-4AD6-8D74-5241889C0B01}E:\homefront the revolution\bin64\homefront2_release.exe] => (Allow) E:\homefront the revolution\bin64\homefront2_release.exe
FirewallRules: [UDP Query User{AD12D81F-ED35-48FC-81ED-431DA5A10CCB}E:\homefront the revolution\bin64\homefront2_release.exe] => (Allow) E:\homefront the revolution\bin64\homefront2_release.exe
FirewallRules: [{28D3B1E2-5109-4577-8FB9-6F184D4FFAEB}] => (Allow) E:\Stacking\stack.exe
FirewallRules: [TCP Query User{DDE56B02-8EF5-4AE3-A1E3-269608AF32B8}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{87C15C32-93DC-4C53-90F3-2601C45F2248}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [TCP Query User{01946DC8-71AA-4284-8070-039DEAB939E6}G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{680C7775-FDB1-437D-9FB9-277550986944}G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [TCP Query User{2B9BC5C2-83EF-439B-BCEA-5EC629D2173B}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [UDP Query User{020275B1-28F6-4907-BA7D-597972A37217}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{BC2D28E3-6FDF-4BFD-BE3F-B2703B57159A}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{EE794F77-F140-42CC-BAE1-9D808754D2DD}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{5FB8E3F3-B456-42E9-9ADF-B41DA8D1C51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{0AE710F5-472F-4B44-8579-E68461F2161A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [TCP Query User{DBE10FC3-1DEA-4670-84BF-98423A252AD3}G:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) G:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{B6DEDCB8-6B22-47C7-A75E-51FBCCB7216F}G:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) G:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{523CFD90-AD14-4799-9A50-6D2F144A194D}] => (Allow) G:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{A2E2E8D0-B9CA-441A-975D-92658ED405E6}] => (Allow) G:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [TCP Query User{47FBC0AE-61D3-40C0-9BC5-73021D5CB70E}G:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) G:\games\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{5892DC42-EDEE-4F94-9E30-6DB68356889F}G:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) G:\games\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [{E88DDEBC-CC25-411B-827E-8B8619B94E03}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{C570EA49-A547-424D-9B92-1FC62089BCD2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5C87F403-11DC-44C6-B532-BD750A268176}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F969CEFB-F493-48B4-BD92-6116E1605D61}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{68BADAB4-BFCA-486C-B71B-BD7113EF59D9}G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{CB346E32-FF0D-430C-BBC6-BEC41786B7E8}G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{097AD7F8-768E-467E-886B-C80AFE92122B}] => (Allow) G:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{7D44CD2B-27CF-4CEE-A1C2-39B1F8E48B43}] => (Allow) G:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [TCP Query User{F8B8CC8F-B703-4F04-BFD8-0FD3780584A2}G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe] => (Allow) G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe
FirewallRules: [UDP Query User{A82AB05A-E683-4BA0-9519-7D5EDE38B7E6}G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe] => (Allow) G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe
FirewallRules: [TCP Query User{D2EB039F-7A73-4C14-967E-BC1D823C68E7}G:\games\nex machina\nex_machina.exe] => (Allow) G:\games\nex machina\nex_machina.exe
FirewallRules: [UDP Query User{96AFE43E-5633-4B84-B490-8FDB029BEE38}G:\games\nex machina\nex_machina.exe] => (Allow) G:\games\nex machina\nex_machina.exe
FirewallRules: [{91CE5F9D-8446-4201-8C87-F9DC07409653}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C11E444E-6A33-4C4E-8F78-FC3D093C5816}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{8213D9F8-2FB6-4540-84AC-41ADCA9EBBD7}I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe] => (Allow) I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe
FirewallRules: [UDP Query User{B6BA8DC4-69D7-40FD-A492-51903CC51191}I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe] => (Allow) I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe
FirewallRules: [TCP Query User{79DD9442-9583-4554-AB9D-39C2D6190C5C}I:\games\investigator\bin64\investigator.exe] => (Allow) I:\games\investigator\bin64\investigator.exe
FirewallRules: [UDP Query User{F505C053-7DDD-464B-8937-C8857D4670E3}I:\games\investigator\bin64\investigator.exe] => (Allow) I:\games\investigator\bin64\investigator.exe
FirewallRules: [TCP Query User{45C59C15-C64C-422E-907C-EAAFC63680FD}G:\games\geteven\binaries\win64\geteven.exe] => (Allow) G:\games\geteven\binaries\win64\geteven.exe
FirewallRules: [UDP Query User{1F915FB5-1876-46A7-901D-8B9AF0C644D0}G:\games\geteven\binaries\win64\geteven.exe] => (Allow) G:\games\geteven\binaries\win64\geteven.exe
FirewallRules: [TCP Query User{3618EE5F-3A27-4E6E-AD3F-8546733FEA18}G:\games\max payne 3\max payne 3\maxpayne3.exe] => (Allow) G:\games\max payne 3\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{8A2C75DA-987B-475C-9338-B3008CBAE49A}G:\games\max payne 3\max payne 3\maxpayne3.exe] => (Allow) G:\games\max payne 3\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{3DE2F6F0-A731-4167-A838-37731EE4D5A1}G:\games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) G:\games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [UDP Query User{0AAC9796-F1D0-4E12-BCC8-48BADD99BAFA}G:\games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) G:\games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [TCP Query User{93D7F91F-9CBD-4FC0-AAF5-9F5211539500}C:\program files\tom clancy's ghost recon wildlands\grw.exe] => (Allow) C:\program files\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{4673B8DD-949B-418A-96FE-09E05B2E4F3C}C:\program files\tom clancy's ghost recon wildlands\grw.exe] => (Allow) C:\program files\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [TCP Query User{AFC5EB2B-6099-4676-85AD-2A889523CEC3}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{EEF3B177-6E27-40B9-8D6B-405F0F030AAA}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{A1AF0ABF-3F0F-4ABF-A5E0-BF62DEF79188}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CD95CB13-1CC6-4968-A8EA-03CA1B3F83B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E622439E-8A26-4B88-B83C-A2B50DE9F2F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5E1137E5-65A7-4826-BC43-0F8DDC38256C}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [UDP Query User{EAA6B401-86DA-4032-8847-66081360C62D}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [{97096956-2A3A-4DAB-96ED-F74E0D09257A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [{C45A0364-89B1-4988-AED9-9C9CA5A467DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [TCP Query User{325C303F-0497-43A7-9740-9FC1E3B080F3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{E62A8168-D311-43C8-92E0-811B5F767B51}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{0871B4B1-4CFC-4CCB-B47A-BA9EC34FA143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\ShatteredSkies.exe
FirewallRules: [{FAB6D607-2997-465E-A444-B8292BFC6BD6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{1EEBF868-C058-4A59-BFEA-89BF3209F211}] => (Allow) C:\Program Files (x86)\Manicurist\Rand.exe
FirewallRules: [{975FE071-3219-4955-AF34-351698E4FCDE}] => (Allow) C:\Program Files (x86)\Nickle\Rand.exe
FirewallRules: [{B23B9AD3-3F10-4441-9FEF-AA658B03A107}] => (Allow) C:\Program Files (x86)\hansford\Papa.exe
FirewallRules: [{FFBDCF5D-3132-4A2E-8557-70DE2A6D1E2F}] => (Allow) C:\Program Files (x86)\Nickle\Papa.exe
FirewallRules: [{4C65492E-7A4D-4D46-A946-FBA195CCE594}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FC42959F-B7A5-4BF4-A4B8-CD87EC187AF6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{67B78F20-97A7-47F1-93EE-474843F864C6}C:\program files (x86)\google\chrome\application\chromedigressions.exe] => (Allow) C:\program files (x86)\google\chrome\application\chromedigressions.exe
FirewallRules: [UDP Query User{C49DB742-2303-4705-B964-1FDE20471B51}C:\program files (x86)\google\chrome\application\chromedigressions.exe] => (Allow) C:\program files (x86)\google\chrome\application\chromedigressions.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2018 01:58:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 40bc

Start Time: 01d3fa0bc32f2515

Termination Time: 326

Application Path: C:\Users\DiMiTrius\AppData\Local\Rand.exe

Report Id: 0f575d13-6600-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:56:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2eb0

Start Time: 01d3fa0b34296ad8

Termination Time: 87

Application Path: C:\Program Files (x86)\Manicurist\Rand.exe

Report Id: bfd654ef-65ff-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:46:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e20

Start Time: 01d3fa02302ea1e1

Termination Time: 6

Application Path: C:\Program Files (x86)\Manicurist\Rand.exe

Report Id: 57369927-65fe-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:46:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 46c

Start Time: 01d3fa021233247b

Termination Time: 2011

Application Path: C:\Program Files (x86)\Manicurist\Rand.exe

Report Id: 3cfb9584-65fe-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4568

Start Time: 01d3fa0a53b661a2

Termination Time: 9

Application Path: C:\Program Files (x86)\Manicurist\Rand.exe

Report Id: 54c47e8c-65fe-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Papa.exe version 9.3.8.119 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b88

Start Time: 01d3fa091bbef50f

Termination Time: 7493

Application Path: C:\Program Files (x86)\hansford\Papa.exe

Report Id: 386fbaca-65fe-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:45:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Rand.exe version 6.2.8.62 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19e8

Start Time: 01d3fa091bd5d8c4

Termination Time: 8572

Application Path: C:\Program Files (x86)\Nickle\Rand.exe

Report Id: 35319aa2-65fe-11e8-83e2-3085a9453ace

Error: (06/02/2018 01:45:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Papa.exe version 9.3.8.119 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 724

Start Time: 01d3fa091bb075e8

Termination Time: 880

Application Path: C:\Users\DiMiTrius\AppData\Local\Papa.exe

Report Id: 31fb1bb7-65fe-11e8-83e2-3085a9453ace


System errors:
=============
Error: (06/02/2018 12:44:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/02/2018 12:44:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Windows Search service to connect.

Error: (06/02/2018 12:43:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/02/2018 12:43:36 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (06/02/2018 12:43:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/02/2018 12:43:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (06/02/2018 12:41:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/02/2018 12:41:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 6fc72d5de0b459231172b5d2d0bb97c2 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================

Date: 2016-12-24 14:33:09.298
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7A5D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:33:09.266
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7A5D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:32:33.942
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIOC580.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:32:33.926
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIOC580.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 12:19:08.585
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7550.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 12:19:08.555
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7550.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-6100 Six-Core Processor
Percentage of memory in use: 85%
Total physical RAM: 8174.99 MB
Available physical RAM: 1217.35 MB
Total Virtual: 16348.18 MB
Available Virtual: 4006.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:140.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Hard Drive 1) (Fixed) (Total:564.2 GB) (Free:155.11 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:367.31 GB) (Free:121.96 GB) NTFS
Drive i: () (Fixed) (Total:698.63 GB) (Free:149.15 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2B7E7AE6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Active) - (Size=564.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=367.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 00097D10)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 01 June 2018 - 09:21 PM

I thought I'd best add that rosco.exe is another exe that keeps starting up. Also I just ran a full superantispyware which found loads of nasties but then when I rebooted it boots windows and all I get is a black screen and the mouse pointer so I have to go closing the exes (there are loads of them that keep opening as I close them) just to get to the desktop.



#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 01 June 2018 - 10:01 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
S2 AVG Antivirus; "C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe" [X]
S3 avgbIDSAgent; "C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]
FirewallRules: [{A147A5DA-5599-41EA-982D-CFA8DAFA6125}] => (Allow) LPort=80
FirewallRules: [{9AAE19AB-BE34-44F6-A950-5D297970B059}] => (Allow) LPort=443
FirewallRules: [{D70FDCDE-ECCC-496C-9037-223716BC7780}] => (Allow) LPort=20010
FirewallRules: [{B8712ADE-4A9F-49F3-B7CF-C31B6345C4A1}] => (Allow) LPort=3478
FirewallRules: [{F78B59C3-0B13-4B61-AFA8-D1871EF02F03}] => (Allow) LPort=7850
FirewallRules: [{243F2979-9AE9-47B7-9CAC-0A0B7B88CE8A}] => (Allow) LPort=7852
FirewallRules: [{6E270EF5-847E-4B84-AE42-D1B7DDCD0BB6}] => (Allow) LPort=7853
FirewallRules: [{400D4E37-232D-48AE-92EE-AE841A8498E7}] => (Allow) LPort=27022
FirewallRules: [{9FD7D7C0-F5D8-49B9-98C2-7A8279D4051F}] => (Allow) LPort=6881
FirewallRules: [{13D0ED48-2B1E-4B45-B462-F7910D2892D3}] => (Allow) LPort=33333
FirewallRules: [{A3C9895E-A1F1-4225-B3E3-FA234D641B92}] => (Allow) LPort=20443
FirewallRules: [{81FFA30C-B004-401B-9E4A-59ADAB409A20}] => (Allow) LPort=8090
C:\Program Files (x86)\talon
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
U3 a2gz16x8; C:\Windows\System32\Drivers\a2gz16x8.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll => No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
Shortcut: C:\Users\DiMiTrius\Desktop\GAMES\Wolverine.lnk -> E:\Wolverine\Run_Wolverine.bat (No File)
C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
C:\Users\DiMiTrius\AppData\Local\Rand.exe
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 000016384 _____ (RodeobeX) C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 001793368 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 002653184 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe
2018-06-01 14:51 - 2018-06-01 14:51 - 009596780 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll
2018-06-01 23:29 - 2018-06-01 23:29 - 003415488 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe
Task: {6CBD7DBF-E259-43B4-A12F-B6837D46C125} - System32\Tasks\magruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
Task: {C0B70750-0C43-4422-92BC-5BF83522A75B} - System32\Tasks\uncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} - System32\Tasks\uncouth_exhumeduncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} - System32\Tasks\magruder dinkins wynnmagruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
C:\Users\DiMiTrius\AppData\Local\Rand.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
2018-06-01 23:29 - 2018-06-01 23:29 - 000016384 _____ (RodeobeX) C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 001793368 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 002653184 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe
2018-06-01 14:51 - 2018-06-01 14:51 - 009596780 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll
2018-06-01 23:29 - 2018-06-01 23:29 - 003415488 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe
C:\Program Files (x86)\Scripted\rosco.exe
Task: {59A372C9-69F1-4E3C-950E-27D2329263C1} - System32\Tasks\mifflinmifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
Task: {B876B4F1-81C4-4342-A2ED-C20AFC47147A} - System32\Tasks\mifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000078280 _____ () C:\Program Files (x86)\Scripted\rosco.exe
C:\Program Files (x86)\Scripted
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\Nickle\Papa.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
HKLM\...\Run: [Todd] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Multitask] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Paymer] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Unpredictability] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
ShortcutTarget: oklahomaoklahoma.lnk -> C:\Program Files (x86)\hansford\Papa.exe ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
Task: {36C8516A-0AC1-4E47-A71F-BD6450232420} - System32\Tasks\bloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {946B4102-0BFA-45F7-BFB6-735237A4427D} - System32\Tasks\olfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {AE53C39D-DB7F-4A05-837F-B6DCA9EB8A9F} - System32\Tasks\olfactory-collagesolfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {C061C446-AB7A-43AD-8519-1D7753B74A32} - System32\Tasks\bloodline upliftedbloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {C0B70750-0C43-4422-92BC-5BF83522A75B} - System32\Tasks\uncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} - System32\Tasks\uncouth_exhumeduncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
FirewallRules: [{B23B9AD3-3F10-4441-9FEF-AA658B03A107}] => (Allow) C:\Program Files (x86)\hansford\Papa.exe
FirewallRules: [{FFBDCF5D-3132-4A2E-8557-70DE2A6D1E2F}] => (Allow) C:\Program Files (x86)\Nickle\Papa.exe
C:\Program Files (x86)\Nickle
C:\Program Files (x86)\Manicurist
C:\Users\DiMiTrius\AppData\Local\Rand.exe
HKLM\...\Run: [Spirits] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM\...\Run: [Lacks] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Unrated] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Cute] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Ooze] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Erotically] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Endearment] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Haberdashery] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [publicans] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
ShortcutTarget: oklahoma.lnk -> C:\Program Files (x86)\Manicurist\Rand.exe ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
Task: {195BFF64-290C-475A-954A-C6F896AA59CC} - System32\Tasks\fluorouracilfluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {45E35CB5-5C52-4B58-9700-7C2842705AA5} - System32\Tasks\grittiness_norelcogrittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {4F61B1B4-E980-433D-9D5A-05ABDF540030} - System32\Tasks\fluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {6CBD7DBF-E259-43B4-A12F-B6837D46C125} - System32\Tasks\magruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
Task: {74DA9B72-7E90-4576-BB79-3027C4000755} - System32\Tasks\grittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} - System32\Tasks\magruder dinkins wynnmagruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Manicurist\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
FirewallRules: [{1EEBF868-C058-4A59-BFEA-89BF3209F211}] => (Allow) C:\Program Files (x86)\Manicurist\Rand.exe
FirewallRules: [{975FE071-3219-4955-AF34-351698E4FCDE}] => (Allow) C:\Program Files (x86)\Nickle\Rand.exe
IFEO\CE i386.exe: [Debugger] Enable
IFEO\ce-x64.exe: [Debugger] Enable
IFEO\Cheat Engine.exe: [Debugger] Enable
IFEO\cheatengine-i386.exe: [Debugger] Enable
IFEO\cheatengine-x86_64.exe: [Debugger] Enable
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 June 2018 - 06:37 AM

