Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer keeps restarting. [Solved]

Started by magnia , Jun 29 2015 01:38 AM

This topic is locked

#46
ruggie_uk

Posted 30 June 2015 - 03:20 AM

Trusted Helper

Malware Removal
2,083 posts

Great - not looking too bad. How is it running right now?

First...

Re-run AdwCleaner

Close all open windows and browsers.

Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
Click the Clean button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Next...

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

Install the program and select update
Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Remove Selected button, MBAM will ask for a reboot

On completion of the scan (or after the reboot) select Save Results

Select text file and save to the desktop.

Please post that log for my review.

Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

Click Run Eset Online Scanner
Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Enable detection of potentially unwanted applications is checked
- Next click on Advanced Settings and select:
- Make sure that the option Remove found threats is NOT checked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click Start, the virus database will update, this may take a while depending on your internet connection.
- Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
- Once the scan is completed, click Finish
- Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic

Items I need to see in your next post:

ADWcleaner log
MBAM Log
ESET Log
How are we looking?

#47
magnia

Posted 30 June 2015 - 03:34 AM

Member

Topic Starter
Member
34 posts

I left the computer turned on but offline last night, it was working fine today. I've only been using Google chrome asides from the programs you've asked me to run.

When I ran AdwCleaner today, I only scanned the services tab where it found nothing both times. Running it the second time and selecting the clean functions ended up restarting the computer where Windows failed to start. It automatically went into startup repair mode since I didn't select an option.

It is now asking me if I want to restore my computer using system restore.

#48
ruggie_uk

Posted 30 June 2015 - 04:05 AM

Trusted Helper

Malware Removal
2,083 posts

Yes restore to the last point and see how it goes.

#49
magnia

Posted 30 June 2015 - 04:22 AM

Member

Topic Starter
Member
34 posts

It booted up after the system restore, I noticed there was a program called setup.exe that was active in the taskbar at the bottom when the computer started.

Task manager showed it to be not responding but it was linked to a process called 'prsetup32.tmp', looks suspicious so I thought to let you know.

Another thing I've noticed is the background flashing white when I drag windows, this didn't happen before.

Also, clicking an active window from the taskbar doesn't bring it to the front sometimes.

Here's the AdwCleaner log, I'll post the rest right after:

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 19:24:53

# Updated 21/06/2015 by Xplode

# Database : 2015-06-29.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Ronnie - PHANTOM

# Running from : C:\Users\Ronnie\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Kromtech

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16470

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

-\\ Google Chrome v43.0.2357.130

[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1435500145&z=37dae1347bdb947ebb5b663g3z4ccw1w7eee8g6z5w&from=ima&uid=SAMSUNGXHD103SJ_S246J9BB426413&q={searchTerms}

*************************

AdwCleaner[R0].txt - [17213 bytes] - [29/06/2015 00:56:11]

AdwCleaner[R1].txt - [913 bytes] - [29/06/2015 01:09:36]

AdwCleaner[R2].txt - [1294 bytes] - [29/06/2015 01:14:01]

AdwCleaner[R3].txt - [1353 bytes] - [29/06/2015 01:15:28]

AdwCleaner[R4].txt - [1610 bytes] - [30/06/2015 15:57:45]

AdwCleaner[R5].txt - [1669 bytes] - [30/06/2015 19:24:32]

AdwCleaner[S0].txt - [15151 bytes] - [29/06/2015 00:57:01]

AdwCleaner[S1].txt - [976 bytes] - [29/06/2015 01:10:21]

AdwCleaner[S2].txt - [1558 bytes] - [30/06/2015 19:24:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1617 bytes] ##########

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 20:14:45

# Updated 21/06/2015 by Xplode

# Database : 2015-06-29.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Ronnie - PHANTOM

# Running from : C:\Users\Ronnie\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Kromtech

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16470

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[glwkj0j2.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.globasearch.com/?serie=209&b=2&installkey=nGSUwfaSYa1RUIBGkS3f&newtab");

[glwkj0j2.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.globasearch.com/?serie=209&b=2&installkey=nGSUwfaSYa1RUIBGkS3f");

-\\ Google Chrome v43.0.2357.130

[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok

[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf

[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.globasearch.com/?b=1

[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.globasearch.com/?q={searchTerms}&b=1&installkey=

*************************

AdwCleaner[R0].txt - [17213 bytes] - [29/06/2015 00:56:11]

AdwCleaner[R1].txt - [913 bytes] - [29/06/2015 01:09:36]

AdwCleaner[R2].txt - [1294 bytes] - [29/06/2015 01:14:01]

AdwCleaner[R3].txt - [1353 bytes] - [29/06/2015 01:15:28]

AdwCleaner[R4].txt - [4600 bytes] - [30/06/2015 15:57:45]

AdwCleaner[R5].txt - [1669 bytes] - [30/06/2015 19:24:32]

AdwCleaner[S0].txt - [15151 bytes] - [29/06/2015 00:57:01]

AdwCleaner[S1].txt - [976 bytes] - [29/06/2015 01:10:21]

AdwCleaner[S2].txt - [4290 bytes] - [30/06/2015 19:24:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4349 bytes] ##########

#50
ruggie_uk

Posted 30 June 2015 - 06:16 AM

Trusted Helper

Malware Removal
2,083 posts

OK, lets do a fresh FRST scan and see if we can identify what's lurking.
Make sure to check the additions box again as it will not do another by default.

The system restore will have undone some work anyway so we need to check it

#51
magnia

Posted 30 June 2015 - 07:29 AM

Member

Topic Starter
Member
34 posts

ESET is only halfway done so far, I'll run AdwCleaner after it finishes and post that log.

Here's the malware bytes log in the meantime:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 30/06/2015

Scan Time: 8:25 PM

Logfile: malbytes.txt

Administrator: Yes

Version: 2.1.8.1057

Malware Database: v2015.06.30.02

Rootkit Database: v2015.06.26.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Ronnie

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 363827

Time Elapsed: 6 min, 57 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 7

Trojan.Proxy, HKLM\SOFTWARE\CLASSES\prsetup.DynamicNS, , [6e6c8838385267cf7ca5155cc93abc44],

Trojan.Proxy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prsetup.DynamicNS, , [964428980684053130f1a6cb1ee5a15f],

Trojan.Proxy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\prsetup.DynamicNS, , [964428980684053130f1a6cb1ee5a15f],

PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [fedcf6cadbaf9a9cc96632c658ab2bd5],

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{24a6f44f}, , [4199eed2f09adc5a19ce7919cf3645bb],

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [5882c2fe02881e188c01346221e43ac6],

PUP.Optional.GlobalSearch.A, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [77633b85107a1521ff2f41b79f6433cd],

Registry Values: 2

PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasear...={searchTerms},, [fedcf6cadbaf9a9cc96632c658ab2bd5]

PUP.Optional.GlobalSearch.A, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasear...={searchTerms},, [77633b85107a1521ff2f41b79f6433cd]

Registry Data: 2

Hijack.GlobaSearch.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasear...faSYa1RUIBGkS3f, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=nGSUwfaSYa1RUIBGkS3f),,[ad2d1ea2206ad462d7a9e26eca3c18e8]

Hijack.GlobaSearch.C, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasear...faSYa1RUIBGkS3f, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=nGSUwfaSYa1RUIBGkS3f),,[c31757699eec3afc9be475dbd92d5ba5]

Folders: 0

(No malicious items detected)

Files: 7

Trojan.Ranver.ED, C:\Users\Ronnie\AppData\Roaming\BackUp3568255147.exe, , [86547d434347b482c3ebfb463dc9c43c],

PUP.Optional.MyStartSearch.A, C:\Users\Ronnie\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_76.exe, , [91494f71aae03303beb1a7e29076ea16],

PUP.Optional.CheckOffer, C:\Users\Ronnie\AppData\Local\Temp\is-SH64G.tmp\temporal_setup.exe, , [c71301bf7a108da97140a7bc3bc75ea2],

PUP.Optional.SweetIM, C:\Windows\Installer\4bc47ad.msi, , [36a49d23ff8baa8ce32071045aac2cd4],

PUP.Optional.SweetIM, C:\Windows\Installer\4bc47b3.msi, , [5189843c3f4b57dfac57b0c548be5fa1],

PUP.Optional.GlobalSearch.A, C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.globasear...S3f&newtab")

,,[aa30e1df75155fd75b2a0e80ef179967]

PUP.Optional.GlobalSearch.A, C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.globasear...1RUIBGkS3f")

,,[30aa566a3e4c9b9b3f47a7e7976f669a]

Physical Sectors: 1

Rootkit.Cidox.J.VBR, Physical Sector #2048 on Drive #0, , [62c3b54b02299930d47b3fbb27efcfe3],

(end)

#52
magnia

Posted 30 June 2015 - 08:05 AM

Member

Topic Starter
Member
34 posts

OK, lets do a fresh FRST scan and see if we can identify what's lurking.
Make sure to check the additions box again as it will not do another by default.

The system restore will have undone some work anyway so we need to check it

Sorry, I misread and thought you wanted a AdwCleaner log, here's the FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015

Ran by Ronnie (administrator) on PHANTOM on 01-07-2015 00:04:01

Running from C:\Users\Ronnie\Desktop

Loaded Profiles: Ronnie (Available Profiles: Ronnie)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Program Files\Serviio\bin\ServiioService.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(Flux Software LLC) C:\Users\Ronnie\AppData\Local\FluxSoftware\Flux\flux.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

() C:\Program Files\Serviio\bin\ServiioConsole.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Run: [f.lux] => C:\Users\Ronnie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {0c7b9cd5-e316-11e3-afb1-002522be6e61} - H:\Startme.exe

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {868a46db-1133-11e3-8a83-002522be6e61} - G:\Startme.exe

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {d446abe4-5f7d-11e2-8b85-002522be6e61} - F:\setup.exe

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-11-19]

ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

Startup: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-05-26]

ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c....aspx?ocid=iehp

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-10] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-10] (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)

BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-07-27] (DivX, LLC)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-30] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-30] (Oracle Corporation)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796}

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

Tcpip\..\Interfaces\{2A0FB7D0-9D6A-437A-A16B-8C2CBF38C293}: [DhcpNameServer] 192.168.42.129

Tcpip\..\Interfaces\{5250F531-0B83-4092-9644-84F4A7474968}: [DhcpNameServer] 7.254.254.254

Tcpip\..\Interfaces\{AC234C66-E776-48E5-A73C-3A71F39E34A5}: [DhcpNameServer] 10.1.1.1

Tcpip\..\Interfaces\{EE3523EB-4A24-4BBB-B915-399B24D548B7}: [NameServer] 203.0.178.191

Tcpip\..\Interfaces\{EE3523EB-4A24-4BBB-B915-399B24D548B7}: [DhcpNameServer] 10.1.1.1

FireFox:

========

FF ProfilePath: C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-23] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-10] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-10] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)

FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-23] ()

FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-07-27] (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-30] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll [2013-01-16] (© NOWCOM)

FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ronnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-10] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)

FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)

FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-04] ()

FF Extension: Adblock Plus - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-09-02]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF Extension: Mozilla hotfix - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2014-06-03]

FF HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

Chrome:

=======

CHR Profile: C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Wallet) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-18] (EasyAntiCheat Ltd)

S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-27] (FileZilla Project) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-09] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-25] ()

R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [File not signed]

R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)

R2 SpotfluxConnectionManager; C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe [76800 2014-05-06] (Microsoft) [File not signed]

R2 SpotfluxUpdateService; C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe [20992 2014-05-06] (Microsoft) [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

S3 WMZuneComm; D:\Program Files\Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)

R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.)

