Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019 Ran by Etheniel (05-11-2019 18:48:09) Running from C:\Users\Etheniel\Downloads Windows 10 Home Version 1903 18362.418 (X64) (2019-06-16 20:19:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2670024213-1291369441-4136216571-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2670024213-1291369441-4136216571-503 - Limited - Disabled) Etheniel (S-1-5-21-2670024213-1291369441-4136216571-1001 - Administrator - Enabled) => C:\Users\Etheniel Guest (S-1-5-21-2670024213-1291369441-4136216571-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2670024213-1291369441-4136216571-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Age of Conan: Unchained (HKLM\...\Age of Conan_is1) (Version: - Funcom) ArcheAge: Unchained (HKLM-x32\...\Glyph ArcheAge: Unchained) (Version: - Trion Worlds, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.45.10 - Bethesda Softworks) Crossout Launcher 1.0.3.97 (HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\CrossOutLauncher_is1) (Version: - ) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) Defiance 2050 (HKLM-x32\...\Glyph Defiance 2050) (Version: - Trion Worlds, Inc.) Destiny 2 (HKLM-x32\...\Destiny 2) (Version: - Blizzard Entertainment) Diablo (HKLM-x32\...\1412601690_is1) (Version: 1.09 Hellfire v2 - GOG.com) Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment) Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.) Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - ) Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden EVE Online (HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\{0452e8bf-63cd-4353-a250-34b9da07a450}) (Version: 1.0.0 - CCP) Gameforge Login MS2 (HKLM-x32\...\{703bd6d7-79c0-4005-8cd7-89522a05a546}_is1) (Version: 1.3.39 - Gameforge) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: "1.0.0.10" - Rockstar Games) Guardians Of Ember (HKLM-x32\...\GuardiansOfEmber_is1) (Version: - Gameforge 4D GmbH) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Median XL Launcher (HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\AD755AF1-2FD3-4FAF-B0C2-5F4800F53143) (Version: 1.2.1 - Median XL Team) Microsoft OneDrive (HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.050 - GOG.com) Mozilla Firefox 70.0.1 (x64 sk) (HKLM\...\Mozilla Firefox 70.0.1 (x64 sk)) (Version: 70.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Path of Exile (HKLM-x32\...\{2d8cd9aa-33a6-4e58-b12d-4673603fa1d4}) (Version: 3.6.6.60945 - Grinding Gear Games) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.6.6.60945 - Grinding Gear Games) Hidden Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games) RogueKiller version 13.5.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.5.0 - Adlice Software) S.T.A.L.K.E.R.: Lost Alpha DC version 1.4007 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha DC_is1) (Version: 1.4007 - dezowave) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation) Villagers and Heroes (HKLM-x32\...\{48BD847E-18C0-439C-822B-39E544DCEFF0}_is1) (Version: 2.3.7 - Mad Otter Games, Inc) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.23.7.0_x86__kgqvnymyfvs32 [2019-10-26] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1630.7.0_x86__kgqvnymyfvs32 [2019-11-04] (king.com) Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_6.0.0.3_x86__m9bz608c1b9ra [2019-10-13] (Nordcurrent) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-06] (Dolby Laboratories) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-02-17] (Fitbit) Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-06-19] (INTEL CORP) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad] Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-09-26] (Thumbmunkeys Ltd) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-23] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-23] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-10-22] (Corel Corporation -> WinZip Computing) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-23] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-10-22] (Corel Corporation -> WinZip Computing) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-23] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-10-22] (Corel Corporation -> WinZip Computing) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Etheniel\AppData\Local\Temp:$DATA​ [16] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2019-02-20 10:08 - 2019-02-20 10:08 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "WinZip UN" HKLM\...\StartupApproved\Run: => "WinZip PreLoader" HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-2670024213-1291369441-4136216571-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9E49FFF0-76D6-4C90-9BC9-24CE75CE26CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe (Beamdog Corp.) [File not signed] FirewallRules: [{A3BDA473-3ADD-454C-9E50-B3241281BC00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe (Beamdog Corp.) [File not signed] FirewallRules: [{96F3530D-530E-42A9-A7B5-7D6FBE81804A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe (Beamdog) [File not signed] FirewallRules: [{98771088-6D07-434F-864E-8A2E9969EE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwmain.exe (Beamdog) [File not signed] FirewallRules: [UDP Query User{F3A83DFC-BD89-43FE-BAA7-9A6669E8E06B}E:\lukas\games\mmo\guardiansofember\client_x86.exe] => (Allow) E:\lukas\games\mmo\guardiansofember\client_x86.exe (Runewaker Entertainment -> Runewaker) FirewallRules: [TCP Query User{8CD09AA7-F8F8-4355-BDE7-D46C088735DB}E:\lukas\games\mmo\guardiansofember\client_x86.exe] => (Allow) E:\lukas\games\mmo\guardiansofember\client_x86.exe (Runewaker Entertainment -> Runewaker) FirewallRules: [{DEB481C0-E986-4BD7-9C40-D997182DB60A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lifeless Planet\LifelessPlanet.exe () [File not signed] FirewallRules: [{D458474E-5CFF-484B-8E22-B796946A5C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lifeless Planet\LifelessPlanet.exe () [File not signed] FirewallRules: [{F337E658-BAE6-4B98-92A8-48BA4C31C4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\It Lurks Below\ILB.exe () [File not signed] FirewallRules: [{345F5E6C-B563-456E-9118-250DFAA66A7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\It Lurks Below\ILB.exe () [File not signed] FirewallRules: [UDP Query User{DF6F06EE-CC39-4682-A71F-3CFFAA61C6EC}C:\users\etheniel\downloads\downloader_diablo2_lord_of_destruction_engb.exe] => (Allow) C:\users\etheniel\downloads\downloader_diablo2_lord_of_destruction_engb.exe (Blizzard Entertainment) [File not signed] FirewallRules: [TCP Query User{B7F15E9B-14C2-4777-B6B9-0EFDC9D7DE87}C:\users\etheniel\downloads\downloader_diablo2_lord_of_destruction_engb.exe] => (Allow) C:\users\etheniel\downloads\downloader_diablo2_lord_of_destruction_engb.exe (Blizzard Entertainment) [File not signed] FirewallRules: [UDP Query User{EDF6C4C4-AEFC-41AF-85C6-A4D1089026D4}E:\lukas\battlenet\battle.net\destiny 2\destiny2.exe] => (Allow) E:\lukas\battlenet\battle.net\destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [TCP Query User{276C0EDC-6592-468A-BB92-1DCDA01CA3E1}E:\lukas\battlenet\battle.net\destiny 2\destiny2.exe] => (Allow) E:\lukas\battlenet\battle.net\destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [UDP Query User{746D8AC8-6CAF-4A16-BEE5-4F4D85EE11BC}C:\users\etheniel\downloads\downloader_diablo2_engb(1).exe] => (Allow) C:\users\etheniel\downloads\downloader_diablo2_engb(1).exe (Blizzard Entertainment) [File not signed] FirewallRules: [TCP Query User{85FF50DB-71A0-4642-98AA-A30C662BAA9E}C:\users\etheniel\downloads\downloader_diablo2_engb(1).exe] => (Allow) C:\users\etheniel\downloads\downloader_diablo2_engb(1).exe (Blizzard Entertainment) [File not signed] FirewallRules: [{8736594F-1CAB-4C28-8767-7DD18809ACC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{40C7E95C-3666-48F1-AF31-1F5C7C0F5C45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A25E3B47-306E-4D8C-ABBF-910D2EE17512}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{0DC628DE-1C9D-4935-8170-0D594EBB41B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{0DDFFD4C-EA7F-416F-8965-D9F3D8FD267E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed] FirewallRules: [{D7F0F162-3253-4BCB-8D2D-D68FB7197291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed] FirewallRules: [{58A028BE-809C-4C4B-AB97-C074568060DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed] FirewallRules: [{CC223B0C-143D-42CC-B312-36661AF1281A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed] FirewallRules: [{6D4F3263-EA70-401A-B7DD-0AAA83E8CC82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarCrawlers\StarCrawlers_x86_64.exe () [File not signed] FirewallRules: [{7BB6CA7C-A7C4-4A93-A694-99F9A7F9DE21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarCrawlers\StarCrawlers_x86_64.exe () [File not signed] FirewallRules: [{12FCB883-BE9F-475A-88E9-56D31521AF3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [{B4A0D433-E7E9-4441-B132-E6036CD69489}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [{891F7607-E61F-48F5-9F10-FCE84E94821B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{133DA5A3-1479-4C7F-8D00-ABB32A60F921}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{5778637E-8B99-4BEE-997A-95800FA8296E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE The Cursed King\Fate.exe () [File not signed] FirewallRules: [{FC3F689C-D6D4-49E7-B1FB-CDB28D766DD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE The Cursed King\Fate.exe () [File not signed] FirewallRules: [TCP Query User{F6D78859-8B80-4A1D-BC34-6AA7997E9A38}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\client\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\client\empyrion.exe () [File not signed] FirewallRules: [UDP Query User{3520E05B-382F-4098-8561-4CB65E92F520}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\client\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\client\empyrion.exe () [File not signed] FirewallRules: [{C8A844F0-604E-4CE2-8036-B7BC1546338F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed] FirewallRules: [{47264E12-1595-433E-9F29-CD9CAD9414CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HELLGATE_London\Hellgate.exe (Hanbitsoft, inc.) [File not signed] FirewallRules: [{1DB3EB16-3876-4B9E-96C3-6DB804161214}] => (Allow) D:\Games\steamapps\steamapps\common\Torchlight\Torchlight.