Well first of all thank you for your help and precious time, I truly do appreciate it.
Here are my logs...

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by DiMiTrius (02-06-2018 12:16:53) Run:1
Running from C:\Users\DiMiTrius\Desktop
Loaded Profiles: DiMiTrius (Available Profiles: DiMiTrius)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S2 AVG Antivirus; "C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe" [X]
S3 avgbIDSAgent; "C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]
FirewallRules: [{A147A5DA-5599-41EA-982D-CFA8DAFA6125}] => (Allow) LPort=80
FirewallRules: [{9AAE19AB-BE34-44F6-A950-5D297970B059}] => (Allow) LPort=443
FirewallRules: [{D70FDCDE-ECCC-496C-9037-223716BC7780}] => (Allow) LPort=20010
FirewallRules: [{B8712ADE-4A9F-49F3-B7CF-C31B6345C4A1}] => (Allow) LPort=3478
FirewallRules: [{F78B59C3-0B13-4B61-AFA8-D1871EF02F03}] => (Allow) LPort=7850
FirewallRules: [{243F2979-9AE9-47B7-9CAC-0A0B7B88CE8A}] => (Allow) LPort=7852
FirewallRules: [{6E270EF5-847E-4B84-AE42-D1B7DDCD0BB6}] => (Allow) LPort=7853
FirewallRules: [{400D4E37-232D-48AE-92EE-AE841A8498E7}] => (Allow) LPort=27022
FirewallRules: [{9FD7D7C0-F5D8-49B9-98C2-7A8279D4051F}] => (Allow) LPort=6881
FirewallRules: [{13D0ED48-2B1E-4B45-B462-F7910D2892D3}] => (Allow) LPort=33333
FirewallRules: [{A3C9895E-A1F1-4225-B3E3-FA234D641B92}] => (Allow) LPort=20443
FirewallRules: [{81FFA30C-B004-401B-9E4A-59ADAB409A20}] => (Allow) LPort=8090
C:\Program Files (x86)\talon
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
U3 a2gz16x8; C:\Windows\System32\Drivers\a2gz16x8.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll => No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll -> No File
Shortcut: C:\Users\DiMiTrius\Desktop\GAMES\Wolverine.lnk -> E:\Wolverine\Run_Wolverine.bat (No File)
C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
C:\Users\DiMiTrius\AppData\Local\Rand.exe
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 000016384 _____ (RodeobeX) C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 001793368 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 002653184 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe
2018-06-01 14:51 - 2018-06-01 14:51 - 009596780 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll
2018-06-01 23:29 - 2018-06-01 23:29 - 003415488 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe
Task: {6CBD7DBF-E259-43B4-A12F-B6837D46C125} - System32\Tasks\magruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
Task: {C0B70750-0C43-4422-92BC-5BF83522A75B} - System32\Tasks\uncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} - System32\Tasks\uncouth_exhumeduncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} - System32\Tasks\magruder dinkins wynnmagruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
C:\Users\DiMiTrius\AppData\Local\Rand.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
HKLM-x32\...\Run: [MSS CS Connectivity Service] => "C:\Users\DiMiTrius\AppData\Local\Temp\patch\MSS CS Connectivity USBHub.exe" <==== ATTENTION
S3 cpuz140; \??\C:\Users\DIMITR~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
2018-06-01 23:29 - 2018-06-01 23:29 - 000016384 _____ (RodeobeX) C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 001793368 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe
2018-06-01 23:29 - 2018-06-01 23:29 - 002653184 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe
2018-06-01 14:51 - 2018-06-01 14:51 - 009596780 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll
2018-06-01 23:29 - 2018-06-01 23:29 - 003415488 _____ () C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe
C:\Program Files (x86)\Scripted\rosco.exe
Task: {59A372C9-69F1-4E3C-950E-27D2329263C1} - System32\Tasks\mifflinmifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
Task: {B876B4F1-81C4-4342-A2ED-C20AFC47147A} - System32\Tasks\mifflin => C:\Program Files (x86)\Scripted\rosco.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000078280 _____ () C:\Program Files (x86)\Scripted\rosco.exe
C:\Program Files (x86)\Scripted
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\Nickle\Papa.exe
C:\Users\DiMiTrius\AppData\Local\Papa.exe
HKLM\...\Run: [Todd] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Multitask] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Paymer] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Unpredictability] => C:\Program Files (x86)\hansford\Papa.exe [114688 2018-06-01] ()
ShortcutTarget: oklahomaoklahoma.lnk -> C:\Program Files (x86)\hansford\Papa.exe ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
Task: {36C8516A-0AC1-4E47-A71F-BD6450232420} - System32\Tasks\bloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {946B4102-0BFA-45F7-BFB6-735237A4427D} - System32\Tasks\olfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {AE53C39D-DB7F-4A05-837F-B6DCA9EB8A9F} - System32\Tasks\olfactory-collagesolfactory-collages => C:\Program Files (x86)\hansford\Papa.exe [2018-06-01] ()
Task: {C061C446-AB7A-43AD-8519-1D7753B74A32} - System32\Tasks\bloodline upliftedbloodline uplifted => C:\Program Files (x86)\Nickle\Papa.exe [2018-06-01] ()
Task: {C0B70750-0C43-4422-92BC-5BF83522A75B} - System32\Tasks\uncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
Task: {D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} - System32\Tasks\uncouth_exhumeduncouth_exhumed => C:\Users\DiMiTrius\AppData\Local\Papa.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\hansford\Papa.exe
C:\Program Files (x86)\hansford
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Papa.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Papa.exe
FirewallRules: [{B23B9AD3-3F10-4441-9FEF-AA658B03A107}] => (Allow) C:\Program Files (x86)\hansford\Papa.exe
FirewallRules: [{FFBDCF5D-3132-4A2E-8557-70DE2A6D1E2F}] => (Allow) C:\Program Files (x86)\Nickle\Papa.exe
C:\Program Files (x86)\Nickle
C:\Program Files (x86)\Manicurist
C:\Users\DiMiTrius\AppData\Local\Rand.exe
HKLM\...\Run: [Spirits] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM\...\Run: [Lacks] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Unrated] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKLM-x32\...\Run: [Cute] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Ooze] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Erotically] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Endearment] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Haberdashery] => C:\Program Files (x86)\Nickle\Rand.exe [114688 2018-06-01] ()
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [publicans] => C:\Program Files (x86)\Manicurist\Rand.exe [114688 2018-06-01] ()
ShortcutTarget: oklahoma.lnk -> C:\Program Files (x86)\Manicurist\Rand.exe ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Users\DiMiTrius\AppData\Local\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
Task: {195BFF64-290C-475A-954A-C6F896AA59CC} - System32\Tasks\fluorouracilfluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {45E35CB5-5C52-4B58-9700-7C2842705AA5} - System32\Tasks\grittiness_norelcogrittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {4F61B1B4-E980-433D-9D5A-05ABDF540030} - System32\Tasks\fluorouracil => C:\Program Files (x86)\Manicurist\Rand.exe [2018-06-01] ()
Task: {6CBD7DBF-E259-43B4-A12F-B6837D46C125} - System32\Tasks\magruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
Task: {74DA9B72-7E90-4576-BB79-3027C4000755} - System32\Tasks\grittiness_norelco => C:\Program Files (x86)\Nickle\Rand.exe [2018-06-01] ()
Task: {FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} - System32\Tasks\magruder dinkins wynnmagruder dinkins wynn => C:\Users\DiMiTrius\AppData\Local\Rand.exe [2018-06-01] ()
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Nickle\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Program Files (x86)\Manicurist\Rand.exe
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ () C:\Users\DiMiTrius\AppData\Local\Rand.exe
FirewallRules: [{1EEBF868-C058-4A59-BFEA-89BF3209F211}] => (Allow) C:\Program Files (x86)\Manicurist\Rand.exe
FirewallRules: [{975FE071-3219-4955-AF34-351698E4FCDE}] => (Allow) C:\Program Files (x86)\Nickle\Rand.exe
IFEO\CE i386.exe: [Debugger] Enable
IFEO\ce-x64.exe: [Debugger] Enable
IFEO\Cheat Engine.exe: [Debugger] Enable
IFEO\cheatengine-i386.exe: [Debugger] Enable
IFEO\cheatengine-x86_64.exe: [Debugger] Enable
EMPTYTEMP:
Reboot:

*****************

AVG Antivirus => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
avgbIDSAgent => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\avgsvc" => removed successfully
avgsvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\WtuSystemSupport" => removed successfully
WtuSystemSupport => service removed successfully
cpuz140 => service not found.
"HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removed successfully
nvvad_WaveExtensible => service removed successfully
"HKLM\System\CurrentControlSet\Services\nvvhci" => removed successfully
nvvhci => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\zghsser" => removed successfully
zghsser => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A147A5DA-5599-41EA-982D-CFA8DAFA6125}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AAE19AB-BE34-44F6-A950-5D297970B059}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D70FDCDE-ECCC-496C-9037-223716BC7780}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8712ADE-4A9F-49F3-B7CF-C31B6345C4A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F78B59C3-0B13-4B61-AFA8-D1871EF02F03}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{243F2979-9AE9-47B7-9CAC-0A0B7B88CE8A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E270EF5-847E-4B84-AE42-D1B7DDCD0BB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{400D4E37-232D-48AE-92EE-AE841A8498E7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FD7D7C0-F5D8-49B9-98C2-7A8279D4051F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13D0ED48-2B1E-4B45-B462-F7910D2892D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3C9895E-A1F1-4225-B3E3-FA234D641B92}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81FFA30C-B004-401B-9E4A-59ADAB409A20}" => removed successfully
C:\Program Files (x86)\talon => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSS CS Connectivity Service" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
pgt_svc => service not found.
a2gz16x8 => service not found.
cpuz140 => service not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AVG" => removed successfully
"HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}" => removed successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\AVG" => removed successfully
HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => not found
C:\Users\DiMiTrius\Desktop\GAMES\Wolverine.lnk => moved successfully
C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe => moved successfully
C:\Users\DiMiTrius\AppData\Local\Papa.exe => moved successfully
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSS CS Connectivity Service" => not found
cpuz140 => service not found.
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe => moved successfully
C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe => moved successfully
C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe => moved successfully
C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll => moved successfully
C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CBD7DBF-E259-43B4-A12F-B6837D46C125}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CBD7DBF-E259-43B4-A12F-B6837D46C125}" => removed successfully
"C:\Windows\System32\Tasks\magruder dinkins wynn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\magruder dinkins wynn" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0B70750-0C43-4422-92BC-5BF83522A75B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B70750-0C43-4422-92BC-5BF83522A75B}" => removed successfully
C:\Windows\System32\Tasks\uncouth_exhumed => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uncouth_exhumed" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B}" => removed successfully
C:\Windows\System32\Tasks\uncouth_exhumeduncouth_exhumed => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uncouth_exhumeduncouth_exhumed" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FECAE0C3-CB33-40F9-B604-4E4EAF9AB353}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECAE0C3-CB33-40F9-B604-4E4EAF9AB353}" => removed successfully
"C:\Windows\System32\Tasks\magruder dinkins wynnmagruder dinkins wynn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\magruder dinkins wynnmagruder dinkins wynn" => removed successfully
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSS CS Connectivity Service" => not found
cpuz140 => service not found.
"C:\Users\DiMiTrius\AppData\Local\Temp\capi.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Temp\gimi.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Temp\setup.dll" => not found
"C:\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe" => not found
Could not move "C:\Program Files (x86)\Scripted\rosco.exe" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59A372C9-69F1-4E3C-950E-27D2329263C1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59A372C9-69F1-4E3C-950E-27D2329263C1}" => removed successfully
C:\Windows\System32\Tasks\mifflinmifflin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mifflinmifflin" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B876B4F1-81C4-4342-A2ED-C20AFC47147A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B876B4F1-81C4-4342-A2ED-C20AFC47147A}" => removed successfully
C:\Windows\System32\Tasks\mifflin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mifflin" => removed successfully
Could not move "C:\Program Files (x86)\Scripted\rosco.exe" => Scheduled to move on reboot.