S3 ZuneNetworkSvc; D:\Program Files\Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)

S3 ZuneWlanCfgSvc; D:\Program Files\Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-17] (DT Soft Ltd)

S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-06-30] (FNet Co., Ltd.)

R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-12-04] (FNet Co., Ltd.)

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-18] (Logitech Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0062.sys [28768 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)

S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)

R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)

R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)

S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)

R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)

R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-06] (Spotflux, Inc.)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 00:04 - 2015-07-01 00:04 - 00026523 _____ C:\Users\Ronnie\Desktop\FRST.txt

2015-06-30 20:45 - 2015-06-30 20:45 - 02870984 _____ (ESET) C:\Users\Ronnie\Downloads\esetsmartinstaller_enu.exe

2015-06-30 20:45 - 2015-06-30 20:45 - 00000000 ____D C:\Program Files (x86)\ESET

2015-06-30 20:40 - 2015-06-30 20:40 - 00004407 _____ C:\malbytes.txt

2015-06-30 20:23 - 2015-06-30 20:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-30 20:23 - 2015-06-30 20:23 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-30 20:23 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-30 20:23 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-30 20:23 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-30 20:22 - 2010-11-21 13:23 - 00383786 __RSH C:\bootmgr

2015-06-30 20:18 - 2015-06-30 20:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.8.1057.exe

2015-06-30 15:55 - 2015-06-30 15:55 - 00002170 _____ C:\Users\Ronnie\Desktop\JRT.txt

2015-06-30 15:53 - 2015-06-30 15:53 - 00000000 ____D C:\RegBackup

2015-06-30 02:23 - 2015-06-30 02:23 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Adobe

2015-06-29 01:35 - 2015-06-29 01:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-29 01:35 - 2015-06-29 01:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022 (1).exe

2015-06-29 01:33 - 2015-06-29 01:33 - 00050688 _____ (Atribune.org) C:\Users\Ronnie\Downloads\ATF-Cleaner.exe

2015-06-29 01:25 - 2015-06-30 03:03 - 00098867 _____ C:\Users\Ronnie\Downloads\Addition.txt

2015-06-29 01:24 - 2015-07-01 00:04 - 00000000 ____D C:\FRST

2015-06-29 01:24 - 2015-06-30 03:03 - 00043890 _____ C:\Users\Ronnie\Downloads\FRST.txt

2015-06-29 00:58 - 2015-06-29 00:58 - 00000000 ____D C:\Users\Ronnie\Downloads\Chameleon

2015-06-29 00:56 - 2015-06-30 20:14 - 00000000 ____D C:\AdwCleaner

2015-06-29 00:56 - 2015-06-29 00:56 - 06289130 _____ C:\Users\Ronnie\Downloads\mbam-chameleon-3.1.16.0.zip

2015-06-29 00:24 - 2015-06-29 00:24 - 00000743 _____ C:\Users\Ronnie\Desktop\Start Emsisoft Emergency Kit.lnk

2015-06-29 00:24 - 2015-06-29 00:24 - 00000000 ____D C:\EEK

2015-06-29 00:23 - 2015-06-29 00:23 - 02112512 _____ (Farbar) C:\Users\Ronnie\Desktop\FRST64.exe

2015-06-29 00:21 - 2015-06-29 00:23 - 158718800 _____ C:\Users\Ronnie\Downloads\EmsisoftEmergencyKit.exe

2015-06-29 00:21 - 2015-06-29 00:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\123.exe

2015-06-29 00:19 - 2015-06-29 00:20 - 02244096 _____ C:\Users\Ronnie\Desktop\AdwCleaner.exe

2015-06-29 00:18 - 2015-06-29 00:18 - 01133044 _____ C:\Windows\system32\CFG3568255147

2015-06-29 00:06 - 2015-06-29 00:06 - 00262144 _____ C:\Windows\Minidump\062915-31761-01.dmp

2015-06-29 00:04 - 2015-06-29 00:04 - 00003446 _____ C:\Windows\System32\Tasks\Umusxnojla

2015-06-29 00:03 - 2015-06-29 00:03 - 00000000 _____ C:\Windows\SysWOW64\track

2015-06-29 00:02 - 2015-06-29 00:02 - 00000000 _____ C:\Windows\prleth.sys

2015-06-29 00:02 - 2015-06-29 00:02 - 00000000 _____ C:\Windows\hgfs.sys

2015-06-28 23:54 - 2015-06-28 23:54 - 00000843 _____ C:\Users\Ronnie\AppData\Local\recently-used.xbel

2015-06-28 23:52 - 2015-06-28 23:52 - 00003332 _____ C:\Windows\System32\Tasks\PaintTool SAI

2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf

2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Wacom

2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\.android

2015-06-28 20:45 - 2015-06-29 00:09 - 00000000 ____D C:\Program Files (x86)\TabletPlugins

2015-06-28 20:45 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\WTablet

2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet

2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf

2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____D C:\Program Files\TabletPlugins

2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____D C:\Program Files\Tablet

2015-06-28 20:45 - 2015-02-27 08:16 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll

2015-06-28 20:45 - 2014-10-26 06:52 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys

2015-06-28 20:45 - 2014-10-26 06:52 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys

2015-06-28 20:45 - 2014-10-26 06:52 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys

2015-06-28 20:45 - 2012-12-12 08:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll

2015-06-27 18:58 - 2015-06-27 19:05 - 00000000 ____D C:\Users\Ronnie\Documents\Darkest

2015-06-27 15:46 - 2015-06-27 15:46 - 00123243 _____ C:\Users\Ronnie\Documents\Mariel tan clinical reference.zip

2015-06-27 15:46 - 2015-06-26 22:46 - 00000168 ____N C:\Users\Ronnie\Documents\ATT00001

2015-06-23 13:05 - 2015-06-23 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio

2015-06-23 12:42 - 2015-06-23 12:46 - 85317504 _____ C:\Users\Ronnie\Downloads\serviio-1.5.2-win-setup.exe

2015-06-22 02:34 - 2015-06-22 02:34 - 00000000 ____D C:\Users\Ronnie\Downloads\chrome_extension_1.5.1

2015-06-22 02:33 - 2015-06-22 02:33 - 00089435 _____ C:\Users\Ronnie\Downloads\chrome_extension_1.5.1.zip

2015-06-19 06:29 - 2015-06-19 06:29 - 00032079 _____ C:\Users\Ronnie\Downloads\steamSummerMinigame-master.zip

2015-06-19 06:29 - 2015-06-19 06:29 - 00000000 ____D C:\Users\Ronnie\Downloads\steamSummerMinigame-master

2015-06-16 09:20 - 2015-06-16 09:20 - 00000749 _____ C:\Users\Ronnie\Desktop\World of Warships.lnk

2015-06-16 09:20 - 2015-06-16 09:20 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships

2015-06-16 09:19 - 2015-06-16 09:19 - 07052760 _____ (Wargaming.net ) C:\Users\Ronnie\Downloads\WoWS_internet_install_na.exe

2015-06-11 02:45 - 2015-06-11 02:45 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOTSLogsUploader

2015-06-10 22:38 - 2015-05-28 17:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-06-10 22:38 - 2015-05-28 17:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-06-10 22:38 - 2015-05-28 17:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-06-09 15:45 - 2015-06-09 15:45 - 00001664 _____ C:\Users\Public\Desktop\Dungeon Fighter Online.lnk

2015-06-09 15:45 - 2015-06-09 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\neople

2015-06-09 15:43 - 2015-06-09 15:45 - 03064944 _____ (Neople) C:\Users\Ronnie\Downloads\DFO_Install.exe

2015-06-09 09:41 - 2015-06-09 09:41 - 00025218 _____ C:\Users\Ronnie\Documents\[DeadFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 09 [720p][AAC].mp4.torrent

2015-06-09 09:41 - 2015-06-09 09:41 - 00021199 _____ C:\Users\Ronnie\Documents\[BakedFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 10 [720p][AAC].mp4.torrent

2015-06-09 09:38 - 2015-06-09 09:38 - 00015756 _____ C:\Users\Ronnie\Documents\[BakedFish] Gunslinger Stratos- The Animation - 09 [720p][AAC].mp4.torrent

2015-06-09 09:37 - 2015-06-09 09:37 - 00019382 _____ C:\Users\Ronnie\Documents\[BakedFish] Arslan Senki (2015) - 09 [720p][AAC].mp4.torrent

2015-06-09 05:55 - 2015-06-09 05:55 - 00026176 _____ C:\Users\Ronnie\Documents\[BakedFish] Kekkai Sensen - 10 [720p][AAC].mp4.torrent

2015-06-09 05:55 - 2015-06-09 05:55 - 00026169 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Gunslinger Stratos - 10 [720p].mkv.torrent

2015-06-09 05:54 - 2015-06-09 05:54 - 00035123 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Arslan Senki - 10 [720p].mkv.torrent

2015-06-03 05:16 - 2015-06-27 15:47 - 00028160 ___SH C:\Users\Ronnie\Documents\Thumbs.db

2015-06-03 05:15 - 2015-06-03 05:15 - 00196645 _____ C:\Users\Ronnie\Documents\heroes code

2015-06-01 17:28 - 2015-04-03 23:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2015-06-01 17:28 - 2015-04-03 23:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 14:08 - 2013-04-16 22:33 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Mozilla

2015-07-01 14:08 - 2010-11-21 17:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-07-01 14:08 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration

2015-07-01 00:02 - 2014-11-19 06:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client

2015-06-30 23:55 - 2012-12-04 16:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-30 23:06 - 2012-12-04 15:13 - 01512528 _____ C:\Windows\WindowsUpdate.log

2015-06-30 20:49 - 2009-07-14 14:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-30 20:49 - 2009-07-14 14:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-30 20:47 - 2009-07-14 15:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-30 20:45 - 2014-11-16 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-30 20:42 - 2012-12-06 21:42 - 00000000 ____D C:\Users\Ronnie\AppData\Local\TSVNCache

2015-06-30 20:41 - 2014-07-02 15:36 - 00089958 _____ C:\Windows\setupact.log

2015-06-30 20:41 - 2012-12-04 16:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-30 20:41 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-30 20:40 - 2014-07-13 06:38 - 00008496 _____ C:\Windows\PFRO.log

2015-06-30 20:40 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Offline Web Pages

2015-06-30 20:09 - 2012-12-04 15:13 - 00000000 ____D C:\Users\Ronnie

2015-06-29 00:40 - 2014-07-02 23:03 - 00337920 ___SH C:\Users\Ronnie\Downloads\Thumbs.db

2015-06-29 00:08 - 2014-11-16 18:14 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-06-29 00:08 - 2012-12-04 16:02 - 00002259 _____ C:\Users\Ronnie\Desktop\Google Chrome.lnk

2015-06-29 00:08 - 2012-12-04 15:14 - 00001447 _____ C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-06-29 00:08 - 2012-12-04 15:14 - 00001413 _____ C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-06-29 00:06 - 2014-03-01 00:36 - 00000000 ____D C:\Windows\Minidump