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [{602FF02E-E102-4DFE-8FF4-127519BE5812}] => (Allow) D:\Games\steamapps\steamapps\common\Torchlight\Torchlight.exe (Runic Games, Inc. -> Runic Games, Inc.) FirewallRules: [{C96F9591-C268-46DE-8E63-13D622AA0CF4}] => (Allow) D:\Games\steamapps\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{86CA9A2D-E8D0-4F64-B8B1-529BD5C0D87B}] => (Allow) D:\Games\steamapps\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{FEE16140-2C62-4961-AEC1-00445CD85E83}] => (Allow) D:\Games\steamapps\steamapps\common\Tangledeep\Tangledeep.exe () [File not signed] FirewallRules: [{6A97A788-73F2-43EC-B940-2964E7B747A4}] => (Allow) D:\Games\steamapps\steamapps\common\Tangledeep\Tangledeep.exe () [File not signed] FirewallRules: [{00EA5E71-CDB3-48F0-966C-20A789E96901}] => (Allow) D:\Games\steamapps\steamapps\common\Windward\Windward.exe () [File not signed] FirewallRules: [{84F4B7C4-7A6F-4477-9ACD-D9A017E958CD}] => (Allow) D:\Games\steamapps\steamapps\common\Windward\Windward.exe () [File not signed] FirewallRules: [{A333CA80-3692-4332-84E0-8A7A245CEB49}] => (Allow) D:\Games\steamapps\steamapps\common\Distrust\Distrust.exe () [File not signed] FirewallRules: [{2DA871BC-D6E6-458F-AF42-F3BD335C9610}] => (Allow) D:\Games\steamapps\steamapps\common\Distrust\Distrust.exe () [File not signed] FirewallRules: [{AAC0AD32-7550-4422-B1BA-826ECE4C365C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt\Salt.exe () [File not signed] FirewallRules: [{77C937A5-337E-4666-B1F9-8D33E6648275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt\Salt.exe () [File not signed] FirewallRules: [{62F7400C-1ADF-40AC-BA85-82F0C6A284E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasted Road Terror\BRT.exe ( ) [File not signed] FirewallRules: [{C79A313D-D48E-425E-9467-85BAB70F0F44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasted Road Terror\BRT.exe ( ) [File not signed] FirewallRules: [{145E3049-0E53-4F11-AC14-ECF0C1D7BE68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NeonXSZ\NeonXSZ.exe () [File not signed] FirewallRules: [{21781C5D-7DA1-4CD1-9623-B814A340DFD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NeonXSZ\NeonXSZ.exe () [File not signed] FirewallRules: [{367F11DB-BA30-410A-8171-E38F9C59FBB3}] => (Allow) D:\Games\steamapps\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed] FirewallRules: [{E09F5D21-2F81-4051-B84C-03A06B86028E}] => (Allow) D:\Games\steamapps\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed] FirewallRules: [{D8FA0C9C-E288-4950-B505-3DCE257DB1BD}] => (Allow) D:\Games\steamapps\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed] FirewallRules: [{B5DE83C4-1E0A-4747-B6DE-DD5B7B11883B}] => (Allow) D:\Games\steamapps\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed] FirewallRules: [{42A8FA79-4211-4FEE-AE02-368E9BCD6D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Valor\Star Valor.exe () [File not signed] FirewallRules: [{ED090C97-415F-4218-96C7-FA3880E73BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Valor\Star Valor.exe () [File not signed] FirewallRules: [TCP Query User{CA35F67B-C3D8-4DF8-957A-6529CE16814E}E:\lukas\games\games\age of conan\conanpatcher.exe] => (Allow) E:\lukas\games\games\age of conan\conanpatcher.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [UDP Query User{B6574640-4525-4E7B-9A1B-37513EBEF1B1}E:\lukas\games\games\age of conan\conanpatcher.exe] => (Allow) E:\lukas\games\games\age of conan\conanpatcher.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [TCP Query User{C1A85B60-7680-4F2C-8817-70C8C6D69E6A}E:\lukas\games\games\age of conan\ageofconan.exe] => (Allow) E:\lukas\games\games\age of conan\ageofconan.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [UDP Query User{B579316F-1B44-4BFB-9473-7FC54635470C}E:\lukas\games\games\age of conan\ageofconan.exe] => (Allow) E:\lukas\games\games\age of conan\ageofconan.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [{18A3FEFE-0DAB-486F-B7F0-51D2E4694C10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed] FirewallRules: [{66D21834-92DD-4CE7-A3F0-557BB4F55928}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed] FirewallRules: [{640CC3F2-FB06-4CDF-A48D-CF38D5DEC153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe (Obsidian Entertainment) [File not signed] FirewallRules: [{CDF066A0-FF49-4B9D-AE2A-5D934F74ED9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe (Obsidian Entertainment) [File not signed] FirewallRules: [{1E259E17-D50A-4ED1-9994-D38E9E14254F}] => (Allow) E:\Lukas\Games\MMO\Villagers and Heroes\VHPatcher.exe () [File not signed] FirewallRules: [{ABBD0991-7535-421F-8CE7-9AF1CE821AC0}] => (Allow) E:\Lukas\Games\MMO\Villagers and Heroes\VHLauncher.exe () [File not signed] FirewallRules: [{E8EFA1B6-DF37-4B5C-9DC7-EFC9CE29E32B}] => (Allow) E:\Lukas\Games\MMO\Villagers and Heroes\AMysticalLandSAC\villagersAndHeroes.exe () [File not signed] FirewallRules: [{06A46239-B6BB-46EF-8D73-274134AC1775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe () [File not signed] FirewallRules: [{10153F89-3432-4542-B9F5-44F150BEC3A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe () [File not signed] FirewallRules: [{EC5E6D13-4691-4C60-9046-175FF7B03112}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [{082FD7A1-BA41-4741-ACB2-C746F41AE7EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [{236090A6-45D5-4040-B871-1E15F4F67B19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{45100196-A152-4397-BF13-243747125809}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B4797364-DCCE-4925-88C0-CA371B8B9061}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F3C8D564-FE9B-41E9-8C7B-4829807DB4DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{AFB25351-C879-4CDB-AF80-0BC6FA825F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [{B323DF07-2413-4184-A417-64F361081DB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [{742B0482-D673-4CF7-9115-C1E75D257F23}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{60CAAF7F-B46E-4E1C-B70F-3772236A494E}E:\lukas\epic\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\lukas\epic\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [UDP Query User{48617D9A-5A2E-4BF1-A547-C8F9C340A197}E:\lukas\epic\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\lukas\epic\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software LLC -> Gearbox Software) ==================== Restore Points ========================= 03-11-2019 12:49:19 KpRm ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/05/2019 06:47:45 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (696,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 04:56:39 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9368,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 04:38:09 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11824,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 04:00:49 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3612,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 03:35:50 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10408,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 02:41:30 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (792,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 01:52:24 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5880,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 01:00:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3812,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (11/05/2019 05:45:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (11/05/2019 05:45:19 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Etheniel\AppData\Local\Temp\ehdrv.sys Error: (11/05/2019 05:45:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (11/05/2019 05:45:18 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Etheniel\AppData\Local\Temp\ehdrv.sys Error: (11/05/2019 05:45:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (11/05/2019 05:45:18 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Etheniel\AppData\Local\Temp\ehdrv.sys Error: (11/05/2019 05:45:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (11/05/2019 05:45:18 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Etheniel\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2019-11-05 12:56:51.870 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 12:56:51.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 12:56:51.763 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 11:38:23.228 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 11:38:23.218 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 11:38:23.204 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 11:38:23.194 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-11-05 11:38:23.144 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 6JCN13WW 09/08/2017 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz Percentage of memory in use: 60% Total physical RAM: 8066.72 MB Available physical RAM: 3184.48 MB Total Virtual: 10626.72 MB Available Virtual: 3921.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:218.34 GB) (Free:23.46 GB) NTFS Drive d: () (Fixed) (Total:19.53 GB) (Free:4.07 GB) NTFS Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1029.81 GB) NTFS \\?\Volume{9c9146b2-553f-41dd-92b2-a206099107d7}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS \\?\Volume{3920037e-4c7d-45a5-b8b4-a1ff5c161910}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: CBF2214C) Partition: GPT. ========================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt =======================