"C:\Program Files (x86)\Scripted" folder move:

Could not move "C:\Program Files (x86)\Scripted" => Scheduled to move on reboot.

"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
C:\Program Files (x86)\Nickle\Papa.exe => moved successfully
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Todd" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Multitask" => not found
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Paymer" => removed successfully
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Unpredictability" => removed successfully
"C:\Program Files (x86)\hansford\Papa.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36C8516A-0AC1-4E47-A71F-BD6450232420}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C8516A-0AC1-4E47-A71F-BD6450232420}" => removed successfully
C:\Windows\System32\Tasks\bloodline uplifted => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bloodline uplifted" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{946B4102-0BFA-45F7-BFB6-735237A4427D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{946B4102-0BFA-45F7-BFB6-735237A4427D}" => removed successfully
"C:\Windows\System32\Tasks\olfactory-collages" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\olfactory-collages" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE53C39D-DB7F-4A05-837F-B6DCA9EB8A9F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE53C39D-DB7F-4A05-837F-B6DCA9EB8A9F}" => removed successfully
"C:\Windows\System32\Tasks\olfactory-collagesolfactory-collages" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\olfactory-collagesolfactory-collages" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C061C446-AB7A-43AD-8519-1D7753B74A32}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C061C446-AB7A-43AD-8519-1D7753B74A32}" => removed successfully
C:\Windows\System32\Tasks\bloodline upliftedbloodline uplifted => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bloodline upliftedbloodline uplifted" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B70750-0C43-4422-92BC-5BF83522A75B} => not found
"C:\Windows\System32\Tasks\uncouth_exhumed" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uncouth_exhumed => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0ACD460-F4CA-4FE0-9B8B-37C80BE19D6B} => not found
"C:\Windows\System32\Tasks\uncouth_exhumeduncouth_exhumed" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uncouth_exhumeduncouth_exhumed => not found
"C:\Program Files (x86)\hansford\Papa.exe" => not found
C:\Program Files (x86)\hansford => moved successfully
"C:\Program Files (x86)\Nickle\Papa.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Papa.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B23B9AD3-3F10-4441-9FEF-AA658B03A107}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFBDCF5D-3132-4A2E-8557-70DE2A6D1E2F}" => removed successfully

"C:\Program Files (x86)\Nickle" folder move:

Could not move "C:\Program Files (x86)\Nickle" => Scheduled to move on reboot.

C:\Program Files (x86)\Manicurist => moved successfully
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Spirits" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Lacks" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Unrated" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Cute" => removed successfully
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ooze" => not found
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Erotically" => removed successfully
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Endearment" => not found
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Haberdashery" => removed successfully
"HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\publicans" => removed successfully
"C:\Program Files (x86)\Manicurist\Rand.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{195BFF64-290C-475A-954A-C6F896AA59CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195BFF64-290C-475A-954A-C6F896AA59CC}" => removed successfully
"C:\Windows\System32\Tasks\fluorouracilfluorouracil" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fluorouracilfluorouracil" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45E35CB5-5C52-4B58-9700-7C2842705AA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45E35CB5-5C52-4B58-9700-7C2842705AA5}" => removed successfully
C:\Windows\System32\Tasks\grittiness_norelcogrittiness_norelco => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\grittiness_norelcogrittiness_norelco" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F61B1B4-E980-433D-9D5A-05ABDF540030}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F61B1B4-E980-433D-9D5A-05ABDF540030}" => removed successfully
"C:\Windows\System32\Tasks\fluorouracil" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fluorouracil" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CBD7DBF-E259-43B4-A12F-B6837D46C125} => not found
"C:\Windows\System32\Tasks\magruder dinkins wynn" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\magruder dinkins wynn => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74DA9B72-7E90-4576-BB79-3027C4000755}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74DA9B72-7E90-4576-BB79-3027C4000755}" => removed successfully
C:\Windows\System32\Tasks\grittiness_norelco => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\grittiness_norelco" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECAE0C3-CB33-40F9-B604-4E4EAF9AB353} => not found
"C:\Windows\System32\Tasks\magruder dinkins wynnmagruder dinkins wynn" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\magruder dinkins wynnmagruder dinkins wynn => not found
C:\Program Files (x86)\Nickle\Rand.exe => moved successfully
"C:\Program Files (x86)\Manicurist\Rand.exe" => not found
"C:\Users\DiMiTrius\AppData\Local\Rand.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EEBF868-C058-4A59-BFEA-89BF3209F211}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{975FE071-3219-4955-AF34-351698E4FCDE}" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CE i386.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ce-x64.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Cheat Engine.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cheatengine-i386.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cheatengine-x86_64.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23147897 B
Java, Flash, Steam htmlcache => 720211 B
Windows/system/drivers => 1005600102 B
Edge => 0 B
Chrome => 132420 B
Firefox => 388087458 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 0 B
DiMiTrius => 173548302 B
TEMP => 0 B

RecycleBin => 6980 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-06-2018 12:21:57)

C:\Program Files (x86)\Scripted\rosco.exe => Is moved successfully
C:\Program Files (x86)\Scripted\rosco.exe => Is moved successfully
C:\Program Files (x86)\Scripted => moved successfully
C:\Program Files (x86)\Nickle => moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected

==== End of Fixlog 12:21:58 ====



# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-02-2018
# Duration: 00:00:07
# OS:       Windows 7 Ultimate
# Cleaned:  46
# Failed:   0


***** [ Services ] *****

Deleted       vToolbarUpdater40.3.8
Deleted       Updater

***** [ Folders ] *****

Deleted       C:\Users\DiMiTrius\Documents\TotalAV
Deleted       C:\Users\DiMiTrius\AppData\Local\AdvinstAnalytics
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\ProgramData\avg web tuneup
Deleted       C:\Users\DiMiTrius\AppData\Local\avg web tuneup
Deleted       C:\Users\DiMiTrius\AppData\Roaming\imminent
Deleted       C:\Program Files\Common Files\AVG Secure Search
Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted       C:\Users\DiMiTrius\AppData\Local\slimware utilities inc
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys
Deleted       C:\Users\DiMiTrius\AppData\Roaming\Installer.dat

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Microleaves
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|DUP
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\glassinbox.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted       HKCU\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\LavasoftTcpService.exe
Deleted       HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted       HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}

***** [ Chromium (and derivatives) ] *****

Deleted       AVG Web TuneUp

***** [ Chromium URLs ] *****

Deleted       Ask Jeeves

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


It appears things are better but I will of course wait for you to tell me so before I wander off. Thanks again.
 



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 02 June 2018 - 10:16 AM

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
 
RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

Once these are completed, rescan with FRST.

 

  • Double-click to run it.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 June 2018 - 12:10 PM

All done. Here are my logs. Looking good so far. :-)


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/2/18
Scan Time: 4:36 PM
Log File: c626ab6a-667a-11e8-babd-3085a9453ace.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5338
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DiMiTrius-PC\DiMiTrius

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274252
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)




RogueKiller V12.12.19.0 (x64) [May 28 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DiMiTrius [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/02/2018 16:50:01 (Duration : 00:45:00)

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] setup.tmp(3512) -- C:\Users\DiMiTrius\AppData\Local\Temp\is-B16DV.tmp\setup.tmp[x] -> Found
[Suspicious.Path] x3.exe(4704) -- C:\Users\DiMiTrius\AppData\Local\Temp\is-KRM7I.tmp\x3.exe[x] -> Found

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [x] -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : AVG Web TuneUp [chfdnecihphmhljaaejmgoiahnihplgn] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500312CS ATA Device +++++
--- User ---
[MBR] f2552989bd2df2d0541b3d96cc20a695
[BSP] 98107deee0444ee97005c77991a379cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EAVS-00M4B0 ATA Device +++++
--- User ---
[MBR] 3b7362d9ab831ba9043a159543cdde9f
[BSP] 1afddd7868cb743729b85fb58e9aea3c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 577743 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1183219380 | Size: 376123 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3750640AS ATA Device +++++
--- User ---
[MBR] 5bf0a590b4611b62d3a52a8e4fa419d3
[BSP] f4a9e14555d5c366c4c161b5a4662922 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715393 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.06.2018
Ran by DiMiTrius (administrator) on DIMITRIUS-PC (02-06-2018 18:07:50)
Running from C:\Users\DiMiTrius\Desktop
Loaded Profiles: DiMiTrius &  (Available Profiles: DiMiTrius)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\updates\7.10.3_44429\bittorrentie.exe
(BitTorrent Inc.) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\updates\7.10.3_44429\bittorrentie.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-06-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-06-01] (Valve Corporation)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Run: [sintered] => "C:\Program Files (x86)\talon\sintered.exe" aay
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\MountPoints2: {b6704561-7e46-11e6-8175-3085a9453ace} - D:\Startme.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\MountPoints2: {bf7e3697-0a17-11e6-bf90-3085a9453ace} - I:\AutoRun.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3200800 2018-06-01] (Valve Corporation)
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sintered] => "C:\Program Files (x86)\talon\sintered.exe" aay
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b6704561-7e46-11e6-8175-3085a9453ace} - D:\Startme.exe
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf7e3697-0a17-11e6-bf90-3085a9453ace} - I:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0456DC07-2FAA-4D3E-B020-A160B66154D3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD2E7FBA-34D5-4819-A41E-754431D0525D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-2467884633-685454356-10440173-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2467884633-685454356-10440173-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={27D80DBF-9CFA-496E-A41D-289720DC7223}&mid=987bcdfc3e9347cc9262e1ccefa1d33d-727bf793f16490c05b83738a91acdf2ba220d452&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117avz&pr=fr&d=2017-01-22 05:37:26&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={27D80DBF-9CFA-496E-A41D-289720DC7223}&mid=987bcdfc3e9347cc9262e1ccefa1d33d-727bf793f16490c05b83738a91acdf2ba220d452&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117avz&pr=fr&d=2017-01-22 05:37:26&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-24] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 0eck2bys.default-1527173798741
FF ProfilePath: C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741 [2018-06-02]
FF Extension: (Google NoTrack) - C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741\Extensions\googlenotrack@dirtylittlehelpers.com.xpi [2018-06-01]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\DiMiTrius\AppData\Roaming\Mozilla\Firefox\Profiles\0eck2bys.default-1527173798741\features\{e259790f-830c-49fb-8c11-f330e7d8c5f7}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-31] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2018-06-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-06-01]