2015-06-28 23:54 - 2013-12-02 02:55 - 00000000 ____D C:\Users\Ronnie\AppData\Local\gtk-2.0

2015-06-28 23:03 - 2013-12-02 02:21 - 00000000 ____D C:\Users\Ronnie\.gimp-2.8

2015-06-27 18:54 - 2013-12-21 03:15 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Battle.net

2015-06-24 01:17 - 2013-12-21 03:15 - 00000000 ____D C:\Program Files (x86)\Battle.net

2015-06-23 23:47 - 2015-01-17 00:24 - 00000328 _____ C:\Users\Ronnie\Desktop\IDS.txt

2015-06-23 13:27 - 2012-12-05 12:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-23 13:27 - 2012-12-05 12:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-23 13:05 - 2014-05-26 22:11 - 00000000 ____D C:\Program Files\Serviio

2015-06-18 08:45 - 2015-05-26 18:10 - 00000000 ____D C:\Users\Ronnie\Documents\The Witcher 3

2015-06-16 09:20 - 2014-01-14 22:42 - 00000000 ____D C:\Games

2015-06-16 04:30 - 2012-12-04 16:01 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Deployment

2015-06-10 22:39 - 2012-12-04 16:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2015-06-10 22:39 - 2012-12-04 16:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-06-09 05:37 - 2009-07-14 15:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-06-08 13:56 - 2012-12-04 16:01 - 00000000 ____D C:\Program Files (x86)\Google

2015-06-04 20:26 - 2015-05-26 18:10 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\NVIDIA

==================== Files in the root of some directories =======

2014-05-28 22:03 - 2014-05-28 22:11 - 0000132 _____ () C:\Users\Ronnie\AppData\Roaming\Adobe PNG Format CS6 Prefs

2015-06-28 23:54 - 2015-06-28 23:54 - 0000843 _____ () C:\Users\Ronnie\AppData\Local\recently-used.xbel

2014-06-21 12:08 - 2014-06-21 12:08 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:

====================

C:\Users\Ronnie\AppData\Local\Temp\i4jdel0.exe

C:\Users\Ronnie\AppData\Local\Temp\Quarantine.exe

C:\Users\Ronnie\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-23 15:21

==================== End of log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015

Ran by Ronnie at 2015-07-01 00:04:20

Running from C:\Users\Ronnie\Desktop

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2885900399-2701757196-3320320212-500 - Administrator - Disabled)

Guest (S-1-5-21-2885900399-2701757196-3320320212-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-2885900399-2701757196-3320320212-1005 - Limited - Enabled)

Ronnie (S-1-5-21-2885900399-2701757196-3320320212-1000 - Administrator - Enabled) => C:\Users\Ronnie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Witcher 3 - Wild Hunt» 1.0.3.0 (HKLM-x32\...\{BF679CAD-FE6D-4CBE-9E99-D7193809207A}_is1) (Version: 1.0.3.0 - CD Project RED)

¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version: - )

2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{F68D0307-2573-4BE7-9EFD-CB28D7E656E3}) (Version: 11.7.700.202 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)

ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)

ASRock eXtreme Tuner v0.1.71 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )

ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )

Auto Shutdown (HKLM-x32\...\{306037A5-6B16-4FFA-BF63-FBF1322D9139}) (Version: 1.0.0 - www.FreeAutoShutdown.com)

Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )

AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.5 - GPL Public release.)

Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - )

Bad Hotel (HKLM-x32\...\Steam App 231720) (Version: - Lucky Frame)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)

Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)

Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)

Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)

Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)

Card City Nights (HKLM-x32\...\Steam App 271820) (Version: - Ludosity)

CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)

Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)

Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version: - Cisco Systems, Inc.)

Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

Crawl (HKLM-x32\...\Steam App 293780) (Version: - Powerhoof)

DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - )

Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.5 - Electronic Arts)

Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)

Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden

f.lux (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Flux) (Version: - )

Fallout FIXT alpha 6.1 - Fixes Only (HKLM-x32\...\{83D6B5DC-9C8C-4DE2-B66C-14FA5C8680B5}_is1) (Version: alpha 6.1 - Fixes Only - Sduibek)

ffdshow v1.3.4513 [2013-05-25] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4513.0 - )

FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)

FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)

Fraps (HKLM-x32\...\Fraps) (Version: - )

Full Combat Rebalance 2 Hotfix version 1.1a (HKLM-x32\...\Full Combat Rebalance 2 Hotfix_is1) (Version: 1.1a - Andrzej Kwiatkowski)

Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version: - Over the Top Games)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)

Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - )

Happy Cloud Client (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.5.56756 - HearthstoneTracker.com)

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)

Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)

HOTSLogsUploader (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)

Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version: - Zachtronics)

Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Java™ 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005F0}) (Version: 7.0.50 - Oracle)

JC2-MP version 0.0.11 (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.11 - )

LAV Filters 0.57.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.57.0 - Hendrik Leppkes)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version: - Almost Human Games)

Leviathan: Warships (HKLM-x32\...\Steam App 202270) (Version: - Pieces Interactive)

Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)

Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version: - )

Magicka 2 (HKLM-x32\...\Steam App 238370) (Version: - Pieces Interactive)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.1.0.6 - Marvell)

Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)

Media Go Video Playback Engine 1.120.106.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.106.05010 - Sony)

Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)

MPC-HC 1.6.9.7418 (e326535) Beta Lite (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.9.7418 - MPC-HC Team)

Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)

Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)

Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150311.103813 - Square Enix Ltd)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)

NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)

NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)

One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Pid (HKLM-x32\...\Steam App 218740) (Version: - Might and Delight)

Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu)

PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)

Ring Runner: Flight of the Sages (HKLM-x32\...\Steam App 258010) (Version: - Triple.B.Titles)

Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )

Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)

Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)

Serviio (HKLM\...\Serviio) (Version: - )

Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)

SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden

Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)

Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)

SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)

Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)

Soundcloud Playlist Downloader (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\97191aeb98350aa5) (Version: 1.0.0.14 - Soundcloud Playlist Downloader)

SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)

Spotify (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)

TERA (HKLM-x32\...\Steam App 323370) (Version: - En Masse Entertainment)

The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)

THX TruStudio Pro (HKLM-x32\...\{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}) (Version: 1.0 - Creative Technology Limited)

TortoiseSVN 1.7.10.23359 (64 bit) (HKLM\...\{71EFF430-1A34-423E-8EAF-A80173960A8E}) (Version: 1.7.23359 - TortoiseSVN)

TP-LINK Wireless Client Utility (HKLM-x32\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version: 7.0 - TP-LINK)

Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)

Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)

Unity Web Player (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Volgarr the Viking (HKLM-x32\...\Steam App 247240) (Version: - Crazy Viking Studios)

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)

WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

WinDirStat 1.1.2 (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\WinDirStat) (Version: - )

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

World of Warships (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net)

XFastUsb (HKLM-x32\...\XFastUsb) (Version: - )

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15DD00FB-3248-4ACE-B342-CA5DF9B3F6A2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)

Task: {2C461C71-0989-4860-B4DC-3AA3B7868C0D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04] (Microsoft Corporation)

Task: {6AB0293A-1176-4552-89A9-5FFA3558EBFC} - System32\Tasks\Umusxnojla => C:\ProgramData\Umusxnojla\1.0.1.0\nojriomx.exe

Task: {781305A6-E129-4994-8FB1-3FD52F3FB7F3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

Task: {86636780-AB18-44C3-858A-89CE14E7FC6B} - System32\Tasks\launchspotflux => C:\Program Files (x86)\spotflux\.\spotflux.exe

Task: {9CD4C578-B765-4D98-9F16-45F06B3AF374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)

Task: {A7E313DB-EC65-494A-99C5-B51030E1904D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)

Task: {C70B7AB3-3756-4D6B-8A06-0C9F8B244B82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)

Task: {CBC3173C-81DB-41A4-9E25-F71ADC04BA50} - System32\Tasks\PaintTool SAI => C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp\prsetup.exe [2015-06-19] (SystemaxJP, Inc. ) <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-20 14:09 - 2015-05-28 14:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-11-21 20:29 - 2013-11-25 20:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2015-03-21 18:54 - 2015-03-21 18:54 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe

2014-05-06 16:48 - 2014-05-06 16:48 - 00007168 _____ () C:\Program Files (x86)\spotflux\services\SpotfluxCore.dll

2014-05-06 16:48 - 2014-05-06 16:48 - 00009728 _____ () C:\Program Files (x86)\spotflux\services\SFEvents.dll

2014-05-06 16:48 - 2014-05-06 16:48 - 00018432 _____ () C:\Program Files (x86)\spotflux\services\WebServices.dll

2012-10-08 20:10 - 2012-10-08 20:10 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll

2010-01-03 00:42 - 2010-01-03 00:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2012-06-19 01:24 - 2012-06-19 01:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll

2015-06-28 20:45 - 2015-02-27 08:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll

2013-06-18 16:58 - 2013-06-18 16:58 - 00006144 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll

2013-06-18 16:58 - 2013-06-18 16:58 - 00008704 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll

2013-06-18 16:58 - 2013-06-18 16:58 - 00007680 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll

2015-03-21 18:54 - 2015-03-21 18:54 - 00368640 _____ () C:\Program Files\Serviio\bin\ServiioConsole.exe

2015-06-30 20:46 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

2015-04-15 07:04 - 2015-05-23 11:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2012-10-08 18:42 - 2012-10-08 18:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

2012-11-30 07:59 - 2012-11-30 07:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2015-06-23 03:59 - 2015-06-20 15:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll

2015-06-23 03:59 - 2015-06-20 15:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

2015-06-23 03:59 - 2015-06-20 15:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com

IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com

IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 203.0.178.191

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Ronnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: F.lux => "C:\Users\Ronnie\Local Settings\Apps\F.lux\flux.exe" /noshow

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: Steam => "D:\Program Files\Steam\steam.exe" -silent

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

MSCONFIG\startupreg: XFastUsb => C:\Program Files (x86)\XFastUsb\XFastUsb.exe

MSCONFIG\startupreg: Zune Launcher => "D:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{412E7CAF-FE1D-48CD-BF7E-A9CD4F175B90}] => (Allow) D:\Program Files\Steam\Steam.exe

FirewallRules: [{8AE1F6AF-342B-4552-AE02-6D7ADD1F37E3}] => (Allow) D:\Program Files\Steam\Steam.exe

FirewallRules: [TCP Query User{C6664477-03F3-4EED-9B6F-ECDC963D504B}D:\program files\baldur's gate enhanced edition\bgee.exe] => (Allow) D:\program files\baldur's gate enhanced edition\bgee.exe

FirewallRules: [UDP Query User{66BFBDE4-CAC2-4EC7-A85D-985051989A68}D:\program files\baldur's gate enhanced edition\bgee.exe] => (Allow) D:\program files\baldur's gate enhanced edition\bgee.exe

FirewallRules: [TCP Query User{CD783514-EECE-4B7D-8E60-92784A37CA84}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [UDP Query User{5563F6C9-F23B-45CD-8ACD-DEA8468D6B0D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [TCP Query User{4138A147-4E6A-4988-A931-2438025736A5}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe

FirewallRules: [UDP Query User{8A324524-7B4A-4A88-868F-46D029513E43}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe

FirewallRules: [TCP Query User{602D27CD-6108-46DB-982B-6D6C54129601}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe

FirewallRules: [UDP Query User{964B17DA-3932-499F-B5A0-F3B4ACF837D6}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe

FirewallRules: [{06F927D6-8D5E-4115-B2ED-FE659B9E3579}] => (Allow) D:\Program Files\Steam\steamapps\common\Half Minute Hero\HMH.exe

FirewallRules: [{5A28BBBC-1461-420A-9E9A-070D0D7BD9E8}] => (Allow) D:\Program Files\Steam\steamapps\common\Half Minute Hero\HMH.exe

FirewallRules: [TCP Query User{146E8EC0-D56D-4FC8-86D5-F7FC68EDEBDC}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [UDP Query User{C2299C39-6DF9-4109-BF9C-079692B02EE2}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe

FirewallRules: [{44A64EF6-848B-4C87-9671-4C8844A7B3E9}] => (Allow) D:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{2C9ECC71-1071-474D-9C9F-C3F85F36EE07}] => (Allow) D:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe

FirewallRules: [{516A7CFF-DF75-4F1F-ADF6-4753D92E5B9C}] => (Allow) C:\Windows\SysWOW64\msiexec.exe

FirewallRules: [{3302A791-B20C-4BE5-A762-60BBCBA8B54A}] => (Allow) C:\Windows\SysWOW64\msiexec.exe

FirewallRules: [{2E7745B4-23D7-4C68-8E79-768F690A8348}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

FirewallRules: [{BFD328B6-2388-44F6-8180-382334FFA96C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

FirewallRules: [TCP Query User{C956F4B7-9E78-4D04-A499-7BA9A61B161E}C:\users\ronnie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronnie\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{08129C21-62D8-44E5-8FAB-23E77228AF31}C:\users\ronnie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronnie\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{78A5BCC7-F2F0-4D08-B982-F8FAB344E5C5}C:\users\ronnie\downloads\windward.exe] => (Allow) C:\users\ronnie\downloads\windward.exe

FirewallRules: [UDP Query User{46850633-84EF-46D9-A0B7-E04213BA321D}C:\users\ronnie\downloads\windward.exe] => (Allow) C:\users\ronnie\downloads\windward.exe

FirewallRules: [TCP Query User{600329BF-404B-405B-8DEE-D35C80ACD587}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe

FirewallRules: [UDP Query User{8FB353C3-7BE0-4FD2-83BD-B9AD5B53FA3F}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe

FirewallRules: [{FDA5DDEE-CCD9-4AC0-B545-D9F0AE7BA91E}] => (Allow) %ProgramFiles%\Zune\Zune.exe

FirewallRules: [{E4208D9F-5FA8-41BC-B6C1-620492224A72}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{9E10D75F-9B68-46EA-A269-7C41E6ADA6E2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{B2A6CC22-D8E0-4939-92E6-2B8AE59E722D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{EF6A0C4D-A12C-4690-87D5-EEC427D0649A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{E4E88EAF-6A67-4957-A37A-79FEE3EFE365}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{C3BD43E2-1DD3-4FC5-BD70-4EE1362A88AA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{3E8E929C-3A6F-4A65-A4E9-1BC2649B44DE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [{EA846C29-E68A-4472-94F3-268FC202747F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe

FirewallRules: [TCP Query User{14E4B36F-5A8C-4917-85D7-D918CB7DAD5A}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [UDP Query User{C047DD81-00BF-4B68-A285-5081B34091BA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe

FirewallRules: [{44AC1D3A-3111-4467-9660-B9DAA7D0CF37}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\Torchlight2.exe

FirewallRules: [{3709071D-1F92-4C17-A9D1-ACBB30B2CB33}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\Torchlight2.exe

FirewallRules: [{54B7A662-15A9-42E2-B67F-27141C2F7252}] => (Allow) D:\Program Files\Steam\steamapps\common\solar 2\Solar2.exe

FirewallRules: [{0AC454DA-5671-4731-A27E-5F67AB57A98F}] => (Allow) D:\Program Files\Steam\steamapps\common\solar 2\Solar2.exe

FirewallRules: [{E9FBF645-A433-47D0-B867-21044359330A}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\NMService.exe

FirewallRules: [{FCBF2FEB-1F0C-4826-908C-5C07AF436682}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\NMService.exe

FirewallRules: [{244D9C0C-3629-4773-945F-E85CE6AD1BB9}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\ModLauncher.exe

FirewallRules: [{104B4213-D9C0-495C-80F0-6EE08EC183A6}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\ModLauncher.exe

FirewallRules: [{98EDC42E-5D48-4339-906D-AF4806942CE9}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe

FirewallRules: [{6EF85D91-FA1C-48A5-BCE3-70882F1D3764}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe

FirewallRules: [{1A86334F-06AF-4F53-AF23-60901AC93922}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe

FirewallRules: [{25D6EE81-6C15-45BF-9D8B-CD2154481C5B}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe

FirewallRules: [{49B2F31A-9108-4524-8FC2-F59B563DF557}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe

FirewallRules: [{3520845D-BB18-4673-9E4D-C55D85A2C862}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe

FirewallRules: [{95669742-9BA2-4B19-9F82-1194B2E9F3E1}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe

FirewallRules: [{633CBC13-ABB9-4288-B8E6-F686918AE920}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe

FirewallRules: [{5198B1F6-8231-4732-A0BF-7514BF52CCF4}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe

FirewallRules: [{BC1C7498-2D33-4D83-A096-2F0F79D58798}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe

FirewallRules: [{3DD74045-9251-4AC0-9D51-419551812433}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe

FirewallRules: [{F5D35485-62AB-48B9-8D91-0812259BEA61}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe

FirewallRules: [{EA83FB0D-8F50-4BD9-BAA2-93808DFA402E}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\vslauncher.exe

FirewallRules: [{0ADFF588-9E9F-4C99-8C99-B81EA5AB73CF}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\vslauncher.exe

FirewallRules: [{262C265A-BE16-43F8-BFFC-B2BF76C4D5E0}] => (Allow) D:\Program Files\Steam\steamapps\common\the banner saga factions\win32\The Banner Saga Factions.exe

FirewallRules: [{F13296F2-84A7-42A6-A712-B78A589D90F1}] => (Allow) D:\Program Files\Steam\steamapps\common\the banner saga factions\win32\The Banner Saga Factions.exe

FirewallRules: [{538EF65A-3211-4049-B186-1B58B412D871}] => (Allow) D:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{106459E6-72A3-406E-95A6-E95D66A00925}] => (Allow) D:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{F645ED71-C9E0-498B-B82F-E62C1E50379A}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe

FirewallRules: [{6D169B40-B731-49D5-AC23-3069AB72F20E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe

FirewallRules: [{7229E5D3-5C7C-42EB-BA29-33CA62C01D6B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe

FirewallRules: [{CFDC4D20-2F8A-4DF2-B598-B54360FDD2BB}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe

FirewallRules: [{30D0039E-ED68-4FDE-8445-082895FAE7EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{EFC9F34F-4833-494B-8884-D53FE8521C37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{8C621A08-67DF-4894-8C48-58B99A251317}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{59115A8D-C05E-4379-BC6D-FB6ACEA7BE25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{8D322357-8433-42AC-9753-A15B5D0340D0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{1B3410F1-8593-4A81-A228-046B30C63BEA}] => (Allow) D:\Program Files\Steam\steamapps\common\Leviathan Warships\Leviathan.exe

FirewallRules: [{5340DA08-5BF8-4618-A666-C3B238F9A92E}] => (Allow) D:\Program Files\Steam\steamapps\common\Leviathan Warships\Leviathan.exe

FirewallRules: [{73BAEF40-5E86-44B2-8883-84CF9FB68FAB}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe

FirewallRules: [{438A82E8-ACE3-4959-B5B8-651EABA7366C}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe

FirewallRules: [{733A6F27-7BD1-4DD9-B0F6-9243AE0F7C8A}] => (Allow) D:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe

FirewallRules: [{A4ED4777-3B62-48F4-9F25-BB2BE38DF45A}] => (Allow) D:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe

FirewallRules: [{22CF3C64-ECD5-4291-B5E5-DB5D72136782}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe

FirewallRules: [{3AEEC070-8475-4096-BCF0-4FF0D4B681B6}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe

FirewallRules: [{66CC69FB-3F6D-4215-9E3F-89AD5A30FF1C}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{003CE5F4-1334-4A7F-A40A-35EE44ADD3F3}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{D3E04C91-79CD-4E46-ABBF-F68577D19169}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{3B21E20C-FABE-4186-83A4-F9795FD170D2}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{8A29C1C9-8B54-4BE4-A62D-211369B69E23}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{0C6D73CD-E6B6-40CD-B5FD-3A74C840946F}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{1765E327-51EE-4CDF-B303-D44472647EAE}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{498D1A6C-044F-4DB9-A09E-B77502985776}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{E3E9B106-76F5-4B6E-A50C-576C032890DE}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{E482BFE6-2DC0-4B33-BB1C-26C3C7DB73B7}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{A8C2A4ED-DE9C-4834-B072-24309E16A817}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{F0ABFECF-E668-4090-A4F4-ACC9112A5DF6}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{0F08D0CD-5E2B-4B7D-ADAB-DFD3BDD6DE2D}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{F51A79BC-696F-4A9E-8EAA-A985E5753C9C}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{77B0A29D-FF87-4372-AF18-F8E689FD6777}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{2893AC35-7322-4E6C-9266-968619F409FC}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{A3914AE1-592A-4FD5-A704-8D8B4C463CC2}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{48452B53-BB02-4A5D-BF10-AD9CDD6767A7}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{18FEFB82-6063-47C4-A632-3CD929C8D3A5}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{6A2E46DE-1F74-4B8E-84B9-7DF6CA904BA7}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{1DB08E28-D0E9-44C0-9EF8-908208B3253B}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{CBDC58DE-1100-461D-A703-545313C4B2A1}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{D57D2FF4-F29C-4455-843F-9867CC5B4869}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{70430733-0550-42C1-9E4C-DEA761B5AE31}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{078327AD-0EE8-44ED-AC7E-8DBB80FE0B8C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{50F20BC0-BF46-46E5-B790-5DC10CBA1BC3}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{1911F169-BE81-4508-92E2-BECA8EDFFFD7}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{09AA5188-C28D-48A5-93C8-23BF1DECF6E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{36FD4191-1E6E-4ED6-B4A4-26D720517E2E}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{8C0AF4AD-D5C0-40B4-A8D5-574D5D732568}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{97E859B4-3313-44DF-8409-6C633CA4E51D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{1536BDEE-3323-4244-AD79-0162A7EC2086}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{A3B403CB-D24C-46A4-BA08-B456ADB17F6B}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{DD57105F-779A-41AE-BD59-B9D89110D412}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{8677D568-4FCC-44E7-9082-B4970CB94BDA}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{D31A5248-B42B-45AA-A77E-84CB320588DF}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{33E8C46B-FB7D-4BE6-96AD-3B93A3F2E5E6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{5E8F2A2E-66E7-416D-8037-2CBF91D904FD}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{4583B590-F358-44ED-A212-C98BA0A0D909}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{4571305F-0179-4878-8FFA-7A4B96A61FBC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{11049DF3-2ED7-46D8-8EC2-CFAAC4F75F63}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{2E3B4230-847C-4F65-AF98-24E89C39110B}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{1307D5A1-0D18-4CC6-AD83-2D0C7712559F}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{B4D1B377-96F5-4246-8870-18417AB62815}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{3D106063-78CE-4C81-B81F-26BA7ED0E398}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{EEC819A3-224D-4F6C-982B-CBDE66DD9FFC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{961B2845-E234-44C3-9625-80995B8C9FB6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{3A9EBAC2-CDCD-471D-88C7-35AE2E798CFE}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{2F609114-7B59-456E-BD44-6A74E4B22590}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{9808ECC6-1F47-4A64-A420-02C8921411AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{8CD3DEDF-8C8C-4612-842B-50E9CFCB116B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{93088353-D711-4858-961C-173071671996}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{3B656B57-3F9F-41E9-8751-30DC913EF974}] => (Allow) D:\Program Files\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe

FirewallRules: [{EB7FA081-8735-484B-8574-9809657D5F7F}] => (Allow) D:\Program Files\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe

FirewallRules: [{2CD99FED-A5AC-4EB3-8185-614776A3D7EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{99380823-229E-4DC9-9015-90F9D461B59F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{730E68CA-B808-4822-A672-7E6AD80815ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{BF2B6098-5FEC-482F-8D19-A373FE928C1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{DCF9D147-CDBC-4634-8DF4-7D92C678CFF0}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{CC6C260D-F77D-4E21-8417-04F3CE995812}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{D060EB2A-3BC6-43E1-93AB-00BEF573CAE1}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{2D907E5D-28B8-4F22-B421-D57133694C49}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{9457B3F8-A55F-43C6-9B81-6733BAC3377C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{B91BC462-D6E8-45E0-984D-6828EC727445}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{E1CD1CB3-13DB-494C-BD20-FFFB85B198FC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{A27C7F26-D2AE-47B2-A458-82FB8CFB13AD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{C6EDE3C1-6870-4DE5-A0B9-EA0437A7FBAC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{B8E7537C-BC9E-4229-919D-384E394BEDCB}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{07ED5F45-28BE-43E5-89AA-66EDF2B732F6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{6A45902C-B1A6-4CC5-B8DD-911F25746375}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{C58E7E93-BA16-4844-B792-66F5BA3DA5F6}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{70C27E24-D39B-4A9E-874D-7006047FC9B9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{08E24E67-E3AF-4C8F-8520-737777A43A5D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{9A5D1BF9-A750-4A06-A618-13AF6112D290}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{7EAC5091-5B66-453E-B53B-F5E0E738C604}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{8DE3A1F0-E2FC-436A-B165-E52B1B70A52F}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{2CC33EE5-0EA7-4EE9-A357-5FCDFAF99DAD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{DE27641F-494B-4831-800B-6ED49AF49B80}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{4DDA2515-FCA6-4458-9586-B9219B808CF3}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{C209AEBD-FA06-404E-9460-EBF8114A48F0}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe

FirewallRules: [{B8EABB7E-83D2-4439-A6CA-63C6827AFE33}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{1D1DAB37-0C9B-4746-A3BA-CECE73CF49CF}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{237421A0-5562-4E00-9BA5-65117042AB5D}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{DBD2FBC7-D109-4468-BC2F-76451AB4BA89}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{C32B64C7-1543-4280-B4A8-5AA8650C27E7}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe

FirewallRules: [{A635A2E4-22A6-4C22-9073-F95B497A1991}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe

FirewallRules: [{C8C812B7-2977-415B-B870-60679D9EFF7A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{CC805D59-FF39-4649-8D42-E527E7D1B1E4}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{2AD11437-0010-4FD3-85BC-16C3763FD850}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe

FirewallRules: [{E71A222A-ED62-4643-A6B6-9B8FEDF38079}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe

FirewallRules: [{AA0E54A1-C266-424D-833B-48C6B8732745}] => (Allow) D:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe

FirewallRules: [{3F065946-145B-46F8-B6E9-91627884A7CE}] => (Allow) D:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe

FirewallRules: [{19125D61-D95E-4D7E-99F1-EDAA84DDB163}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{EC3703BE-A437-48A3-8ABC-0B0575314BE5}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{297F61D1-8F88-42E5-B4A8-28E37A882174}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{D7795F7B-C9A7-4B46-99C7-438B12221C1C}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{72B51B7E-26A6-4674-B54E-3AE43173831E}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{533D224D-939A-4B92-BA05-9CAAD6955E04}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{D60F259A-B1C0-423E-A9D9-B7FD2D829D16}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{74D68A2E-90C8-4CDF-907E-7D45E82C5B20}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{335C9B2B-55F7-40F0-983B-10743EA33A3A}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{DB8203FE-165E-4561-8090-19DF3C218690}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{0803B581-9ED6-4D85-B066-DC9B3C0216CC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{B601983A-F6FA-41BE-87B8-964085A48826}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{EED5EE36-A5FF-45CC-9FAD-1FF6E49C47D9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{F8FD2EDC-C7C7-4720-9BF1-4839799A9664}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{AA2930BA-A43C-4048-AA87-89E4ABB5FF85}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{30A75901-FB4A-41F8-834B-7EFBA9857BDB}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{B443F23F-F96E-47E3-8C86-9BB2B8D49A7A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{8B74CDFB-633B-44E2-AA30-4D9FBEBEAC7C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{CEBCC2B8-3038-442E-A9E7-7FC52AD10374}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{58A9B182-F2A6-4C7C-8696-B544243801B9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{7702F246-5854-454F-97D2-5B865675C2DD}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{85949DD3-1EFF-45F1-8115-DC67E2449C51}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{9A8CFDE9-4BCF-4A41-A9D9-EBC9423DEFB4}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout\falloutw.exe

FirewallRules: [{55D085D5-5A70-47A6-A34E-1E7F7AD8A06B}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout\falloutw.exe

FirewallRules: [{B74545C5-42EE-4B6B-A93A-7DB79C10D055}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{CCA3C0BE-4AF0-4D78-B2B5-1F824EFFB308}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{84C0F48C-2592-4A20-9E8E-B2476A5DB470}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{00E2BC57-8496-4916-8F7C-4F6458669079}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{A4ED4E4B-784F-4FAD-9A7D-FBC7018EFA86}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{5DACA985-FF11-4DF1-8AB8-ED3177E2C30D}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{6E6918E2-046D-405C-9F28-5A54369E3D86}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{5BC49052-FF6F-4424-80D9-768EE23C6D1E}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{946EF9F3-8BA8-4409-97FE-817011C01B5A}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{E4135039-5593-465E-AFFA-DD3DE482B786}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{28B42C90-9E0F-4BF6-A611-54A9AA37CF7E}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout 2\FALLOUT2.exe

FirewallRules: [{160E1DF2-7C83-415E-8EC0-EF4FEC47C430}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout 2\FALLOUT2.exe

FirewallRules: [{080CDC47-6F5A-4BF4-A9B7-B1AA2EBB5646}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{046E603B-7A10-4B80-A046-587FD11A8C02}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{9A5EA263-2EF4-4678-8F86-7B132D903C24}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{4D8E52B9-4E36-42B6-8398-ED98365B89E0}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe

FirewallRules: [{48A3D0D4-526A-4192-857C-8FFD5E70C0BC}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{2C5E7DF1-D836-460E-97D9-90F2E2E5FC9E}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{97C03E64-09F9-4FA2-9F9A-B55BA664AB79}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{91210BC4-634E-4C55-A9C8-860951D67288}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{6812766D-8B96-40D8-A537-E2D102A4A5BD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{3E56EFFD-900E-440E-8FF6-407A1B0708F2}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe

FirewallRules: [{C285BDBA-6071-45B8-8C8C-D997D2830EAA}] => (Allow) D:\Program Files\Steam\steamapps\common\terraria\Terraria.exe

FirewallRules: [{2418F1AD-D5C0-4A15-9630-D15B3D3F0843}] => (Allow) D:\Program Files\Steam\steamapps\common\terraria\Terraria.exe

FirewallRules: [{03D5BEF5-C189-4117-A830-0C4AC0B51B22}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{594D612D-5CCC-4FC2-B63D-BADB7FFD1F9E}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat

FirewallRules: [{EB9626E1-E55C-4163-A617-12379A756A38}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{FA6FED7B-DAD7-4059-A162-B5FF83DE0BB1}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{04EFB2E9-C81E-4D74-A24F-009807D225AE}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{7EB00E5C-607C-4393-A579-DCA69EFBB752}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{CFE0159D-C884-4AB3-91B5-47C0D367CC11}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{E904D6D2-265A-4D27-8DC0-5ECC51132940}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{A84E1313-F7C8-4BA7-8195-9E03E4A666DE}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{F5921A45-DB13-4069-ABB3-FDBA52F05BD0}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe

FirewallRules: [{9E56463C-995C-4C69-BE04-143153339BC1}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe

FirewallRules: [{84625924-B8DD-42BE-AA71-4FF2AC1F7D8A}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe

FirewallRules: [{0313752C-E26E-47C9-B98D-E743E0955D05}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe

FirewallRules: [{6C47E122-D8A3-43D1-AE08-316EBEAFEF4A}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe

FirewallRules: [{DBEB73F3-A1B7-4E78-886E-3E8B0D1DDAB6}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\ROTTManual.pdf

FirewallRules: [{13B623D1-584B-436D-91F8-DC3DD806EA98}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\ROTTManual.pdf

FirewallRules: [{B99B1F35-95E9-4E09-B6D9-49B818C86DEA}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{120B5160-050A-4A46-AAFC-AFDB26B5C9BB}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe

FirewallRules: [{BAE79657-5E4A-40DF-B39C-37F68E0CD7CC}] => (Allow) D:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe

FirewallRules: [{938D6A11-6D6F-42E1-95F6-5BE14CDC3CCF}] => (Allow) D:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe

FirewallRules: [{61BC2D1B-AD54-41C9-98F2-CDC6861B6995}] => (Allow) D:\Program Files\Steam\steamapps\common\The Bards Tale\Config\The Bard's Setup.exe

FirewallRules: [{AEBD072A-0411-4026-A1E4-DD02C513807C}] => (Allow) D:\Program Files\Steam\steamapps\common\The Bards Tale\Config\The Bard's Setup.exe

FirewallRules: [{4058B27C-0BF7-48AF-A852-BE2DB7981208}] => (Allow) D:\Program Files\Steam\steamapps\common\RingRunner\RingRunner.exe

FirewallRules: [{EF982D9C-DF31-4C35-A7DB-9D1851554FBD}] => (Allow) D:\Program Files\Steam\steamapps\common\RingRunner\RingRunner.exe

FirewallRules: [{317327D0-1C0E-4707-AB4D-CEC6D3B71D0C}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{51C65E98-46E5-43C6-A5C6-4E89731C4CC1}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe

FirewallRules: [{6E83932B-F22D-420E-86BE-2FA4B6A47D1B}] => (Allow) D:\Program Files\Steam\steamapps\common\DungeonDashers\DD_Public_LevelEditor_66.exe

FirewallRules: [{A670F2EE-7387-4DBF-BE04-AD9D28201FA3}] => (Allow) D:\Program Files\Steam\steamapps\common\DungeonDashers\DD_Public_LevelEditor_66.exe

FirewallRules: [{B64DE2D5-6513-491D-B397-74430951093A}] => (Allow) D:\Program Files\Steam\steamapps\common\Pid\Pid.exe

FirewallRules: [{9881AEBF-BDE1-4BD9-9CA8-BE308F27D14A}] => (Allow) D:\Program Files\Steam\steamapps\common\Pid\Pid.exe

FirewallRules: [{C674123D-763E-4D02-B29F-CD4AC75F17A2}] => (Allow) D:\Program Files\Steam\steamapps\common\Card City Nights\ccn.exe

FirewallRules: [{A4D06332-2CE0-4336-8A55-2B7584CFC86D}] => (Allow) D:\Program Files\Steam\steamapps\common\Card City Nights\ccn.exe

FirewallRules: [{01CACA77-EE2D-41C0-B6B8-F5CE783954F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{8F086B52-22E5-4A50-BD7B-4F0B6730818F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe

FirewallRules: [{82E85E8C-D740-4521-9988-E8D032C82C48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe

FirewallRules: [{FAD9ED32-6C13-4DCB-8709-7072EB2CD0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe

FirewallRules: [{F8F3AF44-41B0-4C40-879B-E82ACA9D9A7F}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rustlauncher.exe

FirewallRules: [{D186E8D8-FA1D-4872-984A-87ABDED1EFEE}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rustlauncher.exe

FirewallRules: [{049F09A6-B0C3-4F50-910B-77422FA7B60E}] => (Allow) D:\Program Files\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [{1E7A213A-B84B-4EE1-A9F5-3ABA0E5F18A2}] => (Allow) D:\Program Files\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [TCP Query User{92BE651D-1837-4B3D-AEB8-0254C386448D}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe

FirewallRules: [UDP Query User{03BDAB05-2F72-43C3-BFB3-A5A1E0930528}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe

FirewallRules: [{48B0E9C6-3239-47D1-8D5A-3FDF90FEBA5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe

FirewallRules: [{54B36CFB-6467-4725-8E04-B61A54F7E8E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe

FirewallRules: [{77A805FF-661B-4E68-A307-DB4BEF966C68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe

FirewallRules: [{31967F72-0AB0-4032-B471-DA9D2B30F98C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe

FirewallRules: [{5750AC62-7C0C-4E5C-ADCF-4FCFFA4F7457}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe

FirewallRules: [{B66E3270-42F5-4562-AF6F-C5EDCBBE1D12}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe

FirewallRules: [TCP Query User{1F05F35E-EDC1-4E14-AD29-EA733DDDB05D}D:\program files\age of wonders iii\aow3.exe] => (Block) D:\program files\age of wonders iii\aow3.exe

FirewallRules: [UDP Query User{E05B8AD6-138B-4C33-B868-92EE6614493A}D:\program files\age of wonders iii\aow3.exe] => (Block) D:\program files\age of wonders iii\aow3.exe

FirewallRules: [{720F8CB2-22CC-4770-AABD-AD4E83B9D481}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [{52BE6EBF-380C-4BDF-8925-C9EBDADD265B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [TCP Query User{760AC2AF-F0C3-4C16-9C24-1768E8C8C23E}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [UDP Query User{620D62E4-C60A-4422-89F0-DBF768E4DC1A}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe

FirewallRules: [TCP Query User{EBE877D1-94AE-4F32-9DD1-02BC1BC3CB50}D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe

FirewallRules: [UDP Query User{D7E5613E-FF6A-4378-AC3C-531E5FBE950A}D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe

FirewallRules: [{A0615CC2-28E1-4A79-9AAA-A123422822B5}] => (Allow) D:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe

FirewallRules: [{CFD02663-765E-4D99-B32A-ABC940344B85}] => (Allow) D:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe

FirewallRules: [{39B057EB-C628-44D0-8A0A-77559AAAC0A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [{9A71D78D-1674-4310-8560-39E81273B971}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [{392CDF2B-49B0-46A9-A0B0-166DBB0A12F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [{BAEA5718-5391-44D9-BD3C-255D85C46B4D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [TCP Query User{2C0F0D88-2F89-4DF9-B5C5-C237BBBCEACA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

FirewallRules: [UDP Query User{CC901EEF-021A-4685-8749-6B8ADED63EC5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

FirewallRules: [{FF4272CA-31FC-4329-ACF5-E5FC496C42B9}] => (Allow) D:\Program Files\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe

FirewallRules: [{BF823D78-8B8A-4F96-AB11-FB2D2511AE4C}] => (Allow) D:\Program Files\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe

FirewallRules: [{24A25A07-8699-453C-A346-F417BE10F8AF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe

FirewallRules: [{446093DA-FC5D-4F75-A5F3-91ADC1646C3C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe

FirewallRules: [{04F70AC4-23BC-4589-A205-87A77AFCD712}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{A2C5CF48-4EB6-452B-9778-1B1AF2853BB9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{4D1D428C-C46E-4234-B388-FF6CD9BA0F9E}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{AF0FE634-5971-40C3-A2B9-6CFB818B46AB}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{438B1562-7C33-482B-892A-92B36F23D4E1}] => (Allow) D:\Program Files\Steam\steamapps\common\Ironclad Tactics\Game.exe

FirewallRules: [{DC21FD93-8F25-4D90-A87B-EF55911A3485}] => (Allow) D:\Program Files\Steam\steamapps\common\Ironclad Tactics\Game.exe

FirewallRules: [{9D35CEB1-9190-48F3-BD66-046A02E26EFF}] => (Allow) D:\Program Files\Steam\steamapps\common\Bad Hotel\BadHotel.exe

FirewallRules: [{BABCBF57-469B-4011-8B80-C574933CD73B}] => (Allow) D:\Program Files\Steam\steamapps\common\Bad Hotel\BadHotel.exe

FirewallRules: [{EA45C27F-FBE3-4D96-BF19-529A83309A14}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Game.exe

FirewallRules: [{0973C474-616D-486D-9C17-72C0B12BC231}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Game.exe

FirewallRules: [{F032B615-3B11-4DD2-A94A-32ECCA8B29AD}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Config.exe

FirewallRules: [{050F2725-BA4F-4625-AADE-3F1AE6833F57}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Config.exe

FirewallRules: [{68E8ECDF-2040-48A3-A54D-8B1BD9C90403}] => (Allow) D:\Program Files\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe

FirewallRules: [{858D9E45-1C34-4F1F-8D14-52B7E3D27D6C}] => (Allow) D:\Program Files\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe

FirewallRules: [{0EF9FB28-2F04-452F-8C22-5319A73BE6FE}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe

FirewallRules: [{A359AC50-CDD0-4FCD-BB48-C3FE9DCFAA31}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe

FirewallRules: [{540186DE-8810-4579-BE60-95774DF4265E}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\experimental\Rust.exe

FirewallRules: [{DCECEEF6-C484-4E45-9EDF-8859D205C1C9}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\experimental\Rust.exe

FirewallRules: [{09EA22D8-53B5-48AA-97A9-BA5640CAC99D}] => (Allow) D:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe

FirewallRules: [{EDCCDDE9-0B75-42EF-A366-9CE159F872DE}] => (Allow) D:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe

FirewallRules: [{38FF56EF-BEBB-4F1F-B0C3-7E12644AF57A}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe

FirewallRules: [{27544DBF-6204-47FA-A946-2BA789C78AD5}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe

FirewallRules: [{287DAE77-7649-4611-822F-574D14BE2F76}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe

FirewallRules: [{F3E21572-C0B0-4D92-A055-CE1C10D0384A}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe

FirewallRules: [{ACA82A24-F904-4D7E-BDC3-83A6C12A7E29}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe

FirewallRules: [{67BE1633-CC70-449A-9723-66E58660007B}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe

FirewallRules: [{5965F8F0-2780-4699-9A5E-D9EB606C16D2}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [{66C1D92B-58E9-4150-B63C-BA5E79263C82}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [{B227FFC1-3F76-40EC-BD15-6A0A55DF8745}] => (Allow) D:\Program Files\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe

FirewallRules: [{539FB49F-4090-403C-AE1D-137E945B9491}] => (Allow) D:\Program Files\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe

FirewallRules: [{BC1728F8-4F99-4729-BB63-3CEB585021B8}] => (Allow) D:\Program Files\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe

FirewallRules: [{FCC1259E-F9FB-450B-84DE-2541482EE8FD}] => (Allow) D:\Program Files\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe

FirewallRules: [{7D44759D-5BF7-4008-A237-827617E3E947}] => (Allow) D:\Program Files\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe

FirewallRules: [{C155F774-201C-4647-8448-22C3BE6464D4}] => (Allow) D:\Program Files\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe

FirewallRules: [{0672D89C-5C43-4B2D-A4BF-4754EB394E73}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe

FirewallRules: [{0501502F-2D39-4586-86A4-8838841CC34B}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe

FirewallRules: [{1DB53E6E-8B99-487D-A949-9CFE20699CBF}] => (Allow) D:\Program Files\Steam\steamapps\common\Robocraft\Robocraft.exe

FirewallRules: [{8410A693-3D9E-40B9-863D-9A85C90241F4}] => (Allow) D:\Program Files\Steam\steamapps\common\Robocraft\Robocraft.exe

FirewallRules: [{68662B19-9EB0-4484-BAC3-17E423D8DB3D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{9981CB6C-A4F3-409C-A73C-3250C04F5D9C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{C083B48F-577F-4F76-AFF5-737B6AAA93EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{C9CBE05F-963A-46ED-BA94-C52858A078F0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{62608A06-44E7-42BD-B7BD-49DB779E64C2}] => (Allow) D:\Program Files\Wasteland 2\Build\WL2.exe

FirewallRules: [{1BFAB0D0-0A03-4024-B2D1-43D7F1FC19BA}] => (Allow) D:\Program Files\Wasteland 2\Build\WL2.exe

FirewallRules: [{470D6960-15F7-41FD-BE68-9EFFB5D48252}] => (Allow) D:\Program Files\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe

FirewallRules: [{E235295D-5057-4A0A-8DFD-588BD0670508}] => (Allow) D:\Program Files\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe

FirewallRules: [{1FF9D205-ADD1-4ED9-9664-8D8F0A229E85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe

FirewallRules: [{710D9C53-47F9-44D8-832F-725564AC5019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe

FirewallRules: [{45702680-8714-4B7B-9D39-4578FB882DF6}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\Binaries\ROTTLauncher.exe

FirewallRules: [{3A96E560-9534-4639-A745-C33D2E8B00FC}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\Binaries\ROTTLauncher.exe

FirewallRules: [{5375F102-569F-47D6-9AB1-659FA3B8BBC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe

FirewallRules: [{527AAD74-FA6F-4192-BACC-14E8DD8F0759}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe

FirewallRules: [{096CCADF-7652-403B-8BCD-C3E633AA3678}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe

FirewallRules: [{3468139D-FB35-4809-961F-57DDFD42E6AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe

FirewallRules: [TCP Query User{DE44C3C0-D958-4B04-BA28-327CAD24E44E}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [UDP Query User{B13FF032-FAD3-40E7-9DE1-185FA13B55E6}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [{0987A551-5779-443F-8E1C-EAC1571E67F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{D1E0753E-ED1F-4F3D-AF5F-E30B9C75F8D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe

FirewallRules: [{9069ADBC-136B-479B-87C9-E0D2616AC7AD}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe

FirewallRules: [{FD22B5A7-7256-4D55-BA63-F74D0E932882}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe

FirewallRules: [{805425EE-DDA5-4B5A-A36B-9330ADE45FC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{5AE19B02-73EB-46E6-A332-24FEB191C5D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe

FirewallRules: [{BD25297F-42AC-43B7-B705-843D225E588A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe

FirewallRules: [{4B948D97-E4AB-4BF4-BE42-AC0B99195922}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe

FirewallRules: [{DFB12F57-2857-4249-B1D5-C990C36C3778}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe

FirewallRules: [{F0AB8DCB-0BD7-4F0F-822E-3BBA45E3A3EB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe

FirewallRules: [{F8DAAB44-5230-485E-94E4-91D5F5050843}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe

FirewallRules: [{A83F6937-2D27-4ABF-878D-079895216034}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe

FirewallRules: [{5B95EB10-C7D6-4039-AE36-8FFFB75C87D7}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{1C9D2C33-1467-4E6B-B9E7-97CD8351F6C6}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe

FirewallRules: [{A28B2060-FD9B-4C4B-9FBC-8F38C72E36C2}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{45667919-F4FE-4911-86E2-FC7EE5826959}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe

FirewallRules: [{D45D1693-C44E-485F-9A61-0264C244C5DE}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{8B695487-E9CC-4A73-910E-53A71090BE2D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe

FirewallRules: [{3FC89BC2-0236-4E9A-B80C-6BCB06F340A4}] => (Allow) D:\Program Files\Steam\steamapps\common\Crawl\Crawl.exe

FirewallRules: [{F379359C-1F84-4AA1-AC01-C00054C1E2D6}] => (Allow) D:\Program Files\Steam\steamapps\common\Crawl\Crawl.exe

FirewallRules: [{3BBA515A-080C-4F37-B362-6C23BA7AABF4}] => (Allow) D:\Program Files\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe

FirewallRules: [{774950D4-69BD-4DA9-A2D9-1E3EC6F4E2D8}] => (Allow) D:\Program Files\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe

FirewallRules: [{F31EB16E-8876-4689-B53E-EC1EB92E38A9}] => (Allow) D:\Program Files\Steam\steamapps\common\FullMojoRampage\FullMojo.exe

FirewallRules: [{1D89C7B1-B029-4400-8202-DD6EFD918171}] => (Allow) D:\Program Files\Steam\steamapps\common\FullMojoRampage\FullMojo.exe

FirewallRules: [TCP Query User{F1F352B1-5EC9-4F4C-BD0B-05FED1D025E9}D:\program files\far cry 4\bin\farcry4.exe] => (Block) D:\program files\far cry 4\bin\farcry4.exe

FirewallRules: [UDP Query User{D6EA38C5-F117-4D88-A0F3-B3C2C46FF724}D:\program files\far cry 4\bin\farcry4.exe] => (Block) D:\program files\far cry 4\bin\farcry4.exe

FirewallRules: [{2294533E-D576-4F5B-9E1D-B6EC9DDBEEB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{DBC9323E-5F13-41C5-97F0-B10D15441B8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{D45C8C63-5DDE-4618-AFF0-A0E4C75CB434}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{E21182E3-CA28-4642-AA21-DB9118DA4874}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{82805FB1-A995-4323-87BB-1E42E7B2E7DA}] => (Allow) D:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe

FirewallRules: [{088B703F-C8C8-416F-B689-C8E15B7A7586}] => (Allow) D:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe

FirewallRules: [{0EF9EC2E-FF54-44E1-A3CC-EFB0958418E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe

FirewallRules: [{75D4C119-588F-4819-B837-A10FCB133197}] => (Allow) D:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe

FirewallRules: [{35393095-E337-4993-B649-4801CAA1837C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [{018122B7-B08D-4E25-A5C0-36E29369DF47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [{BC7477CB-9AA2-45CA-934B-B74A843C60FC}] => (Allow) D:\Program Files\Steam\steamapps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe

FirewallRules: [{AA6FD03E-2C5D-4874-8913-EDC6C633A6C3}] => (Allow) D:\Program Files\Steam\steamapps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe

FirewallRules: [{E2571A48-9964-425B-8D61-21A84FFF4AD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe

FirewallRules: [{867C5BB3-BFE8-4FEC-9DF1-14C741152783}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe

FirewallRules: [{54FA82A3-B6B4-4D03-A72F-8CD13E0D308E}] => (Allow) D:\Program Files\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe

FirewallRules: [{EF16CC0F-AECE-4F4E-BF4B-E6859D4F905D}] => (Allow) D:\Program Files\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe

FirewallRules: [TCP Query User{77970D15-696A-404C-8ACB-A55DB4AF10B1}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe

FirewallRules: [UDP Query User{908B0119-105F-42E8-A951-F2742E02B855}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe

FirewallRules: [{23BFDAED-BB9D-432F-8A11-608ABBD35A92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe

FirewallRules: [{89243AC5-5F54-472D-AAC2-AEA84E0F7F3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe

FirewallRules: [{8A547686-ED4D-40FC-AF74-1379C30406FA}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe

FirewallRules: [{62668ED6-5A91-43FB-9D9F-A92448BB0B47}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe

FirewallRules: [{940D8094-AF8F-48C8-B803-C67DA50B558F}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe

FirewallRules: [{DF2C6A43-D79B-4058-BAE4-04AE3E439F11}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe

FirewallRules: [{C625FC35-C394-4140-AC81-934DC7B7E86B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe

FirewallRules: [{1B6B7858-B715-4F2A-B3BF-15C749C4749B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe

FirewallRules: [{4C4DBDD2-19CC-4FF2-8B8B-433E056E0E17}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{EA60CF94-7E5C-4A9D-A87F-AEE663357FCE}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{BE39E657-008B-43D6-8F49-EDA9DBAFB490}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe

FirewallRules: [{01AA22DF-2FF2-4111-A39B-CD6E3FAEE954}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe

FirewallRules: [TCP Query User{46771FD5-C491-43AF-9DA8-74B44E0B4811}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{F5481548-6313-4FB8-AD19-66B81E579E58}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{99ED372B-9324-4992-8A64-569F626106FF}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{F0A98410-B440-405F-AD91-C043D1A19696}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{6F51D012-7BE5-4FE5-9F9E-01BD8FDE084E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{BE35DA68-032C-49E4-B9C1-22FDD5046174}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe

FirewallRules: [{99BE1C12-5FC0-46FC-BD90-A6405CE5BFEE}] => (Allow) D:\Program Files\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe

FirewallRules: [{73264F61-205C-4298-B75F-E77F9B26FE6E}] => (Allow) D:\Program Files\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe

FirewallRules: [{D73AB5F8-FDDD-4B3E-9253-36CC9F585411}] => (Allow) D:\Program Files\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe

FirewallRules: [{ECC31FFD-5748-4CE6-A113-0BA28B826F67}] => (Allow) D:\Program Files\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe

FirewallRules: [TCP Query User{4FE40AF6-1BA2-440F-8AB3-5657613733B6}D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe

FirewallRules: [UDP Query User{D6D3720F-FC72-441A-A191-9C96C9F8FD49}D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe

FirewallRules: [{EE9010E6-EF68-48D0-8249-1336C0DCF870}] => (Allow) D:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe

FirewallRules: [{88B75285-1BA3-46D3-A808-66FF8C2BCA62}] => (Allow) D:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe

FirewallRules: [{C5A04E25-89BA-46D7-9757-4B263B162041}] => (Allow) D:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe

FirewallRules: [{E597DB9B-647B-4E65-9A27-299C524C2F48}] => (Allow) D:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe

FirewallRules: [TCP Query User{22B3FEDA-4B4C-4CCD-BEF0-96FBB69BBD82}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{EB44593F-C002-4B98-8507-837DA6034B88}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{430CFAB0-EF13-4ECB-BB4D-674A8EDBC932}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{84E91164-E5B0-4F67-B5F1-AF1B476530FC}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

FirewallRules: [{11A42A6C-5C68-4E7C-8A0C-8F8217D405CF}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe

FirewallRules: [TCP Query User{27DC003C-EC83-4123-AD29-8B00E4F850A0}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe

FirewallRules: [UDP Query User{A83C02E9-E31B-4DAA-A294-C3886922B504}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe

FirewallRules: [TCP Query User{131FF99A-C9D8-4748-99A1-63C39694BC4A}D:\program files\world_of_warships\wowslauncher.exe] => (Allow) D:\program files\world_of_warships\wowslauncher.exe

FirewallRules: [UDP Query User{DDB6DC58-C8FC-440E-895E-9D11977A4CD2}D:\program files\world_of_warships\wowslauncher.exe] => (Allow) D:\program files\world_of_warships\wowslauncher.exe

FirewallRules: [{241F45D2-0AE6-451B-BEF6-E0A23FE99A52}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe

FirewallRules: [{8D160857-A388-417C-9B24-E0043A4DAC90}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe

FirewallRules: [{853E9EAE-AD7E-4A40-9E23-B48A703E42B2}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe

FirewallRules: [{7EDCABC2-55B3-4401-B2EE-A1ACC52E8180}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe

FirewallRules: [{FC382B36-D2DB-4238-9C7D-5D8B064C62CC}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe

FirewallRules: [{F41CAF20-079B-4B63-B844-392D51FF1ADC}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe

FirewallRules: [{98F63D1A-6351-4411-A9DC-81E5A01BD446}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{8D23D469-6DE9-429D-8B28-7C8839D86018}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

FirewallRules: [UDP Query User{5BDDCF5F-E2EC-4C67-9736-D946127A2895}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

FirewallRules: [{C717FEF9-F466-4650-950A-94C10F1E6D22}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe

FirewallRules: [{D7503DB0-4756-45D7-AD9E-100F4AC517A8}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe

FirewallRules: [{C80DAE49-4BCE-4F42-9F03-2FC3891629F8}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe

FirewallRules: [{F28FE025-5A3A-4437-8A89-43B7AE21FD8A}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe

FirewallRules: [{89F3C56C-11E8-437E-B794-CF498201785B}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe

FirewallRules: [{8C5B92FA-C45E-4A46-AE89-81C58C8E7B49}] => (Allow) D:\Program Files\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe

FirewallRules: [{6FF4FB17-8A66-4A05-82E4-93FA9DEB1507}] => (Allow) D:\Program Files\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe

==================== Faulty Device Manager Devices =============

Name: TP-LINK Wireless N Adapter

Description: TP-LINK Wireless N Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: TP-LINK

Service: athr

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (07/01/2015 00:03:42 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2015 08:42:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:11:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 03:50:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 03:47:37 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {31d364ac-4ed1-4e40-a1ab-9be96393906b}

Error: (06/30/2015 04:37:00 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/30/2015 02:24:58 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 01:12:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 01:11:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )

Description: An error has occurred (NvVAD initialization failed [6]).

System errors:

=============

Error: (06/30/2015 09:02:03 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/30/2015 08:52:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (06/30/2015 08:52:07 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Ronnie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/30/2015 08:52:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (06/30/2015 08:52:07 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/30/2015 08:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (06/30/2015 08:52:06 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/30/2015 08:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Error: (06/30/2015 08:47:25 PM) (Source: Application Popup) (EventID: 1060) (User: )

Error: (06/30/2015 08:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

%%1275

Microsoft Office:

=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 44%

Total physical RAM: 8104.58 MB

Available physical RAM: 4495.07 MB

Total Pagefile: 16207.35 MB

Available Pagefile: 12760.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:12.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:35.19 GB) NTFS

Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

Drive g: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F741404)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 507B0452)

Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of log ============================

#53
ruggie_uk

Posted 30 June 2015 - 08:17 AM

Trusted Helper

Malware Removal
2,083 posts

That's no problem.