Chrome:
=======
CHR Profile: C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default [2018-06-02]
CHR Extension: (Google Slides) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Docs) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Drive) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Tampermonkey) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-08-16]
CHR Extension: (Google Sheets) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-16]
CHR Extension: (Gmail) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\DiMiTrius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-16]
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-06-02] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-06-02] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S2 KingoSoftService; C:\Users\DiMiTrius\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [377832 2017-08-20] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-01-24] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-01-24] (Electronic Arts)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-06-02] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-13] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-06-02] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-06-02] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-06-02] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-06-02] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-06-02] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-06-02] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-06-02] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-06-02] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-06-02] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-06-02] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-06-02] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-06-02] (AVG Technologies CZ, s.r.o.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] () [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
R3 Larmkanal; C:\Windows\System32\DRIVERS\Larmkanal.sys [33112 2015-09-02] (Adoriasoft LLC)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2017-02-22] (hxxp://libusb-win32.sourceforge.net)
R3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-08-10] (hxxp://libusb-win32.sourceforge.net)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-02] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-02] (Malwarebytes)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23968 2015-11-24] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51560 2014-05-23] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2016-04-26] (Duplex Secure Ltd.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
U3 a0h0n711; C:\Windows\System32\Drivers\a0h0n711.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 18:07 - 2018-06-02 18:08 - 000020458 _____ C:\Users\DiMiTrius\Desktop\FRST.txt
2018-06-02 18:07 - 2018-06-02 18:07 - 000000000 ____D C:\Users\DiMiTrius\Desktop\FRST-OlderVersion
2018-06-02 17:20 - 2018-06-02 17:20 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\Antagonist
2018-06-02 16:50 - 2018-06-02 16:50 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-02 16:49 - 2018-06-02 18:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-02 16:49 - 2018-06-02 16:49 - 000001007 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-06-02 16:49 - 2018-06-02 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-06-02 16:48 - 2018-06-02 16:49 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-02 16:34 - 2018-06-02 16:38 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-02 16:34 - 2018-06-02 16:34 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-02 16:34 - 2018-06-02 16:34 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-02 16:34 - 2018-06-02 16:34 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-02 16:34 - 2018-06-02 16:34 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-02 16:33 - 2018-06-02 16:33 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-02 16:33 - 2018-06-02 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-02 16:33 - 2018-06-02 16:33 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-02 16:33 - 2018-06-02 16:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-02 16:33 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-02 16:30 - 2018-06-02 16:31 - 000000000 ____D C:\Users\DiMiTrius\Desktop\FIRST SET OF LOGS FOR VIRUS
2018-06-02 14:30 - 2018-06-02 14:30 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Blur
2018-06-02 14:29 - 2018-06-02 14:29 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-06-02 12:16 - 2018-06-02 12:16 - 007271632 _____ (Malwarebytes) C:\Users\DiMiTrius\Desktop\adwcleaner_7.1.1.exe
2018-06-02 11:32 - 2018-06-02 11:32 - 000000000 ____D C:\Windows\pss
2018-06-02 03:29 - 2018-06-02 03:31 - 145228072 _____ (Kaspersky Lab ZAO) C:\Users\DiMiTrius\Downloads\KVRT.exe
2018-06-02 03:19 - 2018-06-02 03:19 - 000000000 ___HD C:\$AV_AVG
2018-06-02 03:16 - 2018-06-02 02:11 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-06-02 02:51 - 2018-06-02 12:17 - 000000001 _____ C:\akio5dbc4cpzxp5
2018-06-02 02:14 - 2018-06-02 02:28 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-06-02 02:12 - 2018-06-02 02:11 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-06-02 02:11 - 2018-06-02 02:11 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-06-02 02:10 - 2018-06-02 02:10 - 000000000 ____D C:\Program Files (x86)\AVG
2018-06-02 02:09 - 2018-06-02 02:09 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DiMiTrius\Downloads\avg_antivirus_free_setup.exe
2018-06-02 01:41 - 2018-06-02 18:07 - 000000000 ____D C:\FRST
2018-06-02 01:40 - 2018-06-02 18:07 - 002413056 _____ (Farbar) C:\Users\DiMiTrius\Desktop\FRST64.exe
2018-06-02 01:08 - 2018-06-02 01:08 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-06-02 01:04 - 2018-06-02 01:04 - 011609024 _____ (SurfRight B.V.) C:\Users\DiMiTrius\Downloads\hitmanpro_x64.exe
2018-06-02 00:10 - 2018-06-02 00:17 - 000222984 _____ C:\TDSSKiller.3.1.0.17_02.06.2018_00.10.22_log.txt
2018-06-02 00:10 - 2018-06-02 00:10 - 000006452 _____ C:\TDSSKiller.3.1.0.17_02.06.2018_00.10.00_log.txt
2018-06-02 00:08 - 2018-06-02 00:09 - 004949824 _____ (AO Kaspersky Lab) C:\Users\DiMiTrius\Downloads\tdsskiller.exe
2018-06-02 00:00 - 2018-06-02 00:00 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-02 00:00 - 2018-06-02 00:00 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-02 00:00 - 2018-06-02 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-02 00:00 - 2018-06-02 00:00 - 000000000 ____D C:\Program Files\CCleaner
2018-06-01 23:58 - 2018-06-01 23:58 - 015838840 _____ (Piriform Ltd) C:\Users\DiMiTrius\Downloads\ccsetup543.exe
2018-06-01 23:41 - 2018-06-01 23:41 - 000003734 _____ C:\Windows\System32\Tasks\teams
2018-06-01 23:40 - 2018-06-02 00:35 - 000000000 ____D C:\Program Files (x86)\santayana
2018-06-01 23:40 - 2018-06-01 23:40 - 000003586 _____ C:\Windows\System32\Tasks\teamsteams
2018-06-01 23:40 - 2018-06-01 23:40 - 000000012 _____ C:\Windows\b23544935
2018-06-01 23:30 - 2018-06-01 23:30 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Package Cache
2018-06-01 21:34 - 2018-06-01 21:34 - 000114688 _____ C:\Windows\pneumococcus.exe
2018-06-01 15:53 - 2018-06-01 15:53 - 000037098 _____ C:\Windows\uninstaller.dat
2018-05-30 17:53 - 2018-05-30 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remothered Tormented Fathers HD
2018-05-30 13:06 - 2018-05-30 13:06 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Agony
2018-05-30 10:53 - 2018-05-30 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agony
2018-05-29 14:55 - 2018-05-29 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom Come Deliverance
2018-05-29 11:05 - 2018-05-29 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devil May Cry HD Collection
2018-05-29 03:38 - 2018-05-29 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2018-05-29 03:23 - 2018-05-29 03:23 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2018-05-28 22:41 - 2018-05-28 22:41 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\NVIDIA
2018-05-28 22:41 - 2018-05-28 22:41 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\fs-uae
2018-05-28 15:32 - 2018-05-28 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outcast - Second Contact
2018-05-28 13:22 - 2018-05-28 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-28 13:21 - 2018-05-22 21:09 - 000132392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-28 13:21 - 2018-05-14 17:01 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-28 13:20 - 2018-05-28 13:20 - 000000000 ____D C:\Windows\system32\unknown
2018-05-28 13:20 - 2018-05-28 13:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-28 13:17 - 2018-05-23 19:24 - 040089632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-28 13:17 - 2018-05-23 19:24 - 032359864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 016997632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-28 13:17 - 2018-05-23 19:23 - 003964960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 003496992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001562016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001467800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001418840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 001092000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 000626776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-28 13:17 - 2018-05-23 19:23 - 000517536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 031276288 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 025990096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 017782384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 015192624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000904904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000420000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000164944 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-28 13:17 - 2018-05-23 19:22 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-28 13:17 - 2018-05-22 22:52 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-28 13:17 - 2018-05-22 22:52 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-28 13:17 - 2018-05-22 22:52 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-28 13:17 - 2018-05-22 22:52 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-28 07:13 - 2018-05-28 07:13 - 000076402 _____ C:\Windows\SysWOW64\dxdiag.xml
2018-05-28 02:48 - 2018-05-28 02:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein II The New Colossus
2018-05-28 02:43 - 2018-05-28 02:52 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\FreeReign
2018-05-28 02:43 - 2018-05-28 02:43 - 000000000 ____D C:\Users\DiMiTrius\Documents\FreeReign
2018-05-28 02:43 - 2018-05-28 02:43 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CrashRpt
2018-05-27 22:19 - 2018-05-27 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-05-27 22:00 - 2018-05-27 22:00 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\Deceptive Games Ltd_
2018-05-27 21:43 - 2018-05-27 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Descent
2018-05-27 17:45 - 2018-05-27 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall 2
2018-05-27 10:51 - 2018-05-28 13:21 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-27 10:51 - 2018-05-27 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan SDK 1.1.73.0
2018-05-27 10:46 - 2018-05-27 10:46 - 000000000 ____D C:\VulkanSDK
2018-05-26 17:22 - 2018-05-26 17:22 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\com.stateofplaygames.LuminoCity
2018-05-26 17:22 - 2018-05-26 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Play Games
2018-05-26 17:20 - 2018-05-26 17:20 - 000000000 ____D C:\Program Files (x86)\State of Play Games
2018-05-26 10:53 - 2018-05-26 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 5
2018-05-26 10:04 - 2018-06-01 23:55 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-26 10:04 - 2018-05-27 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-26 10:04 - 2018-05-26 10:04 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\SUPERAntiSpyware.com
2018-05-26 10:04 - 2018-05-26 10:04 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-26 09:47 - 2018-06-02 13:52 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\BitTorrent
2018-05-25 15:41 - 2018-05-25 15:41 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-25 12:23 - 2018-05-25 12:24 - 000000000 ____D C:\Users\DiMiTrius\Documents\Assassin's Creed Origins
2018-05-25 11:47 - 2018-05-25 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Origins
2018-05-25 10:27 - 2018-05-25 11:48 - 000000000 ____D C:\Program Files (x86)\Assassin's Creed Origins
2018-05-25 00:03 - 2018-05-25 00:03 - 000000000 ____D C:\Games
2018-05-24 19:58 - 2018-06-02 12:31 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-24 19:58 - 2018-05-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-24 18:24 - 2018-06-01 08:56 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\NCH Software
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-05-24 18:24 - 2018-05-24 18:24 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-05-24 16:00 - 2018-05-27 13:43 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 18:06 - 2016-04-22 15:03 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\BitTorrent
2018-06-02 17:20 - 2016-04-22 20:47 - 000000000 ____D C:\Users\DiMiTrius\Desktop\GAMES
2018-06-02 17:12 - 2016-04-23 19:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-02 17:11 - 2016-04-22 19:13 - 000042858 _____ C:\Users\DiMiTrius\Documents\ax_files.xml
2018-06-02 16:53 - 2016-08-18 04:49 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-06-02 16:33 - 2016-08-09 15:12 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-02 16:33 - 2016-04-22 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-02 14:30 - 2016-04-25 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2018-06-02 12:39 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-02 12:39 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-02 12:33 - 2016-11-16 17:57 - 000000000 ____D C:\Users\DiMiTrius\AppData\LocalLow\Mozilla
2018-06-02 12:31 - 2017-07-23 18:32 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 12:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-02 12:27 - 2016-06-23 10:42 - 000000000 ____D C:\AdwCleaner
2018-06-02 12:23 - 2016-05-02 12:45 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-06-02 12:17 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-02 12:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-06-02 12:06 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-06-02 11:31 - 2016-06-10 14:08 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CrashDumps
2018-06-02 03:20 - 2017-04-25 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-06-02 03:18 - 2017-04-03 17:50 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-06-02 02:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-06-02 02:11 - 2017-04-03 17:49 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-06-02 02:11 - 2017-04-03 17:49 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-06-02 02:11 - 2016-04-22 14:44 - 000000000 ____D C:\ProgramData\Avg
2018-06-02 02:10 - 2017-04-03 17:49 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-06-02 02:10 - 2017-04-03 17:49 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-06-02 02:10 - 2017-04-03 17:49 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-06-02 02:10 - 2017-04-03 17:49 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-06-02 01:15 - 2016-06-21 20:12 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\MPC-HC
2018-06-02 00:39 - 2016-08-20 13:40 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-02 00:39 - 2016-08-20 13:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-02 00:39 - 2016-04-23 19:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-02 00:35 - 2017-08-22 17:37 - 000000000 ____D C:\Program Files\Darkwood
2018-06-02 00:03 - 2016-06-04 13:45 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\FileZilla
2018-06-02 00:02 - 2016-11-25 20:53 - 000000000 ____D C:\Windows\Minidump
2018-06-02 00:02 - 2014-02-22 10:19 - 000000000 ____D C:\Windows\Panther
2018-06-02 00:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\ModemLogs
2018-06-01 23:43 - 2016-08-18 01:34 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-01 23:40 - 2017-02-17 17:09 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-01 23:40 - 2016-11-16 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-01 10:59 - 2016-12-12 18:54 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\vlc
2018-06-01 10:59 - 2014-02-22 02:26 - 000000000 ____D C:\Users\DiMiTrius
2018-06-01 10:52 - 2016-04-22 18:16 - 000000000 ____D C:\Users\DiMiTrius\Desktop\PICS FROM BINKS CAM
2018-06-01 10:49 - 2016-04-22 18:15 - 000000000 ____D C:\Users\DiMiTrius\Desktop\PICS and VIDS FROM PHONE
2018-05-31 13:46 - 2016-04-22 19:10 - 000000000 ____D C:\Users\DiMiTrius\Documents\My Games
2018-05-30 13:06 - 2016-04-25 12:17 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\UnrealEngine
2018-05-30 13:00 - 2016-12-01 21:26 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\Ubisoft Game Launcher
2018-05-29 13:37 - 2016-08-20 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-28 23:31 - 2016-06-28 15:13 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Kodi
2018-05-28 20:46 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-28 13:22 - 2017-07-23 18:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-28 13:22 - 2017-07-23 18:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-28 13:21 - 2017-07-23 19:12 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\NVIDIA
2018-05-28 13:21 - 2016-04-24 13:38 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-27 22:19 - 2016-06-28 15:10 - 000000000 ____D C:\Program Files (x86)\Kodi
2018-05-27 21:25 - 2016-05-11 12:25 - 000000000 ____D C:\Users\DiMiTrius\AppData\Local\CAPCOM
2018-05-27 16:21 - 2016-05-16 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-05-27 16:21 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-27 12:40 - 2016-07-07 13:05 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-27 11:41 - 2014-02-22 03:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 10:29 - 2016-04-22 15:04 - 000000817 _____ C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-05-24 22:04 - 2017-02-02 14:00 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-24 22:03 - 2017-02-02 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-24 22:01 - 2017-02-02 14:01 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-24 18:32 - 2017-01-21 14:14 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Skype
2018-05-24 18:32 - 2017-01-21 14:14 - 000000000 ____D C:\ProgramData\Skype
2018-05-24 16:00 - 2014-02-22 03:19 - 000000000 ____D C:\Users\DiMiTrius\AppData\Roaming\Mozilla
2018-05-24 14:38 - 2016-08-18 01:32 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 14:38 - 2016-08-18 01:32 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 14:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\security
2018-05-23 19:23 - 2017-07-23 18:30 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 004613408 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 004081624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-23 19:22 - 2017-07-23 18:30 - 000505736 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-22 22:52 - 2017-07-23 18:32 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-22 22:52 - 2017-07-23 18:30 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-22 22:52 - 2017-07-23 18:30 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-22 20:58 - 2017-07-23 18:32 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-22 20:57 - 2017-07-23 18:32 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-22 07:43 - 2017-07-23 18:32 - 008186102 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2017-04-14 13:47 - 2017-04-14 13:47 - 000000552 _____ () C:\Users\DiMiTrius\AppData\Local\TroubleshooterConfig.json

Some files in TEMP:
====================
2018-06-02 16:49 - 2016-03-15 09:37 - 001733592 _____ (Microsoft Corporation) C:\Users\DiMiTrius\AppData\Local\Temp\dllnt_dump.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ntUsrrI_1_0.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 08:27

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by DiMiTrius (02-06-2018 18:08:54)
Running from C:\Users\DiMiTrius\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-02-22 01:26:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2467884633-685454356-10440173-500 - Administrator - Disabled)
DiMiTrius (S-1-5-21-2467884633-685454356-10440173-1000 - Administrator - Enabled) => C:\Users\DiMiTrius
Guest (S-1-5-21-2467884633-685454356-10440173-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Ad-aware 6 Professional (HKLM-x32\...\Ad-aware 6 Professional) (Version: 6.0.1.158 - Lavasoft Sweden)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Agony (HKLM-x32\...\Agony_is1) (Version:  - )
Àíàáèîç. Ñîí ðàçóìà (HKLM-x32\...\{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1) (Version: 1.0.2.608 - Ôèðìà 1C)
Alan Wake American Nightmare (HKLM-x32\...\GOGPACKALANWAKEAMERICANNIGHTMARE_is1) (Version: 2.1.0.24 - GOG.com)
Alice Madness Returns - The Complete Collection (HKLM-x32\...\Alice Madness Returns - The Complete Collection_is1) (Version:  - )
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Armikrog (HKLM-x32\...\1433157800_is1) (Version: 2.0.0.1 - GOG.com)
Asemblance (HKLM-x32\...\Asemblance_is1) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed Origins (HKLM-x32\...\{DAC281DD-7006-49D4-905B-E8BDA474A230}_is1) (Version:  - Ubisoft)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
BitTorrent (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
Blur (HKLM-x32\...\Blur_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty - WWII version 1.41 (HKLM-x32\...\Call of Duty - WWII_is1) (Version: 1.41 - )
Carmageddon (HKLM-x32\...\GOGPACKCARMAGEDDON_is1) (Version: 2.0.0.63 - GOG.com)
Carmageddon 2 Carpocalypse Now (HKLM-x32\...\GOGPACKCARMAGEDDON2_is1) (Version: 2.0.0.26 - GOG.com)
Carmageddon Max Damage (HKLM-x32\...\Carmageddon Max Damage_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Cryostasis Sleep of Reason (HKLM-x32\...\Cryostasis Sleep of Reason_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Cuphead (HKLM-x32\...\Cuphead_is1) (Version:  - )
Darkwood (HKLM\...\ZGFya3dvb2Q_is1) (Version: 1 - )
Deadlight Directors Cut (HKLM-x32\...\Deadlight Directors Cut_is1) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.11 - NCH Software)
Devil May Cry HD Collection (HKLM-x32\...\Devil May Cry HD Collection_is1) (Version:  - )
De-Void (HKLM-x32\...\De-Void_is1) (Version:  - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
Drizzlepath: Glass (HKLM\...\ZHJpenpsZXBhdGhnbGFzcw_is1) (Version: 1 - )
Duke Nukem 3D Twentieth Anniversary World Tour (HKLM-x32\...\Duke Nukem 3D Twentieth Anniversary World Tour_is1) (Version:  - )
Dying Light (HKLM-x32\...\1448452156_is1) (Version: 2.0.0.8 - GOG.com)
Dying Light: The Following - Enhanced Edition Reinforcements (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EVERSPACE (HKLM-x32\...\1513949567_is1) (Version: 2.0.0.2 - GOG.com)
FaceRig virtual audio driver version 1.0 (HKLM-x32\...\{D605CD1D-D626-4740-B657-86DC30723FCF}_is1) (Version: 1.0 - Adoriasoft LLC)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Far Cry 5 (HKLM-x32\...\{73B938C4-0DDA-448D-8E46-87401EA87339}_is1) (Version:  - Ubisoft)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
FlatOut (HKLM-x32\...\1207658693_is1) (Version: 2.1.0.7 - GOG.com)
FMW 1 (HKLM\...\{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
FonePaw Android Data Recovery 1.8.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.8.0 - FonePaw)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Fossil Echo (HKLM-x32\...\1230646427_is1) (Version: 2.0.0.1 - GOG.com)
Gears of War (HKLM-x32\...\{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Gears of War (HKLM-x32\...\Gears of War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Gears of War (HKLM-x32\...\InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}) (Version: 1.00.0000 - Microsoft Game Studios)
GetEven (HKLM-x32\...\GetEven_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro VR Player 2.1 (HKLM\...\GoPro VR Player 2.1) (Version: V2.1.2 - GoPro)
Hard Reset Redux (HKLM-x32\...\Hard Reset Redux_is1) (Version:  - )
Hellblade: Senua's Sacrifice (HKLM-x32\...\1573355755_is1) (Version: 1.0 - GOG.com)
Hitman (HKLM-x32\...\Hitman_is1) (Version:  - )
Hunt Down The Freeman (HKLM-x32\...\Hunt Down The Freeman_is1) (Version:  - )
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\{513624C8-A6E3-44FA-A449-5C2BDAA72CC4}_is1) (Version:  - Avalanche Studios)
Kingdom Come Deliverance (HKLM-x32\...\Kingdom Come Deliverance_is1) (Version:  - )
Kingo ROOT version 1.5.4.3126 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.4.3126 - Kingosoft Technology Ltd.)
Kingpin - Life of Crime (HKLM-x32\...\Kingpin - Life of Crime_is1) (Version:  - GOG.com)
Kingpin: Life of Crime (HKLM-x32\...\Kingpin) (Version:  - )
K-Lite Codec Pack 12.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.5 - KLCP)
Kodi (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\Kodi) (Version:  - XBMC Foundation)
Kodi (HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Kodi) (Version:  - XBMC Foundation)
Life is Strange (HKLM-x32\...\Life is Strange_is1) (Version:  - )
Little Inferno (HKLM-x32\...\1444053723_is1) (Version: 2.0.0.1 - GOG.com)
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
Lumino City (HKLM-x32\...\Lumino City_is1) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Max Payne 3 Complete Edition (HKLM\...\bWF4cGF5bmUz_is1) (Version: 1 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-GB)) (Version: 56.0 - Mozilla)
Mozilla Firefox 60.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-GB)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Otems Defiance (HKLM-x32\...\Otems Defiance_is1) (Version:  - )
Outcast - Second Contact (HKLM-x32\...\Outcast - Second Contact_is1) (Version:  - )
Outlast 2 (HKLM-x32\...\Outlast 2_is1) (Version:  - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PIXPRO_360_STITCH (HKLM-x32\...\{73CC0E00-3FDF-4A6B-90EA-ACC912BDA9DF}) (Version: 1.3.6 - JK Imaging)
PIXPRO_SP360_4K (HKLM-x32\...\{CA6FE01C-9B4B-4248-8B62-CF609F0884CD}) (Version: 2.2.5 - JK Imaging)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Redneck Rampage Collection (HKLM-x32\...\Redneck Rampage Collection_is1) (Version:  - GOG.com)
Redout (HKLM-x32\...\Redout_is1) (Version:  - )
Remothered Tormented Fathers HD (HKLM-x32\...\Remothered Tormented Fathers HD_is1) (Version:  - )
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version:  - )
Resident Evil 4 (HKLM-x32\...\UmVzaWRlbnRFdmlsNA==_is1) (Version: 1 - )
Resident Evil 5 Gold Edition (HKLM-x32\...\Resident Evil 5 Gold Edition_is1) (Version: 1.0 - PLAZA)
Ridge (HKLM-x32\...\Ridge_is1) (Version:  - )
Riftcat (HKLM-x32\...\{8346dab5-9676-4878-9891-b24811bf4ce4}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
Root Of Evil The Tailor (HKLM-x32\...\Root Of Evil The Tailor_is1) (Version:  - )
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Shadwen (HKLM\...\c2hhZHdlbg_is1) (Version: 1 - )
Silent Descent (HKLM-x32\...\Silent Descent_is1) (Version:  - )
Slain! (HKLM-x32\...\1458053826_is1) (Version: 2.4.0.5 - GOG.com)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Stacking (HKLM-x32\...\GOGPACKSTACKING_is1) (Version: 2.0.0.6 - GOG.com)
STAR WARS® Jedi Knight - Dark Forces 2 (HKLM-x32\...\1422286819_is1) (Version: 2.0.0.6 - GOG.com)
STAR WARS® Jedi Knight - Mysteries of the Sith (HKLM-x32\...\1422285784_is1) (Version: 2.0.0.5 - GOG.com)
STAR WARS™ - Shadows of the Empire (HKLM-x32\...\1449669419_is1) (Version: 2.0.0.9 - GOG.com)
STAR WARS™ Jedi Knight™ II - Jedi Outcast™ (HKLM-x32\...\1428935917_is1) (Version: 2.0.0.3 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamWorld Heist - Hatbox - Hatful Eight + 2 (HKLM-x32\...\1567936393_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist - Hatbox - Three 4 Free (HKLM-x32\...\1872178582_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist - The Outsider (HKLM-x32\...\1108458982_is1) (Version: 2.0.0.1 - GOG.com)
SteamWorld Heist (HKLM-x32\...\1668986402_is1) (Version: 2.0.0.3 - GOG.com)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
System Requirements Lab Detection (HKLM-x32\...\{76976233-78C8-41B3-AC22-B4701643B99B}) (Version: 6.1.1.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
The Final Station (HKLM-x32\...\1580842560_is1) (Version: 2.0.0.2 - GOG.com)
The Old City Leviathan (HKLM-x32\...\The Old City Leviathan_is1) (Version:  - )
The Room Two (HKLM-x32\...\The Room Two_is1) (Version:  - )
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Solus Project (HKLM-x32\...\The Solus Project_is1) (Version:  - )
The Technomancer (HKLM-x32\...\The Technomancer_is1) (Version:  - )
This War of Mine - The Little Ones (HKLM-x32\...\This War of Mine - The Little Ones_is1) (Version:  - )
Through the Woods Update v20161029 (HKLM\...\dGhyb3VnaHRoZXdvb2Rz_is1) (Version: 1 - )
Titanfall 2 (HKLM-x32\...\Titanfall 2_is1) (Version:  - )
Tom Clancy's Ghost Recon Wildlands (HKLM\...\Tom Clancys Ghost Recon Wildlands_is1) (Version: 1.0 - )
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Troll and I (HKLM-x32\...\Troll and I_is1) (Version:  - )
Unravel (HKLM\...\Unravel_is1) (Version: 1.0.0.0 - )
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
Victor Vran (HKLM-x32\...\Victor Vran_is1) (Version:  - )
Video Card Stability Test (HKLM-x32\...\Video Card Stability Test) (Version: v.1.0.0.3 - FreeStone Group)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VulkanSDK 1.1.73.0 (HKLM\...\VulkanSDK1.1.73.0) (Version: 1.1.73.0 - LunarG, Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\webmdshow) (Version:  - )
WebM Project Directshow Filters (HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webmdshow) (Version:  - )
Wickr Me (HKLM-x32\...\{7668652D-F198-4E7B-8FF4-5E2DC13D9AD7}) (Version: 2.6.0.4 - Wickr Inc.)
Windows Password Recovery Tool Professional  (HKLM-x32\...\Windows Password Recovery Tool Professional) (Version:  - Tenorshare, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinToUSB version 2.9 (HKLM\...\WinToUSB_is1) (Version: 2.9 - The EasyUEFI Development Team.)
Wolfenstein II The New Colossus (HKLM-x32\...\Wolfenstein II The New Colossus_is1) (Version:  - )
Woolfe - The Red Hood Diaries (HKLM-x32\...\Woolfe - The Red Hood Diaries_is1) (Version:  - GRIN)
World of Goo (HKLM-x32\...\1421855536_is1) (Version: 2.1.0.2 - GOG.com)
XECUTER CK3 PRO - USB (HKLM-x32\...\{B5734BB9-56FC-4937-88F2-AB34ABF49821}) (Version: 1.00.000 - XECUTER)
Zombie Driver HD - Complete Edition (HKLM-x32\...\Zombie Driver HD - Complete Edition_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2013-09-17] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2013-09-17] (Alcohol Soft Development Team)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {018AB3A0-6C74-4208-886D-70DB366D4AAC} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-06-02] (AVG Technologies CZ, s.r.o.)
Task: {1B1B8FB2-8E39-430B-8519-04EDDB7D1725} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {1D84FC13-4FCD-414F-8CEC-0D61F3B3C2D3} - System32\Tasks\{76B2D188-9A2C-42C3-8CB1-B62C13673E8B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Reddinhome\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Reddinhome\uninstall.dat" -a uninstallme 63569479-C0B9-441A-8CEB-16887EDB0DCB DeviceId=cb87367d-6712-7e1f-043a-1a44d25be8dd BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {3FCE3A04-2645-4D64-B782-B231F8BFE32E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-02] (AVG Technologies CZ, s.r.o.)
Task: {427A6FAC-D38D-4D71-9B98-E5C9CDC9EA71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {46E17068-F3C5-4989-9E5D-23BB11D48B16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {4D4C5615-354B-4C99-9CDC-EB04289E28FF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {74068405-4B4D-4DBE-BE8E-4B6142E6E138} - System32\Tasks\teams => C:\Program Files (x86)\santayana\santayana.exe
Task: {863874E6-B012-41A2-BD56-3D815387B258} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {9D97A0B1-8ED9-4CF8-916A-786ED052128C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-02] (Adobe Systems Incorporated)
Task: {AA879C58-0711-4418-AE8D-9EA2E427BA66} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2017-03-10] (Advanced Micro Devices, Inc.)
Task: {B023BDAE-8AB4-48D8-9576-916E18B67574} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-25] (Adobe Systems Incorporated)
Task: {CEFF1A6E-7140-4D52-8BB8-279A4D1A122A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-18] (Google Inc.)
Task: {F3782BCE-2784-4E8B-8373-6CB9A426C61F} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {F8AB912E-6922-446A-A962-A5B0408F4A5C} - System32\Tasks\teamsteams => C:\Program Files (x86)\santayana\santayana.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\DiMiTrius\Desktop\GAMES\It Came from the Desert.lnk -> I:\Games\It Came From The Desert\ItCameFromTheDesert.bat ()

ShortcutWithArgument: C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-22 19:47 - 2017-02-22 19:47 - 000307712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\f68d1e915dbc0bc68152573db01c25af\ReactiveSockets.ni.dll
2014-05-02 12:52 - 2014-05-02 12:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 07:55 - 2014-05-02 07:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 07:05 - 2014-05-02 07:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2017-01-13 20:10 - 2017-01-13 20:10 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000738032 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 001067248 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000595696 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2018-06-02 16:33 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-02 16:33 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000481008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000886512 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2018-06-02 03:19 - 2018-06-02 03:19 - 000925936 _____ () C:\Program Files (x86)\AVG\Antivirus\anen.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000983792 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-06-02 02:11 - 2018-06-02 02:11 - 000520944 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2018-06-02 16:35 - 2018-06-02 16:35 - 005786864 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18060206\algo.dll
2018-06-02 03:20 - 2018-06-02 03:20 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-05-24 20:00 - 2018-05-01 08:32 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-05-24 20:00 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-05-24 20:00 - 2018-06-01 20:02 - 002632480 _____ () C:\Program Files (x86)\Steam\video.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-05-24 20:00 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-05-24 20:00 - 2018-06-01 20:02 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-05-24 20:00 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-05-24 20:02 - 2018-05-01 08:32 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-05-24 20:02 - 2018-05-14 20:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-05-24 20:00 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-05-24 20:03 - 2018-05-14 20:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-05-24 20:02 - 2018-05-14 20:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2467884633-685454356-10440173-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-05-27 02:04 - 000000992 ____R C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 superantispyware.com
0.0.0.0 license.superantispyware.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2467884633-685454356-10440173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2467884633-685454356-10440173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\DiMiTrius\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A9F9E8CB-EC07-43BF-B432-55994599F47C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBE9800A-680C-407E-851E-B6001D57E68C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9624A6E-3187-4226-A05F-C911E705FB7B}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D28B991B-8D42-49F2-9FAB-3A3E031D0B5A}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB86E974-BA9C-41ED-B3B4-69AC5E16E5F0}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D4234910-9C99-486B-8578-81E00C141A2C}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AAD027A2-8368-48BD-BE93-DCCE9DBACD17}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C0E7D820-87E7-47F5-BCD7-0BBB437C0460}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{56A95247-2ED5-4477-9A1B-251EE6F85B12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A923D42F-BB9A-4361-834C-C1F688AED171}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AFD49C77-9086-44A3-9403-F44C82C1A710}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7F96C87-E161-4F81-BEB6-2414AD0A7524}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6BA293C9-6377-470C-8890-828795B5F520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{FD7FBE5F-3112-43C9-80B6-52B40D984AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{9FE6D89C-1974-41F9-B3AE-B749187A5610}E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [UDP Query User{16C5E45E-195F-4516-BDCE-0DF6E5022FBC}E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe] => (Allow) E:\a story about my uncle\binaries\win32\asamu-win32-shipping.exe
FirewallRules: [TCP Query User{360241C9-1156-4594-9209-57DDCB40B8B2}E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe] => (Allow) E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe
FirewallRules: [UDP Query User{9A84E1FF-E1E8-4E40-9D29-CE052C9D9289}E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe] => (Allow) E:\afterfall reconquest ep1\binaries\win32\pearlgame.exe
FirewallRules: [{B1EDCF3F-23E9-44A0-AF74-E10B23AEED49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{DB9E2470-54C2-4EA3-87AD-884381C42B62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{25CE2228-ACDF-46F3-B91F-D0916F838F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1 Multiplayer\sin.exe
FirewallRules: [{8F4D86E4-71D9-48A7-AD95-A6CA1C05F9D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1 Multiplayer\sin.exe
FirewallRules: [{84B4CAB2-A7D3-46E4-8C1D-4C1AE6128B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1\runme.exe
FirewallRules: [{3B5F6535-1653-478F-9801-C3662588FA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN 1\runme.exe
FirewallRules: [{A73E38AE-D445-4FA7-8FD9-258C28BAEA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{70C41D4A-B6D8-49FA-A530-766817BFFFBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{D04846FC-2510-4F9E-9668-71B1314208C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{1DB9FD0D-7DC4-4306-A7DC-24E020DAAE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{C9E3C67E-D752-4C35-B491-02996CAE80F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{63E933D2-CC0B-42B6-A2D2-912257F93D6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{BBB06810-B552-4886-BEA8-4146BA7E497A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{50988B0A-4497-424E-BAD2-F451C4B1FA05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{619A7E58-D8F8-47DD-8ACC-F3F5C6A3897C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{3AE6C3AD-BAAC-4880-A015-BBBCB1E7C460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [TCP Query User{B5B2FF80-D5C3-40B3-B01F-BE8C7367C09C}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{0DDB898E-103E-4CE6-8445-59D6A7B7A2A8}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{2E8ECD25-7968-4830-B9DA-3D7F06017330}E:\dear esther\dearesther.exe] => (Allow) E:\dear esther\dearesther.exe
FirewallRules: [UDP Query User{5A20AB4D-682E-4385-9528-6A2549D1A4D9}E:\dear esther\dearesther.exe] => (Allow) E:\dear esther\dearesther.exe
FirewallRules: [TCP Query User{0ED6454F-B01C-4BC4-960B-9634170A3D93}E:\doom 3 bfg edition\doom3bfg.exe] => (Allow) E:\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [UDP Query User{0E983465-48C1-464B-8138-AB72EBF64ED8}E:\doom 3 bfg edition\doom3bfg.exe] => (Allow) E:\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [TCP Query User{F8A26CFE-8141-483D-B44C-1D5AF4C9C096}E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe] => (Allow) E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe
FirewallRules: [UDP Query User{86D67C51-8ABB-4E02-9F75-9B15E31CAD3C}E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe] => (Allow) E:\geminiheroesreborn\travelergame\binaries\win64\travelergame-win64-shipping.exe
FirewallRules: [{4B752BEE-19AD-4B37-806A-288023B50224}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{51EC85BC-F7D5-4557-91CD-600BFBD96A51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{CD91CCF9-EE7E-493B-8355-FAFB37660E88}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [UDP Query User{6953AC09-5FA8-4583-9133-F323FA641C31}D:\games\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) D:\games\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [TCP Query User{7451656D-80E6-478B-8896-DFEF3C352BFA}E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{CB434AAE-CA25-42CE-8F56-FBE967538B69}E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator goatz\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{81DD0DF8-945A-4235-BD40-A4040D5B1CE5}E:\in verbis virtus\binaries\win32\ivv.exe] => (Allow) E:\in verbis virtus\binaries\win32\ivv.exe
FirewallRules: [UDP Query User{87BE2481-7BE8-495A-890C-06DB921B44C1}E:\in verbis virtus\binaries\win32\ivv.exe] => (Allow) E:\in verbis virtus\binaries\win32\ivv.exe
FirewallRules: [TCP Query User{545FB4FC-1ACE-45BD-A8D1-C84B8B6C5A08}E:\john woo presents stranglehold\binaries\retail-stranglehold.exe] => (Allow) E:\john woo presents stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [UDP Query User{6B0BC25D-52F8-4603-BE96-6BC4FEE035E6}E:\john woo presents stranglehold\binaries\retail-stranglehold.exe] => (Allow) E:\john woo presents stranglehold\binaries\retail-stranglehold.exe
FirewallRules: [TCP Query User{641B9794-D569-471C-8303-E7723BDBCA5D}E:\lex mortis\bin32\lexmortis.exe] => (Allow) E:\lex mortis\bin32\lexmortis.exe
FirewallRules: [UDP Query User{BB52E892-EA01-44EB-87E8-DEEC0C6C6636}E:\lex mortis\bin32\lexmortis.exe] => (Allow) E:\lex mortis\bin32\lexmortis.exe
FirewallRules: [TCP Query User{E1B03D8E-4F49-4CA0-ACD7-E0638E3603D1}E:\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{972AAD0D-60F3-4D9D-AD6F-7918A6E732E8}E:\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{B45239BA-970C-4081-A371-3BD88F50A269}E:\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) E:\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [UDP Query User{CC96A55A-8A22-4C45-9B89-BCE41AE918CD}E:\everybodys gone to the rapture\bin64\rapture_release.exe] => (Allow) E:\everybodys gone to the rapture\bin64\rapture_release.exe
FirewallRules: [TCP Query User{2A67D9B2-6F2C-4E3C-9C81-A930BD548E93}E:\styx master of shadows\binaries\win64\styxgame.exe] => (Allow) E:\styx master of shadows\binaries\win64\styxgame.exe
FirewallRules: [UDP Query User{DC720624-CA8C-4516-8876-E9E98DFDEDE2}E:\styx master of shadows\binaries\win64\styxgame.exe] => (Allow) E:\styx master of shadows\binaries\win64\styxgame.exe
FirewallRules: [TCP Query User{862DE122-5E6C-41D5-A8C8-8CD8BFE8A872}E:\renegade ops\renegadeops.exe] => (Allow) E:\renegade ops\renegadeops.exe
FirewallRules: [UDP Query User{8C29CF03-7CD0-4F30-B5C6-B8866AD39D96}E:\renegade ops\renegadeops.exe] => (Allow) E:\renegade ops\renegadeops.exe
FirewallRules: [TCP Query User{B73F8969-8598-4384-A3F1-56ED777D4D44}E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [UDP Query User{605F071B-7842-492A-87E3-B2FDA8D25585}E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe] => (Allow) E:\shadow.complex.remastered\binaries\win32\shadowcomplex-win32-egl.exe
FirewallRules: [TCP Query User{A7D33893-34F7-4CAF-899D-BEABFE6790D7}E:\the lost valley\lv\bin64\lv.exe] => (Allow) E:\the lost valley\lv\bin64\lv.exe
FirewallRules: [UDP Query User{5758AD92-A3F3-4CA2-BB6F-839350BD36BD}E:\the lost valley\lv\bin64\lv.exe] => (Allow) E:\the lost valley\lv\bin64\lv.exe
FirewallRules: [TCP Query User{0366A561-826B-4F6F-933A-18859EF73A66}E:\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) E:\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [UDP Query User{AF21199C-9E36-4EC9-B5DD-F72F36C476CB}E:\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Allow) E:\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [TCP Query User{7984C037-69D3-477D-BFBF-54A08E431FF0}E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{2623E991-694E-46C4-83BC-241B04405780}E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) E:\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [TCP Query User{40E23C3E-5222-4B54-BA19-EA43AE0E9147}E:\woolfetrhd\binaries\win64\woolfegame.exe] => (Allow) E:\woolfetrhd\binaries\win64\woolfegame.exe
FirewallRules: [UDP Query User{9EE15996-4F90-449C-A9D0-2617206891A8}E:\woolfetrhd\binaries\win64\woolfegame.exe] => (Allow) E:\woolfetrhd\binaries\win64\woolfegame.exe
FirewallRules: [{849BFCF3-0FDB-4879-98CA-9F7DEBDE1222}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6EE0E2D1-1905-4939-93CE-F3A3C5719376}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2AEA3C49-71D9-4EB7-A2FF-21230E6CD521}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E3EA24FE-CDB9-43B8-BCA6-880A206A67B5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [TCP Query User{259E1888-2295-4A93-81A3-E83E3A3CABA2}I:\games\dying light\dyinglightgame.exe] => (Allow) I:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{17F31D14-5A0D-4AE4-BEB0-881C433B54F2}I:\games\dying light\dyinglightgame.exe] => (Allow) I:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{D3FCE1CC-34EB-489B-B4E4-28A6339439A9}C:\program files (x86)\renegade ops\renegadeops.exe] => (Allow) C:\program files (x86)\renegade ops\renegadeops.exe
FirewallRules: [UDP Query User{5A3D9A24-AE2C-46AC-A4D5-81E15ADF0517}C:\program files (x86)\renegade ops\renegadeops.exe] => (Allow) C:\program files (x86)\renegade ops\renegadeops.exe
FirewallRules: [TCP Query User{02D020AA-2066-4A9C-99CA-B8AC6631016A}I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [UDP Query User{C9E06C92-7616-48D9-A96E-F733CF0FAA28}I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) I:\games\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [{B82E33BB-5642-4A19-A6B4-757FFD21BAC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{7ED4DF74-CD1A-44FE-8BDA-B2295DF200D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{CBF850B1-F206-4D3A-A372-27B3F271CBCC}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [UDP Query User{929B9FEE-B4F2-4FEB-A688-75F5A9ECBDD0}C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe] => (Allow) C:\program files (x86)\holotech studios\facerig pro\bin\facerig.exe
FirewallRules: [TCP Query User{4C9FEF15-1D75-407D-9262-2E4F3CC40908}I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe] => (Allow) I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe
FirewallRules: [UDP Query User{01A77A6E-0D57-4153-8B1F-9610EF19BC18}I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe] => (Allow) I:\trials.of.the.blood.dragon-3dm\datapack\trialsblooddragon.exe
FirewallRules: [TCP Query User{AC9109B6-A726-459C-B405-3CA483070C58}I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{3ABB8DA5-0389-4366-8E46-37A4D11DCCFE}I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\z.i.o.n\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{4E89F378-936B-4E29-940D-9FD79FD9F07A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{83239BCF-B2B3-4DCC-AC4A-AE4F18A4CCE9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{C1273853-2920-40E4-8A4D-20D705F53985}I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe] => (Allow) I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe
FirewallRules: [UDP Query User{A298844B-3FC6-4679-B2A6-D54AAEF22409}I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe] => (Allow) I:\games\breached\breached\binaries\win64\breached-win64-shipping.exe
FirewallRules: [TCP Query User{1B7EA231-C788-472F-8E01-937E34541740}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CA7D2377-AB4B-4AE5-9F09-A05D9D4C9E8E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9B6C743F-1217-4529-97F4-DC5821CDBA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transmissions Element 120\hl2.exe
FirewallRules: [{9D83FE67-BEEB-46F7-B9FE-F0082707D9B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transmissions Element 120\hl2.exe
FirewallRules: [TCP Query User{F87E9BDE-EFE7-44E7-A41B-F93970DB98AF}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{F3683F7C-4338-4780-BDE7-09497336C151}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{BAF5B61D-F6AD-4BA4-BFD4-E50BDE47983D}I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe] => (Allow) I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe
FirewallRules: [UDP Query User{4022252C-9EF8-4422-92FA-C2839EE54DD7}I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe] => (Allow) I:\games\ghostbusters\ghostbusters\binaries\win64\ghostbusters.exe
FirewallRules: [{002E72FB-301A-4E0F-A2C1-5AA09EED8BB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\brainbread2\hl2.exe
FirewallRules: [{C6984D8A-82E8-49EA-9C91-D4771B6A7A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\brainbread2\hl2.exe
FirewallRules: [{D3CFD7D3-5A57-4829-BF42-81D71EDE80E5}] => (Allow) I:\INSIDE\Steam\Steam.exe
FirewallRules: [{E32BF3B8-3FCD-4B56-B72D-4439509BA0CB}] => (Allow) I:\INSIDE\Steam\Steam.exe
FirewallRules: [TCP Query User{25FEC8F6-20AD-4131-8E37-4D36439B6CFF}I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{DDB8CDF4-214D-496E-9529-5F236FE7A342}I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\we.happy.few.early.access\wehappyfew\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{489FD761-1636-4E07-B664-91A18CE64422}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [UDP Query User{4C07F4A9-C43C-46B5-B201-0713883DCA2A}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [{75EE9CD7-2224-4F5B-8759-41296A48BDE0}] => (Allow) I:\ABZU.Incl.Update.1\Steam\Steam.exe
FirewallRules: [{FD2EE5A7-550F-4791-921C-CC8B51C5C468}] => (Allow) I:\ABZU.Incl.Update.1\Steam\Steam.exe
FirewallRules: [TCP Query User{DA54A9EE-F29A-4EDB-BB93-C5338B133BCF}I:\games\left4dead2\left 4 dead 2\left4dead2.exe] => (Allow) I:\games\left4dead2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{64032AC4-BF4C-4C23-AA03-742310F59275}I:\games\left4dead2\left 4 dead 2\left4dead2.exe] => (Allow) I:\games\left4dead2\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{27A2ABB1-94E8-4B70-A194-087123E6BDAA}I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{716726C5-88E7-445E-B919-A275F60ACD32}I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) I:\games\sniper blacklist\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{A7E5E219-53D5-400F-8D5D-F7FEBE15FD02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{E4CBB5EC-B573-4ED5-9EED-95F1B1C46834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{866959C2-8B0F-48C4-87EC-E28B31535950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source 2007 Dedicated Server\srcds.exe
FirewallRules: [{982AEEA7-9088-4FED-A9C7-4E17FEAA79D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source 2007 Dedicated Server\srcds.exe
FirewallRules: [TCP Query User{5AEE7C2F-1BE9-4E54-8453-1AD7A02FA5CC}I:\games\ridge\ridge\binaries\win64\ridge.exe] => (Allow) I:\games\ridge\ridge\binaries\win64\ridge.exe
FirewallRules: [UDP Query User{30237996-CF75-4C12-8E3D-0EA3FDE7835C}I:\games\ridge\ridge\binaries\win64\ridge.exe] => (Allow) I:\games\ridge\ridge\binaries\win64\ridge.exe
FirewallRules: [TCP Query User{C348A79C-3D3A-4E60-8584-948E8953CA46}C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{270615BC-DB1E-4D80-A250-3B11DC192B6D}C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) C:\program files (x86)\ea games\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{A87CE058-6463-4E73-B5DE-CF426E1F0AF5}] => (Allow) I:\Games\WarThunder\launcher.exe
FirewallRules: [{5B6DE542-75FE-4CB6-8C32-3F1316CB8732}] => (Allow) I:\Games\WarThunder\launcher.exe
FirewallRules: [TCP Query User{18A766E0-020E-4FDB-8F58-AD62C3A4BF4D}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{D07B16B4-3F3F-45E9-917A-96ACCE48FBDA}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{7DF53B2F-0F42-4093-BF8D-382248BDC372}I:\games\nether - resurrected\game\binaries\win64\nether.exe] => (Allow) I:\games\nether - resurrected\game\binaries\win64\nether.exe
FirewallRules: [UDP Query User{C7026B93-271F-47E8-A226-16EE7232416E}I:\games\nether - resurrected\game\binaries\win64\nether.exe] => (Allow) I:\games\nether - resurrected\game\binaries\win64\nether.exe
FirewallRules: [TCP Query User{3783952A-E6C4-41AF-8B10-25BE35E23CA4}I:\games\resident evil 5 gold edition\launcher.exe] => (Allow) I:\games\resident evil 5 gold edition\launcher.exe
FirewallRules: [UDP Query User{5828B75B-4E76-4286-9A84-95D814FA0947}I:\games\resident evil 5 gold edition\launcher.exe] => (Allow) I:\games\resident evil 5 gold edition\launcher.exe
FirewallRules: [TCP Query User{2D7394B6-1CED-4125-B614-A1DDCD62CB85}I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{F2FCC9B9-37CC-409E-99C8-5185DB9DF74B}I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) I:\games\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{11268F14-CB99-4FD9-B3F6-3FF233F7CCC8}I:\games\singularity\binaries\singularity.exe] => (Allow) I:\games\singularity\binaries\singularity.exe
FirewallRules: [UDP Query User{BC170854-3CAF-4FA1-BC67-4B76C38022E6}I:\games\singularity\binaries\singularity.exe] => (Allow) I:\games\singularity\binaries\singularity.exe
FirewallRules: [{B73B6160-3C6F-46D9-B8E9-BD8A1E27B982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minds Eyes\MindsEyesLaunch.exe
FirewallRules: [{0DF5A29E-A92F-4C44-AE75-D89BF44ACCC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Minds Eyes\MindsEyesLaunch.exe
FirewallRules: [TCP Query User{85F6FDF1-788F-4086-85CE-E353796B1419}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{D72D6A51-9025-418F-865C-CFC6114D06CD}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{933027F9-710C-4D59-8CE5-2FF410743AE6}I:\games\call of duty - modern warfare 2\iw4mp.exe] => (Allow) I:\games\call of duty - modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{940A3306-35F8-48D9-B460-8EA30F2A7B7B}I:\games\call of duty - modern warfare 2\iw4mp.exe] => (Allow) I:\games\call of duty - modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{1684D466-BFAD-4485-932C-8E5952CB2A85}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [UDP Query User{05C9798C-0520-4DDB-93D6-D0433C1BA562}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{0C208F8D-E124-452E-905B-B16DF1BC4954}E:\quantum break\dx11\quantumbreak.exe] => (Allow) E:\quantum break\dx11\quantumbreak.exe
FirewallRules: [UDP Query User{6F0C4AE1-EED9-4B15-B703-C50AF7FFCF68}E:\quantum break\dx11\quantumbreak.exe] => (Allow) E:\quantum break\dx11\quantumbreak.exe
FirewallRules: [{F8617DEF-0CE9-469F-8C49-1F3BE6BFA0C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{41608E1D-AFA8-42EC-86BF-5CBD7FD1E14B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{2980BA8F-E468-46BA-A657-26C675EC9E95}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{BA537403-D714-4363-8994-3F24A08BBB87}] => (Allow) E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{4C2FF566-C4DD-4DE6-9C64-6F3A05BA9DCD}] => (Allow) E:\SteamLibrary\steamapps\common\Piercing Blow\PiercingBlow.exe
FirewallRules: [{4725A9D3-0333-461B-978D-3037E8D1449B}] => (Allow) E:\SteamLibrary\steamapps\common\Piercing Blow\PiercingBlow.exe
FirewallRules: [TCP Query User{E1517768-D5AF-4992-AC31-3EC3A1373A82}G:\games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\games\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{9C4177E1-D67A-4AFB-9254-D12F02D6D969}G:\games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\games\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [TCP Query User{D1952B89-19B1-4C08-BA65-D63C331C4A66}I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C3500F0C-F28C-49EB-84FE-895997572410}I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) I:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [TCP Query User{11CBC411-0D1C-4DAE-AF52-2C01CC2FE5AD}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{E53534B7-1003-4F66-89D3-CEA0A9A1DE8F}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{B1926DBE-C4A7-4709-BC4A-C04A87224637}I:\games\dishonored\binaries\win32\game.exe] => (Allow) I:\games\dishonored\binaries\win32\game.exe
FirewallRules: [UDP Query User{D578A124-CB43-4FA9-AF3A-357D0ED23E5E}I:\games\dishonored\binaries\win32\game.exe] => (Allow) I:\games\dishonored\binaries\win32\game.exe
FirewallRules: [{D3EFD966-A252-46B8-B325-6C885AB32D47}] => (Allow) I:\Games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{084756E4-5AE8-4661-890D-9DB60ED3D6F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F3F143A-87CE-47B2-A7E7-D4406ECD04E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBAF905A-8EF1-4E76-8524-CAA29C3B7391}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9612400C-E72F-4827-99A6-55A97D14615E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5346EA76-70B3-4082-A01C-DC568F9FF103}I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{7D4EF6AB-6727-4FC6-94D3-72CE5C3D66E7}I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) I:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{F51D460A-CA81-49DD-97B8-7D371C95770B}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [UDP Query User{6575B2BE-E0FD-4D5D-8357-588DD32BB091}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [{3E4996A4-72D7-445F-A9FA-B2B45B29157A}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{7DDEB095-F74B-47A7-A97D-18404705D06F}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{721CA5A5-F33A-4F39-827D-FCFEC8723B03}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{93882085-DE64-4540-A95E-A566452C34E7}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{4D812C41-436A-4B60-A7B7-09D929D00402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{6E5EC2A7-C8E8-49BB-8CEE-5E34B62CB2D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{682125A7-98E2-4CD7-A200-7A5842505E1F}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [UDP Query User{442A077F-CD02-400C-A87E-5ACEAE6B5F24}C:\program files (x86)\trinusvr\tgserver.exe] => (Allow) C:\program files (x86)\trinusvr\tgserver.exe
FirewallRules: [TCP Query User{E302BDB8-DC08-4A31-B5F8-BD4975DE99E4}C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{E5415488-BE6E-4532-B655-D6A43B4E8AB9}C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\riftcat\content\chemistryexperimentvr\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{E12511B6-845D-4D67-B4B4-8B35A525EE71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E64B8A8B-B089-4533-ACE6-D04C6E8ABAEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{58680256-6140-4355-B7D2-9A4FCFAA455E}I:\games\et armies\binaries\win32\udk.exe] => (Allow) I:\games\et armies\binaries\win32\udk.exe
FirewallRules: [UDP Query User{BB97C660-E4FE-4E77-AD74-3847DAA90DDB}I:\games\et armies\binaries\win32\udk.exe] => (Allow) I:\games\et armies\binaries\win32\udk.exe
FirewallRules: [{CE4D0FF6-8D8F-49CB-9CD8-48273E7C6DF1}] => (Allow) G:\Games\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{B4FDB598-1A74-4AE6-8F3B-FE8D9968FDAE}] => (Allow) G:\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{0F28FC83-B6F2-4C3D-9B81-2EA66A67F5EE}] => (Allow) G:\SteamLibrary\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{5ABA9722-F9A5-4E7C-B746-E47794E2707B}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{30631058-2C19-4CCD-A0DC-13273302247E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A83DC6B2-8E67-42DF-80A7-D91B2CE29EBC}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{0E8A5635-3DFC-4B4A-B914-E9A5AD30406C}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{7CD809F5-88D9-43C5-8A0A-A1C0CF5943B6}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{DB14B12B-7F0D-4153-82DB-18CE260470A0}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [TCP Query User{29290EEA-2F82-4CA2-8509-AC42E668CC0E}C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe] => (Allow) C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe
FirewallRules: [UDP Query User{9D161B92-2BBC-4302-831C-3DC04FFC4C21}C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe] => (Allow) C:\program files (x86)\jk imaging\pixpro_sp360_4k\pixpro_sp360_4k.exe
FirewallRules: [TCP Query User{1A06B82B-6D33-47E5-833F-6D8D1924B75E}I:\rise of the triad\binaries\win64\rott.exe] => (Allow) I:\rise of the triad\binaries\win64\rott.exe
FirewallRules: [UDP Query User{E5972520-8FF4-4543-AAF3-0894C4FB4775}I:\rise of the triad\binaries\win64\rott.exe] => (Allow) I:\rise of the triad\binaries\win64\rott.exe
FirewallRules: [{55695AB5-4A7D-45DB-AD09-AA9F4DD33FA1}] => (Allow) I:\Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{BB41C833-2391-4A77-A266-BB7A16ED2292}] => (Allow) I:\Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{FD16F011-E4D7-468A-8C98-CC6197D566D0}] => (Allow) I:\Games\Battlefield 1\bf1.exe
FirewallRules: [{D7D24DCE-EDD1-43B6-8520-74A0154404EE}] => (Allow) I:\Games\Battlefield 1\bf1.exe
FirewallRules: [{CD0826D9-067B-422D-8246-74E663A43656}] => (Allow) I:\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{FD7C013C-47D1-4BD3-8F9D-E9E189D895DA}] => (Allow) I:\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [TCP Query User{5D4444BF-CC6B-4897-9C88-D6B3CAD0A103}E:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{747F12B5-9484-412B-82F4-19FB6F2BA7F6}E:\outlast whistleblower\binaries\win64\olgame.exe] => (Allow) E:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{D21C8C29-EF53-4C3E-B613-00D5D173DFBE}I:\games\renegade ops collection\renegadeops.exe] => (Allow) I:\games\renegade ops collection\renegadeops.exe
FirewallRules: [UDP Query User{ADDA0653-814A-42AC-913A-C7F4948B5E50}I:\games\renegade ops collection\renegadeops.exe] => (Allow) I:\games\renegade ops collection\renegadeops.exe
FirewallRules: [{86444982-13EB-4D8B-890A-A9E8A953B09E}] => (Allow) I:\Games\AC Syndicate\ACS.exe
FirewallRules: [{545744AC-C30B-488D-A7D6-7188D4EEB09E}] => (Allow) I:\Games\AC Syndicate\ACS.exe
FirewallRules: [TCP Query User{8A74A08C-78C7-4AD6-8D74-5241889C0B01}E:\homefront the revolution\bin64\homefront2_release.exe] => (Allow) E:\homefront the revolution\bin64\homefront2_release.exe
FirewallRules: [UDP Query User{AD12D81F-ED35-48FC-81ED-431DA5A10CCB}E:\homefront the revolution\bin64\homefront2_release.exe] => (Allow) E:\homefront the revolution\bin64\homefront2_release.exe
FirewallRules: [{28D3B1E2-5109-4577-8FB9-6F184D4FFAEB}] => (Allow) E:\Stacking\stack.exe
FirewallRules: [TCP Query User{DDE56B02-8EF5-4AE3-A1E3-269608AF32B8}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{87C15C32-93DC-4C53-90F3-2601C45F2248}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [TCP Query User{01946DC8-71AA-4284-8070-039DEAB939E6}G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{680C7775-FDB1-437D-9FB9-277550986944}G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) G:\games\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [TCP Query User{2B9BC5C2-83EF-439B-BCEA-5EC629D2173B}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [UDP Query User{020275B1-28F6-4907-BA7D-597972A37217}I:\games\alien isolation\ai.exe] => (Allow) I:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{BC2D28E3-6FDF-4BFD-BE3F-B2703B57159A}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{EE794F77-F140-42CC-BAE1-9D808754D2DD}E:\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) E:\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{5FB8E3F3-B456-42E9-9ADF-B41DA8D1C51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{0AE710F5-472F-4B44-8579-E68461F2161A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [TCP Query User{DBE10FC3-1DEA-4670-84BF-98423A252AD3}G:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) G:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{B6DEDCB8-6B22-47C7-A75E-51FBCCB7216F}G:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) G:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{523CFD90-AD14-4799-9A50-6D2F144A194D}] => (Allow) G:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [{A2E2E8D0-B9CA-441A-975D-92658ED405E6}] => (Allow) G:\SteamLibrary\steamapps\common\Alien Swarm Reactive Drop\reactivedrop.exe
FirewallRules: [TCP Query User{47FBC0AE-61D3-40C0-9BC5-73021D5CB70E}G:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) G:\games\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{5892DC42-EDEE-4F94-9E30-6DB68356889F}G:\games\outlast 2\binaries\win64\outlast2.exe] => (Allow) G:\games\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [{E88DDEBC-CC25-411B-827E-8B8619B94E03}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{C570EA49-A547-424D-9B92-1FC62089BCD2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5C87F403-11DC-44C6-B532-BD750A268176}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F969CEFB-F493-48B4-BD92-6116E1605D61}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{68BADAB4-BFCA-486C-B71B-BD7113EF59D9}G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{CB346E32-FF0D-430C-BBC6-BEC41786B7E8}G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) G:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{097AD7F8-768E-467E-886B-C80AFE92122B}] => (Allow) G:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{7D44CD2B-27CF-4CEE-A1C2-39B1F8E48B43}] => (Allow) G:\SteamLibrary\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [TCP Query User{F8B8CC8F-B703-4F04-BFD8-0FD3780584A2}G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe] => (Allow) G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe
FirewallRules: [UDP Query User{A82AB05A-E683-4BA0-9519-7D5EDE38B7E6}G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe] => (Allow) G:\games\moto racer 4\mr4\binaries\win64\mr4-win64-shipping.exe
FirewallRules: [TCP Query User{D2EB039F-7A73-4C14-967E-BC1D823C68E7}G:\games\nex machina\nex_machina.exe] => (Allow) G:\games\nex machina\nex_machina.exe
FirewallRules: [UDP Query User{96AFE43E-5633-4B84-B490-8FDB029BEE38}G:\games\nex machina\nex_machina.exe] => (Allow) G:\games\nex machina\nex_machina.exe
FirewallRules: [{91CE5F9D-8446-4201-8C87-F9DC07409653}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C11E444E-6A33-4C4E-8F78-FC3D093C5816}] => (Allow) C:\Users\DiMiTrius\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{8213D9F8-2FB6-4540-84AC-41ADCA9EBBD7}I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe] => (Allow) I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe
FirewallRules: [UDP Query User{B6BA8DC4-69D7-40FD-A492-51903CC51191}I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe] => (Allow) I:\games\shiny\shiny\binaries\win64\shiny-win64-shipping.exe
FirewallRules: [TCP Query User{79DD9442-9583-4554-AB9D-39C2D6190C5C}I:\games\investigator\bin64\investigator.exe] => (Allow) I:\games\investigator\bin64\investigator.exe
FirewallRules: [UDP Query User{F505C053-7DDD-464B-8937-C8857D4670E3}I:\games\investigator\bin64\investigator.exe] => (Allow) I:\games\investigator\bin64\investigator.exe
FirewallRules: [TCP Query User{45C59C15-C64C-422E-907C-EAAFC63680FD}G:\games\geteven\binaries\win64\geteven.exe] => (Allow) G:\games\geteven\binaries\win64\geteven.exe
FirewallRules: [UDP Query User{1F915FB5-1876-46A7-901D-8B9AF0C644D0}G:\games\geteven\binaries\win64\geteven.exe] => (Allow) G:\games\geteven\binaries\win64\geteven.exe
FirewallRules: [TCP Query User{3618EE5F-3A27-4E6E-AD3F-8546733FEA18}G:\games\max payne 3\max payne 3\maxpayne3.exe] => (Allow) G:\games\max payne 3\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{8A2C75DA-987B-475C-9338-B3008CBAE49A}G:\games\max payne 3\max payne 3\maxpayne3.exe] => (Allow) G:\games\max payne 3\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{3DE2F6F0-A731-4167-A838-37731EE4D5A1}G:\games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) G:\games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [UDP Query User{0AAC9796-F1D0-4E12-BCC8-48BADD99BAFA}G:\games\gears of war\binaries\wargame-g4wlive.exe] => (Allow) G:\games\gears of war\binaries\wargame-g4wlive.exe
FirewallRules: [TCP Query User{93D7F91F-9CBD-4FC0-AAF5-9F5211539500}C:\program files\tom clancy's ghost recon wildlands\grw.exe] => (Allow) C:\program files\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{4673B8DD-949B-418A-96FE-09E05B2E4F3C}C:\program files\tom clancy's ghost recon wildlands\grw.exe] => (Allow) C:\program files\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [TCP Query User{AFC5EB2B-6099-4676-85AD-2A889523CEC3}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{EEF3B177-6E27-40B9-8D6B-405F0F030AAA}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{A1AF0ABF-3F0F-4ABF-A5E0-BF62DEF79188}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CD95CB13-1CC6-4968-A8EA-03CA1B3F83B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E622439E-8A26-4B88-B83C-A2B50DE9F2F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5E1137E5-65A7-4826-BC43-0F8DDC38256C}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [UDP Query User{EAA6B401-86DA-4032-8847-66081360C62D}I:\games\the old city leviathan\binaries\win32\udk.exe] => (Allow) I:\games\the old city leviathan\binaries\win32\udk.exe
FirewallRules: [{97096956-2A3A-4DAB-96ED-F74E0D09257A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [{C45A0364-89B1-4988-AED9-9C9CA5A467DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\Launcher.exe
FirewallRules: [TCP Query User{325C303F-0497-43A7-9740-9FC1E3B080F3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{E62A8168-D311-43C8-92E0-811B5F767B51}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{0871B4B1-4CFC-4CCB-B47A-BA9EC34FA143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LMS\ShatteredSkies.exe
FirewallRules: [{FAB6D607-2997-465E-A444-B8292BFC6BD6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{4C65492E-7A4D-4D46-A946-FBA195CCE594}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FC42959F-B7A5-4BF4-A4B8-CD87EC187AF6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{67B78F20-97A7-47F1-93EE-474843F864C6}C:\program files (x86)\google\chrome\application\chromedigressions.exe] => (Allow) C:\program files (x86)\google\chrome\application\chromedigressions.exe
FirewallRules: [UDP Query User{C49DB742-2303-4705-B964-1FDE20471B51}C:\program files (x86)\google\chrome\application\chromedigressions.exe] => (Allow) C:\program files (x86)\google\chrome\application\chromedigressions.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2018 05:20:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Through the Woods.exe version 5.4.0.55511 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fa0

Start Time: 01d3fa8d8e5d6d3d

Termination Time: 150

Application Path: G:\Games\Through the Woods\Through the Woods.exe

Report Id: d7edb8f8-6680-11e8-9d4d-3085a9453ace

Error: (06/02/2018 12:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2018 12:23:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2018 12:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2018 12:08:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2018 11:41:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2018 11:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Rand.exe, version: 6.2.8.62, time stamp: 0x5b11adcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000004c2426d8b77
Faulting process id: 0x2230
Faulting application start time: 0x01d3fa5c63100444
Faulting application path: C:\Users\DiMiTrius\AppData\Local\Rand.exe
Faulting module path: unknown
Report Id: 24082974-6650-11e8-9faa-3085a9453ace

Error: (06/02/2018 11:24:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (06/02/2018 12:31:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/02/2018 12:31:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (06/02/2018 12:30:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KingoSoftService service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/02/2018 12:28:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/02/2018 12:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SCP DSx Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/02/2018 12:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The StarWind AE Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/02/2018 12:28:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/02/2018 12:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The vToolbarUpdater40.3.8 service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2016-12-24 14:33:09.298
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7A5D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:33:09.266
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7A5D.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:32:33.942
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIOC580.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 14:32:33.926
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIOC580.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 12:19:08.585
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7550.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-24 12:19:08.555
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\DIMITR~1\AppData\Local\Temp\PIO7550.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-6100 Six-Core Processor
Percentage of memory in use: 67%
Total physical RAM: 8174.99 MB
Available physical RAM: 2637.99 MB
Total Virtual: 16348.18 MB
Available Virtual: 10246.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:139.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Hard Drive 1) (Fixed) (Total:564.2 GB) (Free:90 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:367.31 GB) (Free:112.78 GB) NTFS
Drive i: () (Fixed) (Total:698.63 GB) (Free:157.63 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2B7E7AE6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Active) - (Size=564.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=367.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 00097D10)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 02 June 2018 - 12:43 PM

  • Highlight the entire content of the quote box below.

Start::  
U3 a0h0n711; C:\Windows\System32\Drivers\a0h0n711.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

Task: {F8AB912E-6922-446A-A962-A5B0408F4A5C} - System32\Tasks\teamsteams => C:\Program Files (x86)\santayana\santayana.exe

C:\Program Files (x86)\santayana

C:\Windows\System32\Tasks\teamsteams
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
 
Remove the following program:
 
CPUID CPU-Z 1.77

 

 

The rest looks clear. How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 June 2018 - 07:57 PM

All well so far my friend. I did just have a random audio but it could have been from a site rather than on my PC. I've removed CPU-Z also. :-)


Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by DiMiTrius (03-06-2018 01:55:26) Run:1
Running from C:\Users\DiMiTrius\Desktop
Loaded Profiles: DiMiTrius (Available Profiles: DiMiTrius)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
    U3 a0h0n711; C:\Windows\System32\Drivers\a0h0n711.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
    Task: {F8AB912E-6922-446A-A962-A5B0408F4A5C} - System32\Tasks\teamsteams => C:\Program Files (x86)\santayana\santayana.exe
    C:\Program Files (x86)\santayana
    C:\Windows\System32\Tasks\teamsteams
    
*****************

a0h0n711 => service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AB912E-6922-446A-A962-A5B0408F4A5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AB912E-6922-446A-A962-A5B0408F4A5C}" => removed successfully
C:\Windows\System32\Tasks\teamsteams => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\teamsteams" => removed successfully
C:\Program Files (x86)\santayana => moved successfully
"C:\Windows\System32\Tasks\teamsteams" => not found

==== End of Fixlog 01:55:27 ====



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 02 June 2018 - 08:15 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 02 June 2018 - 08:18 PM

I am sorry, I missed the first lines. Lets scan with ESET. We had already scan with Malwarebytes.

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.


Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


Edited by JSntgRvr, 02 June 2018 - 08:23 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 03 June 2018 - 06:19 AM

Ok here is my log from ESET. Everything seems to be working just fine. Oh how I'd love just ten minutes ina  rom with the person who created this nasty stuff.


C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smu.exe.vir    a variant of Win64/SBWatchman.A potentially unwanted application    
C:\AdwCleaner\FileQuarantine\C\Program Files\WebDiscoverBrowser\2.167.2\48.0.2564.10\installsight.dll.vir    a variant of Win32/WebBar.D potentially unwanted application    
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\lavasoft\web companion\Application\WebCompanionInstaller.exe.vir    a variant of MSIL/WebCompanion.C potentially unwanted application    
C:\AdwCleaner\FileQuarantine\C\ProgramData\smp2.exe.vir    a variant of Win32/SpeedBit.AR potentially unwanted application    
C:\AdwCleaner\quarantine\files\ftuhcvyfavxjbumuhrfnxuiqhkntlris\YTD Video Downloader\ytd.exe.BAK    a variant of Win32/YTDDownloader.A potentially unwanted application    
C:\AdwCleaner\quarantine\v1\20180602.122810\6\Downloaded Installers\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}\setup.msi#7B238CD47778005F    a variant of Win32/UwS.SlimDrivers.A application    
C:\FRST\Quarantine\C\Program Files (x86)\hansford\hansford.exe    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Program Files (x86)\hansford\Papa.dll    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Program Files (x86)\Manicurist\Manicurist.exe    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Program Files (x86)\Manicurist\Rand.dll    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Program Files (x86)\Nickle\Papa.exe.xBAD    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Program Files (x86)\Nickle\Rand.exe.xBAD    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Users\DiMiTrius\AppData\Local\Papa.exe.xBAD    a variant of MSIL/Adware.Dotdo.EQ application    
C:\FRST\Quarantine\C\Users\DiMiTrius\AppData\Local\Temp\capi.exe.xBAD    a variant of Win32/Indiloadz.Y trojan    
C:\FRST\Quarantine\C\Users\DiMiTrius\AppData\Local\Temp\gimi.exe.xBAD    Win32/Indiloadz.Y trojan    
C:\FRST\Quarantine\C\Users\DiMiTrius\AppData\Local\Temp\MediaPlay.exe.xBAD    a variant of Win32/Kryptik.GFGF trojan    
C:\FRST\Quarantine\C\Users\DiMiTrius\AppData\Local\Temp\tilusorel.exe.xBAD    Win32/Indiloadz.Y trojan    
C:\Program Files\Darkwood\Darkwood_Data\Plugins\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
C:\Program Files\Darkwood\Darkwood_Data\Plugins\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
C:\Program Files\Tom Clancy's Ghost Recon Wildlands\dbdata.dll    a variant of Win32/Packed.VMProtect.ABD trojan    
C:\Program Files\Tom Clancy's Ghost Recon Wildlands\disable_ubiservers.cmd    BAT/HostsChanger.A potentially unsafe application    
C:\Users\DiMiTrius\AppData\Local\Package Cache\{A748B732-CE3E-4DB7-BB04-B618F51D4ADB}v1.0.2.0\qtspeedtest.msi    a variant of Win32/WeatherBuddy.C potentially unwanted application    
C:\Users\DiMiTrius\Downloads\ccsetup543.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Windows\pneumococcus.exe    a variant of MSIL/Adware.Dotdo.EQ application    
E:\Afterfall Reconquest EP1\Binaries\Win32\steam_api.dll    a variant of Win32/HackTool.Crack.CM potentially unsafe application    
E:\GALAK-Z\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
E:\GALAK-Z\Galak-Z_Data\Plugins\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
E:\LEGO Marvel's Avengers\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
E:\LEGO Marvel's Avengers\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\Murdered - Soul Suspect\Binaries\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\Outlast Whistleblower\Binaries\Win32\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application    
E:\Outlast Whistleblower\Binaries\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\POSTAL 2 - Paradise Lost\Paradise Lost\System\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    
E:\POSTAL 2 - Paradise Lost\System\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    
E:\Root Of Evil The Tailor\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    
E:\Root Of Evil The Tailor\Root Of Evil_Data\Plugins\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    
E:\SOMA\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\Styx Master of Shadows\Binaries\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\The Vanishing of Ethan Carter Redux\Engine\Binaries\ThirdParty\Steamworks\Steamv132\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
E:\The Vanishing of Ethan Carter Redux\EthanCarter\Binaries\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
G:\Games\Left 4 Dead 2\Left 4 Dead 2\bin\steamclient.dll    a variant of Win32/RiskWare.GameHack.AL application    
G:\Games\Max Payne 3\Max Payne 3\socialclub.dll    a variant of Win32/HackTool.Crack.EA potentially unsafe application    
G:\Games\Max Payne 3\Max Payne 3\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
G:\Games\Unravel\stp-unravel.exe    a variant of Win32/Packed.VMProtect.ABD trojan    
G:\Windows Loader\Windows Loader.exe    Win32/HackTool.WinActivator.I potentially unsafe application    
I:\Games\Call of Duty - WWII\steam_api64.dll    a variant of Win64/HackTool.Crack.F potentially unsafe application    
I:\Games\Deadlight Directors Cut\Binaries\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.J potentially unsafe application    
I:\Games\Drizzlepath Glass\Engine\Binaries\ThirdParty\Steamworks\Steamv132\Win64\steam_api64.dll    a variant of Win64/HackTool.Crack.H potentially unsafe application    
I:\Games\Left4Dead2\left 4 dead 2\bin\steamclient.dll    Win32/GameHack.ANE potentially unsafe application    
I:\Games\Life is Strange\Binaries\Win32\steam_api.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
I:\Games\Metal Slug Complete PC\dvm.dll    a variant of Win32/HackTool.Crack.D potentially unsafe application    
I:\Games\Renegade Ops Collection\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application    
I:\Games\Resident Evil 4\Bin32\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application    
I:\Games\This War of Mine - The Little Ones\steam_api.dll    a variant of Win32/HackTool.Crack.EE potentially unsafe application    
I:\Games\Victor Vran\steam_apir.dll    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
I:\Games To Install\Shardlight-HI2U\hi-shardlig.iso    a variant of Win32/HackTool.Crack.EN potentially unsafe application    
I:\Hacking Programs\J-Runner\JRunner.exe    a variant of MSIL/Packed.Confuser.J suspicious application    
I:\Hacking Programs\PeXploit\PeXploit.exe    a variant of Win32/Packed.Themida suspicious application    
I:\Hacking Programs\xDPx_Toolbox\Toolbox\PeXploit\PeXploit.exe    a variant of Win32/Packed.Themida suspicious application    
I:\Hacking Programs\xDPx_Toolbox\Toolbox\PeXploit Custom Downloader\PeXploit Downloader.exe    a variant of Win32/Packed.Themida suspicious application    
Autostart locations    a variant of Win32/Packed.VMProtect.ABD trojan    
 



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 03 June 2018 - 07:43 PM

These are mostly games and quarantined items.

 

 

  • Highlight the entire content of the quote box below.

Start::

C:\Windows\pneumococcus.exe

End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

To remove quarantined items, use this application:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Since there are no signs of infection anymore , I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 StSebastien

StSebastien
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 04 June 2018 - 06:32 AM

Well it appears all is good under the hood my friend, you're a star.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by DiMiTrius (04-06-2018 12:24:15) Run:2
Running from C:\Users\DiMiTrius\Desktop
Loaded Profiles: DiMiTrius (Available Profiles: DiMiTrius)
Boot Mode: Normal
==============================================

fixlist content:
*****************
    C:\Windows\pneumococcus.exe
    
*****************

C:\Windows\pneumococcus.exe => moved successfully


The system needed a reboot.

==== End of Fixlog 12:24:15 ====


If I get the chance to donate I certainly will. Thanks again.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:57 AM

Posted 04 June 2018 - 06:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users