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

Download the attached fixlist.txt 1.61KB 228 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
Right click and run as administrator. When the tool opens click Yes to the disclaimer.
Press the Fix button.
It will produce a log called fixlog.txt on your Desktop.
Please copy and paste the contents of that log back here.

NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Next...

Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

Shut down your protection software now to avoid potential conflicts.
Run the tool by right-clicking and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

#54
magnia

Posted 30 June 2015 - 09:12 AM

Member

Topic Starter
Member
34 posts

Here's the ESET log:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=795e31073adb694a92a6175bd757014e

# end=init

# utc_time=2015-06-30 10:46:24

# local_time=2015-06-30 08:46:24 (+1000, AUS Eastern Standard Time)

# country="Australia"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Init

Update Download

Update Finalize

Updated modules version: 24569

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=795e31073adb694a92a6175bd757014e

# end=updated

# utc_time=2015-06-30 10:52:09

# local_time=2015-06-30 08:52:09 (+1000, AUS Eastern Standard Time)

# country="Australia"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=795e31073adb694a92a6175bd757014e

# engine=24569

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-06-30 02:08:56

# local_time=2015-07-01 12:08:56 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 22287575 57858130 0 0

# scanned=523195

# found=58

# cleaned=0

# scan_time=11806

sh=100173517C8D637F7D13308058682E5A4C9726E4 ft=1 fh=080dbf64f9552871 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir"

sh=23342D8CD51CDBD7E549E72620D363143332AF73 ft=1 fh=91ff742f9e8da47d vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir"

sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.DH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir"

sh=03D65784955EA50408BE7611B5815A5067FDADDD ft=1 fh=7d5c5d59c86038fb vn="a variant of Win32/ELEX.CY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"

sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"

sh=BBAB46443BE951C4962C93F2A4DF18FB067162E7 ft=1 fh=ba8f458244c69cb7 vn="a variant of Win32/ELEX.DK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\HPNotify.exe.vir"

sh=DADCF87604F46DE9426634679F61DF2CB4663C6B ft=1 fh=6e9292f71a66fb39 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\IeWatchDog.dll.vir"

sh=8A84725E8A71DAE63AA70B6AB666BBECFA2FD818 ft=1 fh=456fc5e26bae154a vn="a variant of Win32/ELEX.EE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"

sh=E51A128DB34C5808A3EBE7D012D1EB33CA9DC88C ft=1 fh=77345338fbda17ef vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"

sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"

sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"

sh=CCE160CF2BFABB16B508D3F8AD22C7F0104C06CB ft=1 fh=b95e57c0f1de8cc8 vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"

sh=BFFE4DFF234DFDC21456B3AEA5BDF33E0053B935 ft=1 fh=040e226366b948ca vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\ProgramData\spotflux\updates\dist\install.exe"

sh=BFFE4DFF234DFDC21456B3AEA5BDF33E0053B935 ft=1 fh=040e226366b948ca vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Users\All Users\spotflux\updates\dist\install.exe"

sh=1D3A8A1860733702FD8CB378B2B27F96E6A09CE2 ft=1 fh=94a6ca797cfac5ef vn="a variant of Win32/Adware.ConvertAd.RW application" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\ASPackage[1].exe"

sh=D594B97A2D3A1AAE10970BA1B9B4F41F81AFC180 ft=1 fh=30ebf0272a3b672d vn="a variant of MSIL/Adware.Imali.A application" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\OfferInstaller_dotnet4[1].exe"

sh=6846D36A6C9A3091620D55CF92F4DBFC24F999BD ft=1 fh=7da154cccc54467e vn="multiple threats" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\OptimizerPro[1].exe"

sh=AF3E7DD44AB39187B6697D4B13817FD613F14435 ft=1 fh=75a79661f77920a3 vn="a variant of Win32/Adware.Agent.NOH application" ac=I fn="C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp\prsetup.exe"

sh=5A53D104163E5A8B6AF952A48C011F9857035BD1 ft=1 fh=b5d0c547551900ed vn="a variant of Win32/InstallMonstr.LS potentially unwanted application" ac=I fn="C:\Users\Ronnie\AppData\Local\Temp\is-SH64G.tmp\prsetup.exe"

sh=BAEED47B80492B69D1EBF679F2F693195B24ED52 ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Users\Ronnie\AppData\Roaming\.spotflux\updates\spotflux-dist-windows.zip"

sh=EBC101585C79F314FC31B4A48954A0D46E3759B6 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1893304907-3252453193-3334039219-1000\$RNFZ7UI.zip"

sh=19E242F5E0EB1DECE301FEC87930CC8BE338EAF7 ft=1 fh=2c1e4ccffa9ee2cd vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1893304907-3252453193-3334039219-1000\$RWBF11U.exe"

sh=CE19E3DE85402833D1F58C1471B9CC050B3FAA15 ft=1 fh=e05505a5f9f99fb4 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\Setup.exe"

sh=618C1AE30F7EE5402C16F439A098E913CEF9DAE3 ft=1 fh=7391b968629a8c38 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\Crack\Photoshop.exe"

sh=5E0C2D4D38806A9750EDFBF8D8C7CC323F357211 ft=1 fh=28db977c7654bb08 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\redist\WindowsInstaller-KB893803-v2-x86.exe"

sh=A7B9868D3DBC0D542167E57C2CEC75A73F85299D ft=1 fh=85600eeda88131ee vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-ia64-enu.exe"

sh=CACBE5BF54759553D2ACB5FC28DDC7CF651D3FEC ft=1 fh=ddbe4805f5ba1ff9 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x64-enu.exe"

sh=B76297F6A5AF10237C5445B9408A796D6CAF599D ft=1 fh=db6cd88fe2d42663 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x86-enu.exe"

sh=CACBE5BF54759553D2ACB5FC28DDC7CF651D3FEC ft=1 fh=ddbe4805f5ba1ff9 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS3 Extended + Crack\redist\WindowsXP-KB898715-x64-enu.exe"

sh=2E4BCCADDAC9A83D0A4F05C970D4B729D9307BAA ft=1 fh=9f47ad34a6728ba4 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\Set-up.exe"

sh=394B30C91F70F2102B2C10D7F5577F7100233AF9 ft=1 fh=f2acd74177fd3287 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2005 Redist (x64)\vcredist_x64.EXE"

sh=9EA44C2A2F271A8EBE46A8C92DFC8B7A58E15082 ft=1 fh=fad45fb3e964ccfe vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2005 Redist (x86)\vcredist_x86.exe"

sh=C07F542F84BCEB545B676377A5CB7B23D44FEF76 ft=1 fh=7f9d427de0a3e130 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2008 Redist (x64)\vcredist_x64.exe"

sh=B9E9279BF49CBE5CF9C3EA21D16BF47A6E960778 ft=1 fh=2ff1bd5cd298e351 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2008 Redist (x86)\vcredist_x86.exe"

sh=BA412CEB3CBC4A078A6C56E527CC71BB242D179D ft=1 fh=be1e54777a12d1b5 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe"

sh=F688EFCD105D9CB3B89E54014245C1999BB86579 ft=1 fh=be1e54779e913b4d vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2010 Redist (x86)\vcredist_x86.exe"

sh=3891B19FA09AE54042C1341ADFEAD5FD79633466 ft=1 fh=f025274c2a930188 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\AdobePatchInstaller.exe"

sh=A6D1BF73931721C51036EEA6A4D1E847A90B2CCC ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Download\Downloads\Reloaded.Steam.Emu.rar"

sh=AFD8A663F981624B9E04B3A0675932160A36CA10 ft=1 fh=305bdb1a718e9536 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack\ESET.PureFix.V2b.exe"

sh=88E4EC58C873FD8465FB532D57582C7E381FEFC7 ft=1 fh=e14cc7a6c84a2b5d vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\setup.exe"

sh=06AD59652302537E3E5DE0E919E95C2309D00952 ft=1 fh=b7a8728e9d5dfc91 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Enterprise.WW\ose.exe"

sh=8D1FFD01C2EBD8B2FE1BF70D8312254325E5F6B0 ft=1 fh=4365d973a29da9e7 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Office.en-us\DW20.EXE"

sh=0FCA5F86EF1075D2AF7969E591730D78CDDCBA3A ft=1 fh=c80d9f9a4d930702 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Office.en-us\dwtrig20.exe"

sh=20B99F64A6C0BE408BFCFB581BD2C918CDCDB8D3 ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 10.zip"

sh=318EAEC9223BEB18F6AE9EC40D56B4E5ECC799E1 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.AF potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 11.zip"

sh=6D38EA7A1E039662F70FC0D3C88A8829296A7151 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 132.zip"

sh=7A33B4778AD06E80823B4FABD3C55BACD636CED0 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 5.zip"

sh=4A932988C09DBD733B84BE47EECA3AC04302052A ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 10.zip"

sh=22B41992ECA26EC4B954A3B9895DE95E5934AB81 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.AF potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 11.zip"

sh=2406F0ACA6A459A3E0B21577BE960AC35999E029 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 6.zip"

sh=1168EB05B7E0EEEE0FFA035DAB86DCD70B7E5E63 ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2015-03-22 190002\Backup Files 2015-03-22 190002\Backup files 46.zip"

sh=F1FE23DFC21A1005DD3DA0A29F1311ABE2D79238 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2015-03-22 190002\Backup Files 2015-03-22 190002\Backup files 6.zip"

sh=B0E699D1ADEB2200F5CB1FBDB4ECC420EC11C80F ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2015-05-26 174832\Backup Files 2015-05-26 174832\Backup files 57.zip"

sh=1183A329019EDF4E35D35A8C3C5FA6915053BB21 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2015-05-26 174832\Backup Files 2015-05-26 174832\Backup files 8.zip"

sh=3F9CEE69ED65A08EF0B6A853406F4766AF075682 ft=1 fh=d57c688e2475ab52 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="D:\Program Files\Age of Wonders III\Crack\steam_api.dll"

sh=7F27F601205F01D9BEF010BAF17EBCB11D1E8F8F ft=1 fh=e3ac9bc14cc413fc vn="Win32/Somoto.P potentially unwanted application" ac=I fn="D:\Program Files\Minecraft\MCPatcher.exe"

sh=DD01FC106EBE0F9ECC8BC00704B414B2049910EB ft=1 fh=dba242ebf0aab4e6 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Program Files\The Walking Dead\steam_api.dll"

sh=A0FF034D85029A381FE52D4C9FD65203313F446E ft=1 fh=f2bbb3c096633a58 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="D:\Program Files\uTorrent\uTorrent.exe.7965.tmp"

Will post the other two in next post.

#55
magnia

Posted 30 June 2015 - 09:21 AM

Member

Topic Starter
Member
34 posts

Heres Fixlog from FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015

Ran by Ronnie at 2015-07-01 01:13:15 Run:2

Running from C:\Users\Ronnie\Desktop

Loaded Profiles: Ronnie (Available Profiles: Ronnie)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

createrestorepoint: