Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer keeps restarting. [Solved]


  • This topic is locked This topic is locked

#46
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Great - not looking too bad. How is it running right now?
 
First...
 
adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.
  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Next...

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

Install the program and select update
Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
mbam21-detectionandprotection.jpg
Go back to the Dashboard and select Scan Now
mbam21-console.jpg
mbam21-scaninprogress.jpg
If threats are detected, click the Remove Selected button, MBAM will ask for a reboot
mbam21-removeselected.jpg
On completion of the scan (or after the reboot) select Save Results
mbam21-saveresults.jpg
Select text file and save to the desktop.
mbam21-successfullyexported.jpg
Please post that log for my review.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>Runscan.png
  • Click Run Eset Online Scanner
  • Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
    Important: Please disable your existing AV software for the duration of the scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the option Enable detection of potentially unwanted applications is checked
    • Next click on Advanced Settings and select:
    eset-selections.png
    • Make sure that the option Remove found threats is NOT checked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    eset-selections.png
    • Click Start, the virus database will update, this may take a while depending on your internet connection.
    • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
    • Once the scan is completed, click Finish
    • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic
Items I need to see in your next post:
  • ADWcleaner log
  • MBAM Log
  • ESET Log
  • How are we looking?

  • 0

Advertisements


#47
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I left the computer turned on but offline last night, it was working fine today. I've only been using Google chrome asides from the programs you've asked me to run.

When I ran AdwCleaner today, I only scanned the services tab where it found nothing both times. Running it the second time and selecting the clean functions ended up restarting the computer where Windows failed to start. It automatically went into startup repair mode since I didn't select an option. 

 

It is now asking me if I want to restore my computer using system restore.


  • 0

#48
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Yes restore to the last point and see how it goes.
  • 0

#49
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

It booted up after the system restore, I noticed there was a program called setup.exe that was active in the taskbar at the bottom when the computer started.

Task manager showed it to be not responding but it was linked to a process called 'prsetup32.tmp', looks suspicious so I thought to let you know.

Another thing I've noticed is the background flashing white when I drag windows, this didn't happen before.

Also, clicking an active window from the taskbar doesn't bring it to the front sometimes.

 

Here's the AdwCleaner log, I'll post the rest right after:

 

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 19:24:53
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ronnie - PHANTOM
# Running from : C:\Users\Ronnie\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Kromtech
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1435500145&z=37dae1347bdb947ebb5b663g3z4ccw1w7eee8g6z5w&from=ima&uid=SAMSUNGXHD103SJ_S246J9BB426413&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [17213 bytes] - [29/06/2015 00:56:11]
AdwCleaner[R1].txt - [913 bytes] - [29/06/2015 01:09:36]
AdwCleaner[R2].txt - [1294 bytes] - [29/06/2015 01:14:01]
AdwCleaner[R3].txt - [1353 bytes] - [29/06/2015 01:15:28]
AdwCleaner[R4].txt - [1610 bytes] - [30/06/2015 15:57:45]
AdwCleaner[R5].txt - [1669 bytes] - [30/06/2015 19:24:32]
AdwCleaner[S0].txt - [15151 bytes] - [29/06/2015 00:57:01]
AdwCleaner[S1].txt - [976 bytes] - [29/06/2015 01:10:21]
AdwCleaner[S2].txt - [1558 bytes] - [30/06/2015 19:24:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1617  bytes] ##########
# AdwCleaner v4.207 - Logfile created 30/06/2015 at 20:14:45
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ronnie - PHANTOM
# Running from : C:\Users\Ronnie\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Kromtech
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[glwkj0j2.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.globasearch.com/?serie=209&b=2&installkey=nGSUwfaSYa1RUIBGkS3f&newtab");
[glwkj0j2.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.globasearch.com/?serie=209&b=2&installkey=nGSUwfaSYa1RUIBGkS3f");
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.globasearch.com/?b=1
[C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://www.globasearch.com/?q={searchTerms}&b=1&installkey=
 
*************************
 
AdwCleaner[R0].txt - [17213 bytes] - [29/06/2015 00:56:11]
AdwCleaner[R1].txt - [913 bytes] - [29/06/2015 01:09:36]
AdwCleaner[R2].txt - [1294 bytes] - [29/06/2015 01:14:01]
AdwCleaner[R3].txt - [1353 bytes] - [29/06/2015 01:15:28]
AdwCleaner[R4].txt - [4600 bytes] - [30/06/2015 15:57:45]
AdwCleaner[R5].txt - [1669 bytes] - [30/06/2015 19:24:32]
AdwCleaner[S0].txt - [15151 bytes] - [29/06/2015 00:57:01]
AdwCleaner[S1].txt - [976 bytes] - [29/06/2015 01:10:21]
AdwCleaner[S2].txt - [4290 bytes] - [30/06/2015 19:24:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4349  bytes] ##########

  • 0

#50
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
OK, lets do a fresh FRST scan and see if we can identify what's lurking.
Make sure to check the additions box again as it will not do another by default.

The system restore will have undone some work anyway so we need to check it
  • 0

#51
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

ESET is only halfway done so far, I'll run AdwCleaner after it finishes and post that log.

 

Here's the malware bytes log in the meantime:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/06/2015
Scan Time: 8:25 PM
Logfile: malbytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.06.30.02
Rootkit Database: v2015.06.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ronnie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363827
Time Elapsed: 6 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\prsetup.DynamicNS, , [6e6c8838385267cf7ca5155cc93abc44], 
Trojan.Proxy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prsetup.DynamicNS, , [964428980684053130f1a6cb1ee5a15f], 
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\prsetup.DynamicNS, , [964428980684053130f1a6cb1ee5a15f], 
PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [fedcf6cadbaf9a9cc96632c658ab2bd5], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{24a6f44f}, , [4199eed2f09adc5a19ce7919cf3645bb], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [5882c2fe02881e188c01346221e43ac6], 
PUP.Optional.GlobalSearch.A, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [77633b85107a1521ff2f41b79f6433cd], 
 
Registry Values: 2
PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasear...={searchTerms},, [fedcf6cadbaf9a9cc96632c658ab2bd5]
PUP.Optional.GlobalSearch.A, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasear...={searchTerms},, [77633b85107a1521ff2f41b79f6433cd]
 
Registry Data: 2
Hijack.GlobaSearch.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasear...faSYa1RUIBGkS3f, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=nGSUwfaSYa1RUIBGkS3f),,[ad2d1ea2206ad462d7a9e26eca3c18e8]
Hijack.GlobaSearch.C, HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasear...faSYa1RUIBGkS3f, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=nGSUwfaSYa1RUIBGkS3f),,[c31757699eec3afc9be475dbd92d5ba5]
 
Folders: 0
(No malicious items detected)
 
Files: 7
Trojan.Ranver.ED, C:\Users\Ronnie\AppData\Roaming\BackUp3568255147.exe, , [86547d434347b482c3ebfb463dc9c43c], 
PUP.Optional.MyStartSearch.A, C:\Users\Ronnie\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_76.exe, , [91494f71aae03303beb1a7e29076ea16], 
PUP.Optional.CheckOffer, C:\Users\Ronnie\AppData\Local\Temp\is-SH64G.tmp\temporal_setup.exe, , [c71301bf7a108da97140a7bc3bc75ea2], 
PUP.Optional.SweetIM, C:\Windows\Installer\4bc47ad.msi, , [36a49d23ff8baa8ce32071045aac2cd4], 
PUP.Optional.SweetIM, C:\Windows\Installer\4bc47b3.msi, , [5189843c3f4b57dfac57b0c548be5fa1], 
PUP.Optional.GlobalSearch.A, C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.globasear...S3f&newtab");),,[aa30e1df75155fd75b2a0e80ef179967]
PUP.Optional.GlobalSearch.A, C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.globasear...1RUIBGkS3f");),,[30aa566a3e4c9b9b3f47a7e7976f669a]
 
Physical Sectors: 1
Rootkit.Cidox.J.VBR, Physical Sector #2048 on Drive #0, , [62c3b54b02299930d47b3fbb27efcfe3], 
 
 
(end)

  • 0

#52
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

OK, lets do a fresh FRST scan and see if we can identify what's lurking.
Make sure to check the additions box again as it will not do another by default.

The system restore will have undone some work anyway so we need to check it

 

Sorry, I misread and thought you wanted a AdwCleaner log, here's the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by Ronnie (administrator) on PHANTOM on 01-07-2015 00:04:01
Running from C:\Users\Ronnie\Desktop
Loaded Profiles: Ronnie (Available Profiles: Ronnie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft) C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Flux Software LLC) C:\Users\Ronnie\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Run: [f.lux] => C:\Users\Ronnie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {0c7b9cd5-e316-11e3-afb1-002522be6e61} - H:\Startme.exe
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {868a46db-1133-11e3-8a83-002522be6e61} - G:\Startme.exe
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {d446abe4-5f7d-11e2-8b85-002522be6e61} - F:\setup.exe
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-11-19]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-05-26]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c....aspx?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-10] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-07-27] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-30] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{2A0FB7D0-9D6A-437A-A16B-8C2CBF38C293}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5250F531-0B83-4092-9644-84F4A7474968}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{AC234C66-E776-48E5-A73C-3A71F39E34A5}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{EE3523EB-4A24-4BBB-B915-399B24D548B7}: [NameServer] 203.0.178.191
Tcpip\..\Interfaces\{EE3523EB-4A24-4BBB-B915-399B24D548B7}: [DhcpNameServer] 10.1.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-23] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-07-27] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll [2013-01-16] (© NOWCOM)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ronnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2885900399-2701757196-3320320212-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-04] ()
FF Extension: Adblock Plus - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\glwkj0j2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2014-06-03]
FF HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
 
Chrome: 
=======
CHR Profile: C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-18] (EasyAntiCheat Ltd)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-27] (FileZilla Project) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-25] ()
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SpotfluxConnectionManager; C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe [76800 2014-05-06] (Microsoft) [File not signed]
R2 SpotfluxUpdateService; C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe [20992 2014-05-06] (Microsoft) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WMZuneComm; D:\Program Files\Zune\WMZuneComm.exe [306400 2011-08-05] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.)
S3 ZuneNetworkSvc; D:\Program Files\Zune\ZuneNss.exe [8277728 2011-08-05] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; D:\Program Files\Zune\ZuneWlanCfgSvc.exe [467680 2011-08-05] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-17] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-06-30] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-12-04] (FNet Co., Ltd.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-18] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0062.sys [28768 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-06] (Spotflux, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 00:04 - 2015-07-01 00:04 - 00026523 _____ C:\Users\Ronnie\Desktop\FRST.txt
2015-06-30 20:45 - 2015-06-30 20:45 - 02870984 _____ (ESET) C:\Users\Ronnie\Downloads\esetsmartinstaller_enu.exe
2015-06-30 20:45 - 2015-06-30 20:45 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-30 20:40 - 2015-06-30 20:40 - 00004407 _____ C:\malbytes.txt
2015-06-30 20:23 - 2015-06-30 20:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 20:23 - 2015-06-30 20:23 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 20:23 - 2015-06-30 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 20:23 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 20:23 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 20:23 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 20:22 - 2010-11-21 13:23 - 00383786 __RSH C:\bootmgr
2015-06-30 20:18 - 2015-06-30 20:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.8.1057.exe
2015-06-30 15:55 - 2015-06-30 15:55 - 00002170 _____ C:\Users\Ronnie\Desktop\JRT.txt
2015-06-30 15:53 - 2015-06-30 15:53 - 00000000 ____D C:\RegBackup
2015-06-30 02:23 - 2015-06-30 02:23 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Adobe
2015-06-29 01:35 - 2015-06-29 01:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-29 01:35 - 2015-06-29 01:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-06-29 01:33 - 2015-06-29 01:33 - 00050688 _____ (Atribune.org) C:\Users\Ronnie\Downloads\ATF-Cleaner.exe
2015-06-29 01:25 - 2015-06-30 03:03 - 00098867 _____ C:\Users\Ronnie\Downloads\Addition.txt
2015-06-29 01:24 - 2015-07-01 00:04 - 00000000 ____D C:\FRST
2015-06-29 01:24 - 2015-06-30 03:03 - 00043890 _____ C:\Users\Ronnie\Downloads\FRST.txt
2015-06-29 00:58 - 2015-06-29 00:58 - 00000000 ____D C:\Users\Ronnie\Downloads\Chameleon
2015-06-29 00:56 - 2015-06-30 20:14 - 00000000 ____D C:\AdwCleaner
2015-06-29 00:56 - 2015-06-29 00:56 - 06289130 _____ C:\Users\Ronnie\Downloads\mbam-chameleon-3.1.16.0.zip
2015-06-29 00:24 - 2015-06-29 00:24 - 00000743 _____ C:\Users\Ronnie\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-29 00:24 - 2015-06-29 00:24 - 00000000 ____D C:\EEK
2015-06-29 00:23 - 2015-06-29 00:23 - 02112512 _____ (Farbar) C:\Users\Ronnie\Desktop\FRST64.exe
2015-06-29 00:21 - 2015-06-29 00:23 - 158718800 _____ C:\Users\Ronnie\Downloads\EmsisoftEmergencyKit.exe
2015-06-29 00:21 - 2015-06-29 00:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\123.exe
2015-06-29 00:19 - 2015-06-29 00:20 - 02244096 _____ C:\Users\Ronnie\Desktop\AdwCleaner.exe
2015-06-29 00:18 - 2015-06-29 00:18 - 01133044 _____ C:\Windows\system32\CFG3568255147
2015-06-29 00:06 - 2015-06-29 00:06 - 00262144 _____ C:\Windows\Minidump\062915-31761-01.dmp
2015-06-29 00:04 - 2015-06-29 00:04 - 00003446 _____ C:\Windows\System32\Tasks\Umusxnojla
2015-06-29 00:03 - 2015-06-29 00:03 - 00000000 _____ C:\Windows\SysWOW64\track
2015-06-29 00:02 - 2015-06-29 00:02 - 00000000 _____ C:\Windows\prleth.sys
2015-06-29 00:02 - 2015-06-29 00:02 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-28 23:54 - 2015-06-28 23:54 - 00000843 _____ C:\Users\Ronnie\AppData\Local\recently-used.xbel
2015-06-28 23:52 - 2015-06-28 23:52 - 00003332 _____ C:\Windows\System32\Tasks\PaintTool SAI
2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Wacom
2015-06-28 20:48 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\.android
2015-06-28 20:45 - 2015-06-29 00:09 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2015-06-28 20:45 - 2015-06-28 20:48 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\WTablet
2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____D C:\Program Files\TabletPlugins
2015-06-28 20:45 - 2015-06-28 20:45 - 00000000 ____D C:\Program Files\Tablet
2015-06-28 20:45 - 2015-02-27 08:16 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2015-06-28 20:45 - 2014-10-26 06:52 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2015-06-28 20:45 - 2014-10-26 06:52 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2015-06-28 20:45 - 2014-10-26 06:52 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-06-28 20:45 - 2012-12-12 08:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2015-06-27 18:58 - 2015-06-27 19:05 - 00000000 ____D C:\Users\Ronnie\Documents\Darkest
2015-06-27 15:46 - 2015-06-27 15:46 - 00123243 _____ C:\Users\Ronnie\Documents\Mariel tan clinical reference.zip
2015-06-27 15:46 - 2015-06-26 22:46 - 00000168 ____N C:\Users\Ronnie\Documents\ATT00001
2015-06-23 13:05 - 2015-06-23 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2015-06-23 12:42 - 2015-06-23 12:46 - 85317504 _____ C:\Users\Ronnie\Downloads\serviio-1.5.2-win-setup.exe
2015-06-22 02:34 - 2015-06-22 02:34 - 00000000 ____D C:\Users\Ronnie\Downloads\chrome_extension_1.5.1
2015-06-22 02:33 - 2015-06-22 02:33 - 00089435 _____ C:\Users\Ronnie\Downloads\chrome_extension_1.5.1.zip
2015-06-19 06:29 - 2015-06-19 06:29 - 00032079 _____ C:\Users\Ronnie\Downloads\steamSummerMinigame-master.zip
2015-06-19 06:29 - 2015-06-19 06:29 - 00000000 ____D C:\Users\Ronnie\Downloads\steamSummerMinigame-master
2015-06-16 09:20 - 2015-06-16 09:20 - 00000749 _____ C:\Users\Ronnie\Desktop\World of Warships.lnk
2015-06-16 09:20 - 2015-06-16 09:20 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-16 09:19 - 2015-06-16 09:19 - 07052760 _____ (Wargaming.net ) C:\Users\Ronnie\Downloads\WoWS_internet_install_na.exe
2015-06-11 02:45 - 2015-06-11 02:45 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOTSLogsUploader
2015-06-10 22:38 - 2015-05-28 17:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-10 22:38 - 2015-05-28 17:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-10 22:38 - 2015-05-28 17:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-09 15:45 - 2015-06-09 15:45 - 00001664 _____ C:\Users\Public\Desktop\Dungeon Fighter Online.lnk
2015-06-09 15:45 - 2015-06-09 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\neople
2015-06-09 15:43 - 2015-06-09 15:45 - 03064944 _____ (Neople) C:\Users\Ronnie\Downloads\DFO_Install.exe
2015-06-09 09:41 - 2015-06-09 09:41 - 00025218 _____ C:\Users\Ronnie\Documents\[DeadFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 09 [720p][AAC].mp4.torrent
2015-06-09 09:41 - 2015-06-09 09:41 - 00021199 _____ C:\Users\Ronnie\Documents\[BakedFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 10 [720p][AAC].mp4.torrent
2015-06-09 09:38 - 2015-06-09 09:38 - 00015756 _____ C:\Users\Ronnie\Documents\[BakedFish] Gunslinger Stratos- The Animation - 09 [720p][AAC].mp4.torrent
2015-06-09 09:37 - 2015-06-09 09:37 - 00019382 _____ C:\Users\Ronnie\Documents\[BakedFish] Arslan Senki (2015) - 09 [720p][AAC].mp4.torrent
2015-06-09 05:55 - 2015-06-09 05:55 - 00026176 _____ C:\Users\Ronnie\Documents\[BakedFish] Kekkai Sensen - 10 [720p][AAC].mp4.torrent
2015-06-09 05:55 - 2015-06-09 05:55 - 00026169 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Gunslinger Stratos - 10 [720p].mkv.torrent
2015-06-09 05:54 - 2015-06-09 05:54 - 00035123 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Arslan Senki - 10 [720p].mkv.torrent
2015-06-03 05:16 - 2015-06-27 15:47 - 00028160 ___SH C:\Users\Ronnie\Documents\Thumbs.db
2015-06-03 05:15 - 2015-06-03 05:15 - 00196645 _____ C:\Users\Ronnie\Documents\heroes code
2015-06-01 17:28 - 2015-04-03 23:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 17:28 - 2015-04-03 23:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 14:08 - 2013-04-16 22:33 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Mozilla
2015-07-01 14:08 - 2010-11-21 17:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-01 14:08 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-07-01 00:02 - 2014-11-19 06:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-06-30 23:55 - 2012-12-04 16:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 23:06 - 2012-12-04 15:13 - 01512528 _____ C:\Windows\WindowsUpdate.log
2015-06-30 20:49 - 2009-07-14 14:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 20:49 - 2009-07-14 14:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 20:47 - 2009-07-14 15:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 20:45 - 2014-11-16 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 20:42 - 2012-12-06 21:42 - 00000000 ____D C:\Users\Ronnie\AppData\Local\TSVNCache
2015-06-30 20:41 - 2014-07-02 15:36 - 00089958 _____ C:\Windows\setupact.log
2015-06-30 20:41 - 2012-12-04 16:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 20:41 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 20:40 - 2014-07-13 06:38 - 00008496 _____ C:\Windows\PFRO.log
2015-06-30 20:40 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-30 20:09 - 2012-12-04 15:13 - 00000000 ____D C:\Users\Ronnie
2015-06-29 00:40 - 2014-07-02 23:03 - 00337920 ___SH C:\Users\Ronnie\Downloads\Thumbs.db
2015-06-29 00:08 - 2014-11-16 18:14 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-29 00:08 - 2012-12-04 16:02 - 00002259 _____ C:\Users\Ronnie\Desktop\Google Chrome.lnk
2015-06-29 00:08 - 2012-12-04 15:14 - 00001447 _____ C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-29 00:08 - 2012-12-04 15:14 - 00001413 _____ C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-29 00:06 - 2014-03-01 00:36 - 00000000 ____D C:\Windows\Minidump
2015-06-28 23:54 - 2013-12-02 02:55 - 00000000 ____D C:\Users\Ronnie\AppData\Local\gtk-2.0
2015-06-28 23:03 - 2013-12-02 02:21 - 00000000 ____D C:\Users\Ronnie\.gimp-2.8
2015-06-27 18:54 - 2013-12-21 03:15 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Battle.net
2015-06-24 01:17 - 2013-12-21 03:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-23 23:47 - 2015-01-17 00:24 - 00000328 _____ C:\Users\Ronnie\Desktop\IDS.txt
2015-06-23 13:27 - 2012-12-05 12:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 13:27 - 2012-12-05 12:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 13:05 - 2014-05-26 22:11 - 00000000 ____D C:\Program Files\Serviio
2015-06-18 08:45 - 2015-05-26 18:10 - 00000000 ____D C:\Users\Ronnie\Documents\The Witcher 3
2015-06-16 09:20 - 2014-01-14 22:42 - 00000000 ____D C:\Games
2015-06-16 04:30 - 2012-12-04 16:01 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Deployment
2015-06-10 22:39 - 2012-12-04 16:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-10 22:39 - 2012-12-04 16:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 05:37 - 2009-07-14 15:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-08 13:56 - 2012-12-04 16:01 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-04 20:26 - 2015-05-26 18:10 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\NVIDIA
 
==================== Files in the root of some directories =======
 
2014-05-28 22:03 - 2014-05-28 22:11 - 0000132 _____ () C:\Users\Ronnie\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-28 23:54 - 2015-06-28 23:54 - 0000843 _____ () C:\Users\Ronnie\AppData\Local\recently-used.xbel
2014-06-21 12:08 - 2014-06-21 12:08 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Ronnie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ronnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Ronnie\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 15:21
 
==================== End of log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by Ronnie at 2015-07-01 00:04:20
Running from C:\Users\Ronnie\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2885900399-2701757196-3320320212-500 - Administrator - Disabled)
Guest (S-1-5-21-2885900399-2701757196-3320320212-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2885900399-2701757196-3320320212-1005 - Limited - Enabled)
Ronnie (S-1-5-21-2885900399-2701757196-3320320212-1000 - Administrator - Enabled) => C:\Users\Ronnie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Witcher 3 - Wild Hunt» 1.0.3.0 (HKLM-x32\...\{BF679CAD-FE6D-4CBE-9E99-D7193809207A}_is1) (Version: 1.0.3.0 - CD Project RED)
¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version:  - )
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{F68D0307-2573-4BE7-9EFD-CB28D7E656E3}) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.71 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Auto Shutdown (HKLM-x32\...\{306037A5-6B16-4FFA-BF63-FBF1322D9139}) (Version: 1.0.0 - www.FreeAutoShutdown.com)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.5 - GPL Public release.)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - )
Bad Hotel (HKLM-x32\...\Steam App 231720) (Version:  - Lucky Frame)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Card City Nights (HKLM-x32\...\Steam App 271820) (Version:  - Ludosity)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.5 - Electronic Arts)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
f.lux (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Flux) (Version:  - )
Fallout FIXT alpha 6.1 - Fixes Only (HKLM-x32\...\{83D6B5DC-9C8C-4DE2-B66C-14FA5C8680B5}_is1) (Version: alpha 6.1 - Fixes Only - Sduibek)
ffdshow v1.3.4513 [2013-05-25] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4513.0 - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Full Combat Rebalance 2 Hotfix version 1.1a (HKLM-x32\...\Full Combat Rebalance 2 Hotfix_is1) (Version: 1.1a - Andrzej Kwiatkowski)
Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version:  - Over the Top Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.5.56756 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
HOTSLogsUploader (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version:  - Zachtronics)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005F0}) (Version: 7.0.50 - Oracle)
JC2-MP version 0.0.11 (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.11 - )
LAV Filters 0.57.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.57.0 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Legend of Grimrock 2 (HKLM-x32\...\Steam App 251730) (Version:  - Almost Human Games)
Leviathan: Warships (HKLM-x32\...\Steam App 202270) (Version:  - Pieces Interactive)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
Magicka 2 (HKLM-x32\...\Steam App 238370) (Version:  - Pieces Interactive)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.1.0.6 - Marvell)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
Media Go Video Playback Engine 1.120.106.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.106.05010 - Sony)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
MPC-HC 1.6.9.7418 (e326535) Beta Lite (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.9.7418 - MPC-HC Team)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150311.103813 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Ring Runner: Flight of the Sages (HKLM-x32\...\Steam App 258010) (Version:  - Triple.B.Titles)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Serviio (HKLM\...\Serviio) (Version:  - )
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Soundcloud Playlist Downloader (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\97191aeb98350aa5) (Version: 1.0.0.14 - Soundcloud Playlist Downloader)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - En Masse Entertainment)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
THX TruStudio Pro (HKLM-x32\...\{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}) (Version: 1.0 - Creative Technology Limited)
TortoiseSVN 1.7.10.23359 (64 bit) (HKLM\...\{71EFF430-1A34-423E-8EAF-A80173960A8E}) (Version: 1.7.23359 - TortoiseSVN)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E58B969-9BB4-4012-8D8B-D06005D1CD24}) (Version: 7.0 - TP-LINK)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Volgarr the Viking (HKLM-x32\...\Steam App 247240) (Version:  - Crazy Viking Studios)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warships (HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15DD00FB-3248-4ACE-B342-CA5DF9B3F6A2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {2C461C71-0989-4860-B4DC-3AA3B7868C0D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04] (Microsoft Corporation)
Task: {6AB0293A-1176-4552-89A9-5FFA3558EBFC} - System32\Tasks\Umusxnojla => C:\ProgramData\Umusxnojla\1.0.1.0\nojriomx.exe
Task: {781305A6-E129-4994-8FB1-3FD52F3FB7F3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {86636780-AB18-44C3-858A-89CE14E7FC6B} - System32\Tasks\launchspotflux => C:\Program Files (x86)\spotflux\.\spotflux.exe
Task: {9CD4C578-B765-4D98-9F16-45F06B3AF374} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {A7E313DB-EC65-494A-99C5-B51030E1904D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {C70B7AB3-3756-4D6B-8A06-0C9F8B244B82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {CBC3173C-81DB-41A4-9E25-F71ADC04BA50} - System32\Tasks\PaintTool SAI => C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp\prsetup.exe [2015-06-19] (SystemaxJP, Inc.                                            ) <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-20 14:09 - 2015-05-28 14:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-21 20:29 - 2013-11-25 20:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-21 18:54 - 2015-03-21 18:54 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2014-05-06 16:48 - 2014-05-06 16:48 - 00007168 _____ () C:\Program Files (x86)\spotflux\services\SpotfluxCore.dll
2014-05-06 16:48 - 2014-05-06 16:48 - 00009728 _____ () C:\Program Files (x86)\spotflux\services\SFEvents.dll
2014-05-06 16:48 - 2014-05-06 16:48 - 00018432 _____ () C:\Program Files (x86)\spotflux\services\WebServices.dll
2012-10-08 20:10 - 2012-10-08 20:10 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-03 00:42 - 2010-01-03 00:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-19 01:24 - 2012-06-19 01:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2015-06-28 20:45 - 2015-02-27 08:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-06-18 16:58 - 2013-06-18 16:58 - 00006144 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll
2013-06-18 16:58 - 2013-06-18 16:58 - 00008704 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll
2013-06-18 16:58 - 2013-06-18 16:58 - 00007680 _____ () C:\Users\Ronnie\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll
2015-03-21 18:54 - 2015-03-21 18:54 - 00368640 _____ () C:\Program Files\Serviio\bin\ServiioConsole.exe
2015-06-30 20:46 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-04-15 07:04 - 2015-05-23 11:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-10-08 18:42 - 2012-10-08 18:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2012-11-30 07:59 - 2012-11-30 07:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-06-23 03:59 - 2015-06-20 15:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 03:59 - 2015-06-20 15:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-23 03:59 - 2015-06-20 15:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.0.178.191
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Ronnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: F.lux => "C:\Users\Ronnie\Local Settings\Apps\F.lux\flux.exe" /noshow
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "D:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: XFastUsb => C:\Program Files (x86)\XFastUsb\XFastUsb.exe
MSCONFIG\startupreg: Zune Launcher => "D:\Program Files\Zune\ZuneLauncher.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{412E7CAF-FE1D-48CD-BF7E-A9CD4F175B90}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{8AE1F6AF-342B-4552-AE02-6D7ADD1F37E3}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{C6664477-03F3-4EED-9B6F-ECDC963D504B}D:\program files\baldur's gate enhanced edition\bgee.exe] => (Allow) D:\program files\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{66BFBDE4-CAC2-4EC7-A85D-985051989A68}D:\program files\baldur's gate enhanced edition\bgee.exe] => (Allow) D:\program files\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{CD783514-EECE-4B7D-8E60-92784A37CA84}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5563F6C9-F23B-45CD-8ACD-DEA8468D6B0D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4138A147-4E6A-4988-A931-2438025736A5}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{8A324524-7B4A-4A88-868F-46D029513E43}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{602D27CD-6108-46DB-982B-6D6C54129601}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [UDP Query User{964B17DA-3932-499F-B5A0-F3B4ACF837D6}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => (Allow) D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [{06F927D6-8D5E-4115-B2ED-FE659B9E3579}] => (Allow) D:\Program Files\Steam\steamapps\common\Half Minute Hero\HMH.exe
FirewallRules: [{5A28BBBC-1461-420A-9E9A-070D0D7BD9E8}] => (Allow) D:\Program Files\Steam\steamapps\common\Half Minute Hero\HMH.exe
FirewallRules: [TCP Query User{146E8EC0-D56D-4FC8-86D5-F7FC68EDEBDC}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{C2299C39-6DF9-4109-BF9C-079692B02EE2}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{44A64EF6-848B-4C87-9671-4C8844A7B3E9}] => (Allow) D:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{2C9ECC71-1071-474D-9C9F-C3F85F36EE07}] => (Allow) D:\Program Files\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{516A7CFF-DF75-4F1F-ADF6-4753D92E5B9C}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3302A791-B20C-4BE5-A762-60BBCBA8B54A}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{2E7745B4-23D7-4C68-8E79-768F690A8348}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{BFD328B6-2388-44F6-8180-382334FFA96C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [TCP Query User{C956F4B7-9E78-4D04-A499-7BA9A61B161E}C:\users\ronnie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronnie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{08129C21-62D8-44E5-8FAB-23E77228AF31}C:\users\ronnie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronnie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{78A5BCC7-F2F0-4D08-B982-F8FAB344E5C5}C:\users\ronnie\downloads\windward.exe] => (Allow) C:\users\ronnie\downloads\windward.exe
FirewallRules: [UDP Query User{46850633-84EF-46D9-A0B7-E04213BA321D}C:\users\ronnie\downloads\windward.exe] => (Allow) C:\users\ronnie\downloads\windward.exe
FirewallRules: [TCP Query User{600329BF-404B-405B-8DEE-D35C80ACD587}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{8FB353C3-7BE0-4FD2-83BD-B9AD5B53FA3F}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{FDA5DDEE-CCD9-4AC0-B545-D9F0AE7BA91E}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{E4208D9F-5FA8-41BC-B6C1-620492224A72}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9E10D75F-9B68-46EA-A269-7C41E6ADA6E2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B2A6CC22-D8E0-4939-92E6-2B8AE59E722D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EF6A0C4D-A12C-4690-87D5-EEC427D0649A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E4E88EAF-6A67-4957-A37A-79FEE3EFE365}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C3BD43E2-1DD3-4FC5-BD70-4EE1362A88AA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3E8E929C-3A6F-4A65-A4E9-1BC2649B44DE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EA846C29-E68A-4472-94F3-268FC202747F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [TCP Query User{14E4B36F-5A8C-4917-85D7-D918CB7DAD5A}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{C047DD81-00BF-4B68-A285-5081B34091BA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{44AC1D3A-3111-4467-9660-B9DAA7D0CF37}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{3709071D-1F92-4C17-A9D1-ACBB30B2CB33}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{54B7A662-15A9-42E2-B67F-27141C2F7252}] => (Allow) D:\Program Files\Steam\steamapps\common\solar 2\Solar2.exe
FirewallRules: [{0AC454DA-5671-4731-A27E-5F67AB57A98F}] => (Allow) D:\Program Files\Steam\steamapps\common\solar 2\Solar2.exe
FirewallRules: [{E9FBF645-A433-47D0-B867-21044359330A}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{FCBF2FEB-1F0C-4826-908C-5C07AF436682}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{244D9C0C-3629-4773-945F-E85CE6AD1BB9}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{104B4213-D9C0-495C-80F0-6EE08EC183A6}] => (Allow) D:\Program Files\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{98EDC42E-5D48-4339-906D-AF4806942CE9}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{6EF85D91-FA1C-48A5-BCE3-70882F1D3764}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{1A86334F-06AF-4F53-AF23-60901AC93922}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{25D6EE81-6C15-45BF-9D8B-CD2154481C5B}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{49B2F31A-9108-4524-8FC2-F59B563DF557}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{3520845D-BB18-4673-9E4D-C55D85A2C862}] => (Allow) D:\Program Files\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{95669742-9BA2-4B19-9F82-1194B2E9F3E1}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{633CBC13-ABB9-4288-B8E6-F686918AE920}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{5198B1F6-8231-4732-A0BF-7514BF52CCF4}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{BC1C7498-2D33-4D83-A096-2F0F79D58798}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{3DD74045-9251-4AC0-9D51-419551812433}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{F5D35485-62AB-48B9-8D91-0812259BEA61}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{EA83FB0D-8F50-4BD9-BAA2-93808DFA402E}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{0ADFF588-9E9F-4C99-8C99-B81EA5AB73CF}] => (Allow) D:\Program Files\Steam\steamapps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{262C265A-BE16-43F8-BFFC-B2BF76C4D5E0}] => (Allow) D:\Program Files\Steam\steamapps\common\the banner saga factions\win32\The Banner Saga Factions.exe
FirewallRules: [{F13296F2-84A7-42A6-A712-B78A589D90F1}] => (Allow) D:\Program Files\Steam\steamapps\common\the banner saga factions\win32\The Banner Saga Factions.exe
FirewallRules: [{538EF65A-3211-4049-B186-1B58B412D871}] => (Allow) D:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{106459E6-72A3-406E-95A6-E95D66A00925}] => (Allow) D:\Program Files\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F645ED71-C9E0-498B-B82F-E62C1E50379A}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{6D169B40-B731-49D5-AC23-3069AB72F20E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7229E5D3-5C7C-42EB-BA29-33CA62C01D6B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{CFDC4D20-2F8A-4DF2-B598-B54360FDD2BB}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{30D0039E-ED68-4FDE-8445-082895FAE7EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EFC9F34F-4833-494B-8884-D53FE8521C37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8C621A08-67DF-4894-8C48-58B99A251317}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{59115A8D-C05E-4379-BC6D-FB6ACEA7BE25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D322357-8433-42AC-9753-A15B5D0340D0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1B3410F1-8593-4A81-A228-046B30C63BEA}] => (Allow) D:\Program Files\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{5340DA08-5BF8-4618-A666-C3B238F9A92E}] => (Allow) D:\Program Files\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{73BAEF40-5E86-44B2-8883-84CF9FB68FAB}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{438A82E8-ACE3-4959-B5B8-651EABA7366C}] => (Allow) D:\Program Files\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{733A6F27-7BD1-4DD9-B0F6-9243AE0F7C8A}] => (Allow) D:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe
FirewallRules: [{A4ED4777-3B62-48F4-9F25-BB2BE38DF45A}] => (Allow) D:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\BmLauncher.exe
FirewallRules: [{22CF3C64-ECD5-4291-B5E5-DB5D72136782}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{3AEEC070-8475-4096-BCF0-4FF0D4B681B6}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{66CC69FB-3F6D-4215-9E3F-89AD5A30FF1C}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{003CE5F4-1334-4A7F-A40A-35EE44ADD3F3}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{D3E04C91-79CD-4E46-ABBF-F68577D19169}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3B21E20C-FABE-4186-83A4-F9795FD170D2}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8A29C1C9-8B54-4BE4-A62D-211369B69E23}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{0C6D73CD-E6B6-40CD-B5FD-3A74C840946F}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1765E327-51EE-4CDF-B303-D44472647EAE}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{498D1A6C-044F-4DB9-A09E-B77502985776}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E3E9B106-76F5-4B6E-A50C-576C032890DE}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E482BFE6-2DC0-4B33-BB1C-26C3C7DB73B7}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A8C2A4ED-DE9C-4834-B072-24309E16A817}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F0ABFECF-E668-4090-A4F4-ACC9112A5DF6}] => (Allow) D:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F08D0CD-5E2B-4B7D-ADAB-DFD3BDD6DE2D}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{F51A79BC-696F-4A9E-8EAA-A985E5753C9C}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{77B0A29D-FF87-4372-AF18-F8E689FD6777}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{2893AC35-7322-4E6C-9266-968619F409FC}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{A3914AE1-592A-4FD5-A704-8D8B4C463CC2}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{48452B53-BB02-4A5D-BF10-AD9CDD6767A7}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{18FEFB82-6063-47C4-A632-3CD929C8D3A5}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{6A2E46DE-1F74-4B8E-84B9-7DF6CA904BA7}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1DB08E28-D0E9-44C0-9EF8-908208B3253B}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CBDC58DE-1100-461D-A703-545313C4B2A1}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D57D2FF4-F29C-4455-843F-9867CC5B4869}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{70430733-0550-42C1-9E4C-DEA761B5AE31}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{078327AD-0EE8-44ED-AC7E-8DBB80FE0B8C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{50F20BC0-BF46-46E5-B790-5DC10CBA1BC3}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1911F169-BE81-4508-92E2-BECA8EDFFFD7}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09AA5188-C28D-48A5-93C8-23BF1DECF6E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{36FD4191-1E6E-4ED6-B4A4-26D720517E2E}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{8C0AF4AD-D5C0-40B4-A8D5-574D5D732568}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{97E859B4-3313-44DF-8409-6C633CA4E51D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1536BDEE-3323-4244-AD79-0162A7EC2086}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{A3B403CB-D24C-46A4-BA08-B456ADB17F6B}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DD57105F-779A-41AE-BD59-B9D89110D412}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8677D568-4FCC-44E7-9082-B4970CB94BDA}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D31A5248-B42B-45AA-A77E-84CB320588DF}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{33E8C46B-FB7D-4BE6-96AD-3B93A3F2E5E6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{5E8F2A2E-66E7-416D-8037-2CBF91D904FD}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{4583B590-F358-44ED-A212-C98BA0A0D909}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4571305F-0179-4878-8FFA-7A4B96A61FBC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{11049DF3-2ED7-46D8-8EC2-CFAAC4F75F63}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{2E3B4230-847C-4F65-AF98-24E89C39110B}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1307D5A1-0D18-4CC6-AD83-2D0C7712559F}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B4D1B377-96F5-4246-8870-18417AB62815}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{3D106063-78CE-4C81-B81F-26BA7ED0E398}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{EEC819A3-224D-4F6C-982B-CBDE66DD9FFC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{961B2845-E234-44C3-9625-80995B8C9FB6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{3A9EBAC2-CDCD-471D-88C7-35AE2E798CFE}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{2F609114-7B59-456E-BD44-6A74E4B22590}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9808ECC6-1F47-4A64-A420-02C8921411AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8CD3DEDF-8C8C-4612-842B-50E9CFCB116B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{93088353-D711-4858-961C-173071671996}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3B656B57-3F9F-41E9-8751-30DC913EF974}] => (Allow) D:\Program Files\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{EB7FA081-8735-484B-8574-9809657D5F7F}] => (Allow) D:\Program Files\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{2CD99FED-A5AC-4EB3-8185-614776A3D7EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{99380823-229E-4DC9-9015-90F9D461B59F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{730E68CA-B808-4822-A672-7E6AD80815ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF2B6098-5FEC-482F-8D19-A373FE928C1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCF9D147-CDBC-4634-8DF4-7D92C678CFF0}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CC6C260D-F77D-4E21-8417-04F3CE995812}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D060EB2A-3BC6-43E1-93AB-00BEF573CAE1}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{2D907E5D-28B8-4F22-B421-D57133694C49}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9457B3F8-A55F-43C6-9B81-6733BAC3377C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B91BC462-D6E8-45E0-984D-6828EC727445}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E1CD1CB3-13DB-494C-BD20-FFFB85B198FC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A27C7F26-D2AE-47B2-A458-82FB8CFB13AD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C6EDE3C1-6870-4DE5-A0B9-EA0437A7FBAC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B8E7537C-BC9E-4229-919D-384E394BEDCB}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{07ED5F45-28BE-43E5-89AA-66EDF2B732F6}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{6A45902C-B1A6-4CC5-B8DD-911F25746375}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{C58E7E93-BA16-4844-B792-66F5BA3DA5F6}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{70C27E24-D39B-4A9E-874D-7006047FC9B9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{08E24E67-E3AF-4C8F-8520-737777A43A5D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9A5D1BF9-A750-4A06-A618-13AF6112D290}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{7EAC5091-5B66-453E-B53B-F5E0E738C604}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8DE3A1F0-E2FC-436A-B165-E52B1B70A52F}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2CC33EE5-0EA7-4EE9-A357-5FCDFAF99DAD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DE27641F-494B-4831-800B-6ED49AF49B80}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4DDA2515-FCA6-4458-9586-B9219B808CF3}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C209AEBD-FA06-404E-9460-EBF8114A48F0}] => (Allow) D:\Program Files\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{B8EABB7E-83D2-4439-A6CA-63C6827AFE33}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1D1DAB37-0C9B-4746-A3BA-CECE73CF49CF}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{237421A0-5562-4E00-9BA5-65117042AB5D}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{DBD2FBC7-D109-4468-BC2F-76451AB4BA89}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{C32B64C7-1543-4280-B4A8-5AA8650C27E7}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe
FirewallRules: [{A635A2E4-22A6-4C22-9073-F95B497A1991}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe
FirewallRules: [{C8C812B7-2977-415B-B870-60679D9EFF7A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CC805D59-FF39-4649-8D42-E527E7D1B1E4}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{2AD11437-0010-4FD3-85BC-16C3763FD850}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe
FirewallRules: [{E71A222A-ED62-4643-A6B6-9B8FEDF38079}] => (Allow) D:\Program Files\Steam\steamapps\windpawns\garrysmod\hl2.exe
FirewallRules: [{AA0E54A1-C266-424D-833B-48C6B8732745}] => (Allow) D:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{3F065946-145B-46F8-B6E9-91627884A7CE}] => (Allow) D:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{19125D61-D95E-4D7E-99F1-EDAA84DDB163}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{EC3703BE-A437-48A3-8ABC-0B0575314BE5}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{297F61D1-8F88-42E5-B4A8-28E37A882174}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D7795F7B-C9A7-4B46-99C7-438B12221C1C}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{72B51B7E-26A6-4674-B54E-3AE43173831E}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{533D224D-939A-4B92-BA05-9CAAD6955E04}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D60F259A-B1C0-423E-A9D9-B7FD2D829D16}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{74D68A2E-90C8-4CDF-907E-7D45E82C5B20}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{335C9B2B-55F7-40F0-983B-10743EA33A3A}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{DB8203FE-165E-4561-8090-19DF3C218690}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{0803B581-9ED6-4D85-B066-DC9B3C0216CC}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B601983A-F6FA-41BE-87B8-964085A48826}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{EED5EE36-A5FF-45CC-9FAD-1FF6E49C47D9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F8FD2EDC-C7C7-4720-9BF1-4839799A9664}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{AA2930BA-A43C-4048-AA87-89E4ABB5FF85}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{30A75901-FB4A-41F8-834B-7EFBA9857BDB}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B443F23F-F96E-47E3-8C86-9BB2B8D49A7A}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8B74CDFB-633B-44E2-AA30-4D9FBEBEAC7C}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CEBCC2B8-3038-442E-A9E7-7FC52AD10374}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{58A9B182-F2A6-4C7C-8696-B544243801B9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7702F246-5854-454F-97D2-5B865675C2DD}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{85949DD3-1EFF-45F1-8115-DC67E2449C51}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{9A8CFDE9-4BCF-4A41-A9D9-EBC9423DEFB4}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout\falloutw.exe
FirewallRules: [{55D085D5-5A70-47A6-A34E-1E7F7AD8A06B}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout\falloutw.exe
FirewallRules: [{B74545C5-42EE-4B6B-A93A-7DB79C10D055}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{CCA3C0BE-4AF0-4D78-B2B5-1F824EFFB308}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{84C0F48C-2592-4A20-9E8E-B2476A5DB470}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{00E2BC57-8496-4916-8F7C-4F6458669079}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{A4ED4E4B-784F-4FAD-9A7D-FBC7018EFA86}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{5DACA985-FF11-4DF1-8AB8-ED3177E2C30D}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{6E6918E2-046D-405C-9F28-5A54369E3D86}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{5BC49052-FF6F-4424-80D9-768EE23C6D1E}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{946EF9F3-8BA8-4409-97FE-817011C01B5A}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{E4135039-5593-465E-AFFA-DD3DE482B786}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{28B42C90-9E0F-4BF6-A611-54A9AA37CF7E}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{160E1DF2-7C83-415E-8EC0-EF4FEC47C430}] => (Allow) D:\Program Files\Steam\steamapps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{080CDC47-6F5A-4BF4-A9B7-B1AA2EBB5646}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{046E603B-7A10-4B80-A046-587FD11A8C02}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9A5EA263-2EF4-4678-8F86-7B132D903C24}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4D8E52B9-4E36-42B6-8398-ED98365B89E0}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{48A3D0D4-526A-4192-857C-8FFD5E70C0BC}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{2C5E7DF1-D836-460E-97D9-90F2E2E5FC9E}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{97C03E64-09F9-4FA2-9F9A-B55BA664AB79}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{91210BC4-634E-4C55-A9C8-860951D67288}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6812766D-8B96-40D8-A537-E2D102A4A5BD}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3E56EFFD-900E-440E-8FF6-407A1B0708F2}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C285BDBA-6071-45B8-8C8C-D997D2830EAA}] => (Allow) D:\Program Files\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{2418F1AD-D5C0-4A15-9630-D15B3D3F0843}] => (Allow) D:\Program Files\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{03D5BEF5-C189-4117-A830-0C4AC0B51B22}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{594D612D-5CCC-4FC2-B63D-BADB7FFD1F9E}] => (Allow) D:\Program Files\Steam\steamapps\common\MagickaWizardWars\WizardWars.bat
FirewallRules: [{EB9626E1-E55C-4163-A617-12379A756A38}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{FA6FED7B-DAD7-4059-A162-B5FF83DE0BB1}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{04EFB2E9-C81E-4D74-A24F-009807D225AE}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{7EB00E5C-607C-4393-A579-DCA69EFBB752}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{CFE0159D-C884-4AB3-91B5-47C0D367CC11}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{E904D6D2-265A-4D27-8DC0-5ECC51132940}] => (Allow) D:\Program Files\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{A84E1313-F7C8-4BA7-8195-9E03E4A666DE}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{F5921A45-DB13-4069-ABB3-FDBA52F05BD0}] => (Allow) D:\Program Files\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{9E56463C-995C-4C69-BE04-143153339BC1}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{84625924-B8DD-42BE-AA71-4FF2AC1F7D8A}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{0313752C-E26E-47C9-B98D-E743E0955D05}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{6C47E122-D8A3-43D1-AE08-316EBEAFEF4A}] => (Allow) D:\Program Files\Steam\steamapps\common\braid\braid.exe
FirewallRules: [{DBEB73F3-A1B7-4E78-886E-3E8B0D1DDAB6}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\ROTTManual.pdf
FirewallRules: [{13B623D1-584B-436D-91F8-DC3DD806EA98}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\ROTTManual.pdf
FirewallRules: [{B99B1F35-95E9-4E09-B6D9-49B818C86DEA}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{120B5160-050A-4A46-AAFC-AFDB26B5C9BB}] => (Allow) D:\Program Files\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{BAE79657-5E4A-40DF-B39C-37F68E0CD7CC}] => (Allow) D:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{938D6A11-6D6F-42E1-95F6-5BE14CDC3CCF}] => (Allow) D:\Program Files\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{61BC2D1B-AD54-41C9-98F2-CDC6861B6995}] => (Allow) D:\Program Files\Steam\steamapps\common\The Bards Tale\Config\The Bard's Setup.exe
FirewallRules: [{AEBD072A-0411-4026-A1E4-DD02C513807C}] => (Allow) D:\Program Files\Steam\steamapps\common\The Bards Tale\Config\The Bard's Setup.exe
FirewallRules: [{4058B27C-0BF7-48AF-A852-BE2DB7981208}] => (Allow) D:\Program Files\Steam\steamapps\common\RingRunner\RingRunner.exe
FirewallRules: [{EF982D9C-DF31-4C35-A7DB-9D1851554FBD}] => (Allow) D:\Program Files\Steam\steamapps\common\RingRunner\RingRunner.exe
FirewallRules: [{317327D0-1C0E-4707-AB4D-CEC6D3B71D0C}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe
FirewallRules: [{51C65E98-46E5-43C6-A5C6-4E89731C4CC1}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rust.exe
FirewallRules: [{6E83932B-F22D-420E-86BE-2FA4B6A47D1B}] => (Allow) D:\Program Files\Steam\steamapps\common\DungeonDashers\DD_Public_LevelEditor_66.exe
FirewallRules: [{A670F2EE-7387-4DBF-BE04-AD9D28201FA3}] => (Allow) D:\Program Files\Steam\steamapps\common\DungeonDashers\DD_Public_LevelEditor_66.exe
FirewallRules: [{B64DE2D5-6513-491D-B397-74430951093A}] => (Allow) D:\Program Files\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{9881AEBF-BDE1-4BD9-9CA8-BE308F27D14A}] => (Allow) D:\Program Files\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{C674123D-763E-4D02-B29F-CD4AC75F17A2}] => (Allow) D:\Program Files\Steam\steamapps\common\Card City Nights\ccn.exe
FirewallRules: [{A4D06332-2CE0-4336-8A55-2B7584CFC86D}] => (Allow) D:\Program Files\Steam\steamapps\common\Card City Nights\ccn.exe
FirewallRules: [{01CACA77-EE2D-41C0-B6B8-F5CE783954F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8F086B52-22E5-4A50-BD7B-4F0B6730818F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{82E85E8C-D740-4521-9988-E8D032C82C48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{FAD9ED32-6C13-4DCB-8709-7072EB2CD0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{F8F3AF44-41B0-4C40-879B-E82ACA9D9A7F}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rustlauncher.exe
FirewallRules: [{D186E8D8-FA1D-4872-984A-87ABDED1EFEE}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\rustlauncher.exe
FirewallRules: [{049F09A6-B0C3-4F50-910B-77422FA7B60E}] => (Allow) D:\Program Files\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1E7A213A-B84B-4EE1-A9F5-3ABA0E5F18A2}] => (Allow) D:\Program Files\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{92BE651D-1837-4B3D-AEB8-0254C386448D}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{03BDAB05-2F72-43C3-BFB3-A5A1E0930528}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{48B0E9C6-3239-47D1-8D5A-3FDF90FEBA5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{54B36CFB-6467-4725-8E04-B61A54F7E8E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{77A805FF-661B-4E68-A307-DB4BEF966C68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{31967F72-0AB0-4032-B471-DA9D2B30F98C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{5750AC62-7C0C-4E5C-ADCF-4FCFFA4F7457}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B66E3270-42F5-4562-AF6F-C5EDCBBE1D12}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{1F05F35E-EDC1-4E14-AD29-EA733DDDB05D}D:\program files\age of wonders iii\aow3.exe] => (Block) D:\program files\age of wonders iii\aow3.exe
FirewallRules: [UDP Query User{E05B8AD6-138B-4C33-B868-92EE6614493A}D:\program files\age of wonders iii\aow3.exe] => (Block) D:\program files\age of wonders iii\aow3.exe
FirewallRules: [{720F8CB2-22CC-4770-AABD-AD4E83B9D481}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{52BE6EBF-380C-4BDF-8925-C9EBDADD265B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [TCP Query User{760AC2AF-F0C3-4C16-9C24-1768E8C8C23E}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{620D62E4-C60A-4422-89F0-DBF768E4DC1A}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{EBE877D1-94AE-4F32-9DD1-02BC1BC3CB50}D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [UDP Query User{D7E5613E-FF6A-4378-AC3C-531E5FBE950A}D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) D:\program files\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [{A0615CC2-28E1-4A79-9AAA-A123422822B5}] => (Allow) D:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{CFD02663-765E-4D99-B32A-ABC940344B85}] => (Allow) D:\Program Files\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{39B057EB-C628-44D0-8A0A-77559AAAC0A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{9A71D78D-1674-4310-8560-39E81273B971}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{392CDF2B-49B0-46A9-A0B0-166DBB0A12F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{BAEA5718-5391-44D9-BD3C-255D85C46B4D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{2C0F0D88-2F89-4DF9-B5C5-C237BBBCEACA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{CC901EEF-021A-4685-8749-6B8ADED63EC5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{FF4272CA-31FC-4329-ACF5-E5FC496C42B9}] => (Allow) D:\Program Files\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{BF823D78-8B8A-4F96-AB11-FB2D2511AE4C}] => (Allow) D:\Program Files\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{24A25A07-8699-453C-A346-F417BE10F8AF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{446093DA-FC5D-4F75-A5F3-91ADC1646C3C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{04F70AC4-23BC-4589-A205-87A77AFCD712}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A2C5CF48-4EB6-452B-9778-1B1AF2853BB9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4D1D428C-C46E-4234-B388-FF6CD9BA0F9E}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AF0FE634-5971-40C3-A2B9-6CFB818B46AB}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{438B1562-7C33-482B-892A-92B36F23D4E1}] => (Allow) D:\Program Files\Steam\steamapps\common\Ironclad Tactics\Game.exe
FirewallRules: [{DC21FD93-8F25-4D90-A87B-EF55911A3485}] => (Allow) D:\Program Files\Steam\steamapps\common\Ironclad Tactics\Game.exe
FirewallRules: [{9D35CEB1-9190-48F3-BD66-046A02E26EFF}] => (Allow) D:\Program Files\Steam\steamapps\common\Bad Hotel\BadHotel.exe
FirewallRules: [{BABCBF57-469B-4011-8B80-C574933CD73B}] => (Allow) D:\Program Files\Steam\steamapps\common\Bad Hotel\BadHotel.exe
FirewallRules: [{EA45C27F-FBE3-4D96-BF19-529A83309A14}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{0973C474-616D-486D-9C17-72C0B12BC231}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{F032B615-3B11-4DD2-A94A-32ECCA8B29AD}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Config.exe
FirewallRules: [{050F2725-BA4F-4625-AADE-3F1AE6833F57}] => (Allow) D:\Program Files\Steam\steamapps\common\One Way Heroics\Config.exe
FirewallRules: [{68E8ECDF-2040-48A3-A54D-8B1BD9C90403}] => (Allow) D:\Program Files\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{858D9E45-1C34-4F1F-8D14-52B7E3D27D6C}] => (Allow) D:\Program Files\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{0EF9FB28-2F04-452F-8C22-5319A73BE6FE}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{A359AC50-CDD0-4FCD-BB48-C3FE9DCFAA31}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\legacy\rust.exe
FirewallRules: [{540186DE-8810-4579-BE60-95774DF4265E}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{DCECEEF6-C484-4E45-9EDF-8859D205C1C9}] => (Allow) D:\Program Files\Steam\steamapps\common\rust\experimental\Rust.exe
FirewallRules: [{09EA22D8-53B5-48AA-97A9-BA5640CAC99D}] => (Allow) D:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe
FirewallRules: [{EDCCDDE9-0B75-42EF-A366-9CE159F872DE}] => (Allow) D:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe
FirewallRules: [{38FF56EF-BEBB-4F1F-B0C3-7E12644AF57A}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe
FirewallRules: [{27544DBF-6204-47FA-A946-2BA789C78AD5}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe
FirewallRules: [{287DAE77-7649-4611-822F-574D14BE2F76}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe
FirewallRules: [{F3E21572-C0B0-4D92-A055-CE1C10D0384A}] => (Allow) C:\Users\Ronnie\Downloads\Anime\detect_routers\detect_routers.exe
FirewallRules: [{ACA82A24-F904-4D7E-BDC3-83A6C12A7E29}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{67BE1633-CC70-449A-9723-66E58660007B}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{5965F8F0-2780-4699-9A5E-D9EB606C16D2}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{66C1D92B-58E9-4150-B63C-BA5E79263C82}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{B227FFC1-3F76-40EC-BD15-6A0A55DF8745}] => (Allow) D:\Program Files\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{539FB49F-4090-403C-AE1D-137E945B9491}] => (Allow) D:\Program Files\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{BC1728F8-4F99-4729-BB63-3CEB585021B8}] => (Allow) D:\Program Files\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{FCC1259E-F9FB-450B-84DE-2541482EE8FD}] => (Allow) D:\Program Files\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{7D44759D-5BF7-4008-A237-827617E3E947}] => (Allow) D:\Program Files\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{C155F774-201C-4647-8448-22C3BE6464D4}] => (Allow) D:\Program Files\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{0672D89C-5C43-4B2D-A4BF-4754EB394E73}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{0501502F-2D39-4586-86A4-8838841CC34B}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{1DB53E6E-8B99-487D-A949-9CFE20699CBF}] => (Allow) D:\Program Files\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{8410A693-3D9E-40B9-863D-9A85C90241F4}] => (Allow) D:\Program Files\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{68662B19-9EB0-4484-BAC3-17E423D8DB3D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9981CB6C-A4F3-409C-A73C-3250C04F5D9C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{C083B48F-577F-4F76-AFF5-737B6AAA93EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C9CBE05F-963A-46ED-BA94-C52858A078F0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{62608A06-44E7-42BD-B7BD-49DB779E64C2}] => (Allow) D:\Program Files\Wasteland 2\Build\WL2.exe
FirewallRules: [{1BFAB0D0-0A03-4024-B2D1-43D7F1FC19BA}] => (Allow) D:\Program Files\Wasteland 2\Build\WL2.exe
FirewallRules: [{470D6960-15F7-41FD-BE68-9EFFB5D48252}] => (Allow) D:\Program Files\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{E235295D-5057-4A0A-8DFD-588BD0670508}] => (Allow) D:\Program Files\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{1FF9D205-ADD1-4ED9-9664-8D8F0A229E85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{710D9C53-47F9-44D8-832F-725564AC5019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{45702680-8714-4B7B-9D39-4578FB882DF6}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{3A96E560-9534-4639-A745-C33D2E8B00FC}] => (Allow) D:\Program Files\Steam\steamapps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{5375F102-569F-47D6-9AB1-659FA3B8BBC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{527AAD74-FA6F-4192-BACC-14E8DD8F0759}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{096CCADF-7652-403B-8BCD-C3E633AA3678}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{3468139D-FB35-4809-961F-57DDFD42E6AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [TCP Query User{DE44C3C0-D958-4B04-BA28-327CAD24E44E}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{B13FF032-FAD3-40E7-9DE1-185FA13B55E6}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{0987A551-5779-443F-8E1C-EAC1571E67F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{D1E0753E-ED1F-4F3D-AF5F-E30B9C75F8D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{9069ADBC-136B-479B-87C9-E0D2616AC7AD}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{FD22B5A7-7256-4D55-BA63-F74D0E932882}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{805425EE-DDA5-4B5A-A36B-9330ADE45FC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5AE19B02-73EB-46E6-A332-24FEB191C5D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{BD25297F-42AC-43B7-B705-843D225E588A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{4B948D97-E4AB-4BF4-BE42-AC0B99195922}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{DFB12F57-2857-4249-B1D5-C990C36C3778}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{F0AB8DCB-0BD7-4F0F-822E-3BBA45E3A3EB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{F8DAAB44-5230-485E-94E4-91D5F5050843}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A83F6937-2D27-4ABF-878D-079895216034}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{5B95EB10-C7D6-4039-AE36-8FFFB75C87D7}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{1C9D2C33-1467-4E6B-B9E7-97CD8351F6C6}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{A28B2060-FD9B-4C4B-9FBC-8F38C72E36C2}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{45667919-F4FE-4911-86E2-FC7EE5826959}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{D45D1693-C44E-485F-9A61-0264C244C5DE}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{8B695487-E9CC-4A73-910E-53A71090BE2D}] => (Allow) D:\Program Files\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{3FC89BC2-0236-4E9A-B80C-6BCB06F340A4}] => (Allow) D:\Program Files\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{F379359C-1F84-4AA1-AC01-C00054C1E2D6}] => (Allow) D:\Program Files\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{3BBA515A-080C-4F37-B362-6C23BA7AABF4}] => (Allow) D:\Program Files\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{774950D4-69BD-4DA9-A2D9-1E3EC6F4E2D8}] => (Allow) D:\Program Files\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{F31EB16E-8876-4689-B53E-EC1EB92E38A9}] => (Allow) D:\Program Files\Steam\steamapps\common\FullMojoRampage\FullMojo.exe
FirewallRules: [{1D89C7B1-B029-4400-8202-DD6EFD918171}] => (Allow) D:\Program Files\Steam\steamapps\common\FullMojoRampage\FullMojo.exe
FirewallRules: [TCP Query User{F1F352B1-5EC9-4F4C-BD0B-05FED1D025E9}D:\program files\far cry 4\bin\farcry4.exe] => (Block) D:\program files\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{D6EA38C5-F117-4D88-A0F3-B3C2C46FF724}D:\program files\far cry 4\bin\farcry4.exe] => (Block) D:\program files\far cry 4\bin\farcry4.exe
FirewallRules: [{2294533E-D576-4F5B-9E1D-B6EC9DDBEEB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{DBC9323E-5F13-41C5-97F0-B10D15441B8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D45C8C63-5DDE-4618-AFF0-A0E4C75CB434}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{E21182E3-CA28-4642-AA21-DB9118DA4874}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{82805FB1-A995-4323-87BB-1E42E7B2E7DA}] => (Allow) D:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{088B703F-C8C8-416F-B689-C8E15B7A7586}] => (Allow) D:\Program Files\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe
FirewallRules: [{0EF9EC2E-FF54-44E1-A3CC-EFB0958418E6}] => (Allow) D:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{75D4C119-588F-4819-B837-A10FCB133197}] => (Allow) D:\Program Files\Steam\steamapps\common\Volgarr\Volgarr.exe
FirewallRules: [{35393095-E337-4993-B649-4801CAA1837C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{018122B7-B08D-4E25-A5C0-36E29369DF47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{BC7477CB-9AA2-45CA-934B-B74A843C60FC}] => (Allow) D:\Program Files\Steam\steamapps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{AA6FD03E-2C5D-4874-8913-EDC6C633A6C3}] => (Allow) D:\Program Files\Steam\steamapps\common\EvolveBeta\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{E2571A48-9964-425B-8D61-21A84FFF4AD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{867C5BB3-BFE8-4FEC-9DF1-14C741152783}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{54FA82A3-B6B4-4D03-A72F-8CD13E0D308E}] => (Allow) D:\Program Files\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{EF16CC0F-AECE-4F4E-BF4B-E6859D4F905D}] => (Allow) D:\Program Files\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{77970D15-696A-404C-8ACB-A55DB4AF10B1}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{908B0119-105F-42E8-A951-F2742E02B855}D:\program files\dying light\dyinglightgame.exe] => (Allow) D:\program files\dying light\dyinglightgame.exe
FirewallRules: [{23BFDAED-BB9D-432F-8A11-608ABBD35A92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{89243AC5-5F54-472D-AAC2-AEA84E0F7F3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{8A547686-ED4D-40FC-AF74-1379C30406FA}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{62668ED6-5A91-43FB-9D9F-A92448BB0B47}] => (Allow) D:\Program Files\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{940D8094-AF8F-48C8-B803-C67DA50B558F}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{DF2C6A43-D79B-4058-BAE4-04AE3E439F11}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{C625FC35-C394-4140-AC81-934DC7B7E86B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{1B6B7858-B715-4F2A-B3BF-15C749C4749B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{4C4DBDD2-19CC-4FF2-8B8B-433E056E0E17}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{EA60CF94-7E5C-4A9D-A87F-AEE663357FCE}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{BE39E657-008B-43D6-8F49-EDA9DBAFB490}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{01AA22DF-2FF2-4111-A39B-CD6E3FAEE954}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{46771FD5-C491-43AF-9DA8-74B44E0B4811}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F5481548-6313-4FB8-AD19-66B81E579E58}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{99ED372B-9324-4992-8A64-569F626106FF}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F0A98410-B440-405F-AD91-C043D1A19696}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6F51D012-7BE5-4FE5-9F9E-01BD8FDE084E}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{BE35DA68-032C-49E4-B9C1-22FDD5046174}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{99BE1C12-5FC0-46FC-BD90-A6405CE5BFEE}] => (Allow) D:\Program Files\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{73264F61-205C-4298-B75F-E77F9B26FE6E}] => (Allow) D:\Program Files\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{D73AB5F8-FDDD-4B3E-9253-36CC9F585411}] => (Allow) D:\Program Files\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{ECC31FFD-5748-4CE6-A113-0BA28B826F67}] => (Allow) D:\Program Files\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{4FE40AF6-1BA2-440F-8AB3-5657613733B6}D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{D6D3720F-FC72-441A-A191-9C96C9F8FD49}D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\program files\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{EE9010E6-EF68-48D0-8249-1336C0DCF870}] => (Allow) D:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{88B75285-1BA3-46D3-A808-66FF8C2BCA62}] => (Allow) D:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{C5A04E25-89BA-46D7-9757-4B263B162041}] => (Allow) D:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{E597DB9B-647B-4E65-9A27-299C524C2F48}] => (Allow) D:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [TCP Query User{22B3FEDA-4B4C-4CCD-BEF0-96FBB69BBD82}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EB44593F-C002-4B98-8507-837DA6034B88}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{430CFAB0-EF13-4ECB-BB4D-674A8EDBC932}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{84E91164-E5B0-4F67-B5F1-AF1B476530FC}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{11A42A6C-5C68-4E7C-8A0C-8F8217D405CF}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
FirewallRules: [TCP Query User{27DC003C-EC83-4123-AD29-8B00E4F850A0}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [UDP Query User{A83C02E9-E31B-4DAA-A294-C3886922B504}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [TCP Query User{131FF99A-C9D8-4748-99A1-63C39694BC4A}D:\program files\world_of_warships\wowslauncher.exe] => (Allow) D:\program files\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{DDB6DC58-C8FC-440E-895E-9D11977A4CD2}D:\program files\world_of_warships\wowslauncher.exe] => (Allow) D:\program files\world_of_warships\wowslauncher.exe
FirewallRules: [{241F45D2-0AE6-451B-BEF6-E0A23FE99A52}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{8D160857-A388-417C-9B24-E0043A4DAC90}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{853E9EAE-AD7E-4A40-9E23-B48A703E42B2}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{7EDCABC2-55B3-4401-B2EE-A1ACC52E8180}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{FC382B36-D2DB-4238-9C7D-5D8B064C62CC}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{F41CAF20-079B-4B63-B844-392D51FF1ADC}] => (Allow) D:\Program Files\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{98F63D1A-6351-4411-A9DC-81E5A01BD446}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8D23D469-6DE9-429D-8B28-7C8839D86018}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{5BDDCF5F-E2EC-4C67-9736-D946127A2895}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{C717FEF9-F466-4650-950A-94C10F1E6D22}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{D7503DB0-4756-45D7-AD9E-100F4AC517A8}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{C80DAE49-4BCE-4F42-9F03-2FC3891629F8}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{F28FE025-5A3A-4437-8A89-43B7AE21FD8A}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{89F3C56C-11E8-437E-B794-CF498201785B}] => (Allow) D:\Program Files\Steam\steamapps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{8C5B92FA-C45E-4A46-AE89-81C58C8E7B49}] => (Allow) D:\Program Files\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{6FF4FB17-8A66-4A05-82E4-93FA9DEB1507}] => (Allow) D:\Program Files\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
 
==================== Faulty Device Manager Devices =============
 
Name: TP-LINK Wireless N Adapter
Description: TP-LINK Wireless N Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2015 00:03:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/30/2015 08:42:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 08:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 08:11:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 03:50:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 03:47:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {31d364ac-4ed1-4e40-a1ab-9be96393906b}
 
Error: (06/30/2015 04:37:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (06/30/2015 02:24:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2015 01:12:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2015 01:11:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvVAD initialization failed [6]).
 
 
System errors:
=============
Error: (06/30/2015 09:02:03 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/30/2015 08:52:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/30/2015 08:52:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ronnie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/30/2015 08:52:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/30/2015 08:52:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ronnie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/30/2015 08:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/30/2015 08:52:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ronnie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/30/2015 08:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/30/2015 08:47:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Ronnie\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/30/2015 08:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 44%
Total physical RAM: 8104.58 MB
Available physical RAM: 4495.07 MB
Total Pagefile: 16207.35 MB
Available Pagefile: 12760.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:12.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:35.19 GB) NTFS
Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F741404)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 507B0452)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#53
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

That's no problem.

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   1.61KB   108 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Next...

 

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.
 

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 


  • 0

#54
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Here's the ESET log:

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=795e31073adb694a92a6175bd757014e
# end=init
# utc_time=2015-06-30 10:46:24
# local_time=2015-06-30 08:46:24 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 24569
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=795e31073adb694a92a6175bd757014e
# end=updated
# utc_time=2015-06-30 10:52:09
# local_time=2015-06-30 08:52:09 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=795e31073adb694a92a6175bd757014e
# engine=24569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-30 02:08:56
# local_time=2015-07-01 12:08:56 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 22287575 57858130 0 0
# scanned=523195
# found=58
# cleaned=0
# scan_time=11806
sh=100173517C8D637F7D13308058682E5A4C9726E4 ft=1 fh=080dbf64f9552871 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir"
sh=23342D8CD51CDBD7E549E72620D363143332AF73 ft=1 fh=91ff742f9e8da47d vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.DH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir"
sh=03D65784955EA50408BE7611B5815A5067FDADDD ft=1 fh=7d5c5d59c86038fb vn="a variant of Win32/ELEX.CY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=BBAB46443BE951C4962C93F2A4DF18FB067162E7 ft=1 fh=ba8f458244c69cb7 vn="a variant of Win32/ELEX.DK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\HPNotify.exe.vir"
sh=DADCF87604F46DE9426634679F61DF2CB4663C6B ft=1 fh=6e9292f71a66fb39 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\IeWatchDog.dll.vir"
sh=8A84725E8A71DAE63AA70B6AB666BBECFA2FD818 ft=1 fh=456fc5e26bae154a vn="a variant of Win32/ELEX.EE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"
sh=E51A128DB34C5808A3EBE7D012D1EB33CA9DC88C ft=1 fh=77345338fbda17ef vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=CCE160CF2BFABB16B508D3F8AD22C7F0104C06CB ft=1 fh=b95e57c0f1de8cc8 vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=BFFE4DFF234DFDC21456B3AEA5BDF33E0053B935 ft=1 fh=040e226366b948ca vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\ProgramData\spotflux\updates\dist\install.exe"
sh=BFFE4DFF234DFDC21456B3AEA5BDF33E0053B935 ft=1 fh=040e226366b948ca vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Users\All Users\spotflux\updates\dist\install.exe"
sh=1D3A8A1860733702FD8CB378B2B27F96E6A09CE2 ft=1 fh=94a6ca797cfac5ef vn="a variant of Win32/Adware.ConvertAd.RW application" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\ASPackage[1].exe"
sh=D594B97A2D3A1AAE10970BA1B9B4F41F81AFC180 ft=1 fh=30ebf0272a3b672d vn="a variant of MSIL/Adware.Imali.A application" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\OfferInstaller_dotnet4[1].exe"
sh=6846D36A6C9A3091620D55CF92F4DBFC24F999BD ft=1 fh=7da154cccc54467e vn="multiple threats" ac=I fn="C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPA2V8NW\OptimizerPro[1].exe"
sh=AF3E7DD44AB39187B6697D4B13817FD613F14435 ft=1 fh=75a79661f77920a3 vn="a variant of Win32/Adware.Agent.NOH application" ac=I fn="C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp\prsetup.exe"
sh=5A53D104163E5A8B6AF952A48C011F9857035BD1 ft=1 fh=b5d0c547551900ed vn="a variant of Win32/InstallMonstr.LS potentially unwanted application" ac=I fn="C:\Users\Ronnie\AppData\Local\Temp\is-SH64G.tmp\prsetup.exe"
sh=BAEED47B80492B69D1EBF679F2F693195B24ED52 ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\Users\Ronnie\AppData\Roaming\.spotflux\updates\spotflux-dist-windows.zip"
sh=EBC101585C79F314FC31B4A48954A0D46E3759B6 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1893304907-3252453193-3334039219-1000\$RNFZ7UI.zip"
sh=19E242F5E0EB1DECE301FEC87930CC8BE338EAF7 ft=1 fh=2c1e4ccffa9ee2cd vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1893304907-3252453193-3334039219-1000\$RWBF11U.exe"
sh=CE19E3DE85402833D1F58C1471B9CC050B3FAA15 ft=1 fh=e05505a5f9f99fb4 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\Setup.exe"
sh=618C1AE30F7EE5402C16F439A098E913CEF9DAE3 ft=1 fh=7391b968629a8c38 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\Crack\Photoshop.exe"
sh=5E0C2D4D38806A9750EDFBF8D8C7CC323F357211 ft=1 fh=28db977c7654bb08 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\redist\WindowsInstaller-KB893803-v2-x86.exe"
sh=A7B9868D3DBC0D542167E57C2CEC75A73F85299D ft=1 fh=85600eeda88131ee vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\redist\WindowsServer2003-KB898715-ia64-enu.exe"
sh=CACBE5BF54759553D2ACB5FC28DDC7CF651D3FEC ft=1 fh=ddbe4805f5ba1ff9 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\redist\WindowsServer2003-KB898715-x64-enu.exe"
sh=B76297F6A5AF10237C5445B9408A796D6CAF599D ft=1 fh=db6cd88fe2d42663 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\redist\WindowsServer2003-KB898715-x86-enu.exe"
sh=CACBE5BF54759553D2ACB5FC28DDC7CF651D3FEC ft=1 fh=ddbe4805f5ba1ff9 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop  CS3  Extended + Crack\redist\WindowsXP-KB898715-x64-enu.exe"
sh=2E4BCCADDAC9A83D0A4F05C970D4B729D9307BAA ft=1 fh=9f47ad34a6728ba4 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\Set-up.exe"
sh=394B30C91F70F2102B2C10D7F5577F7100233AF9 ft=1 fh=f2acd74177fd3287 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2005 Redist (x64)\vcredist_x64.EXE"
sh=9EA44C2A2F271A8EBE46A8C92DFC8B7A58E15082 ft=1 fh=fad45fb3e964ccfe vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2005 Redist (x86)\vcredist_x86.exe"
sh=C07F542F84BCEB545B676377A5CB7B23D44FEF76 ft=1 fh=7f9d427de0a3e130 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2008 Redist (x64)\vcredist_x64.exe"
sh=B9E9279BF49CBE5CF9C3EA21D16BF47A6E960778 ft=1 fh=2ff1bd5cd298e351 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2008 Redist (x86)\vcredist_x86.exe"
sh=BA412CEB3CBC4A078A6C56E527CC71BB242D179D ft=1 fh=be1e54777a12d1b5 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe"
sh=F688EFCD105D9CB3B89E54014245C1999BB86579 ft=1 fh=be1e54779e913b4d vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\Microsoft VC 2010 Redist (x86)\vcredist_x86.exe"
sh=3891B19FA09AE54042C1341ADFEAD5FD79633466 ft=1 fh=f025274c2a930188 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\AdobePatchInstaller.exe"
sh=A6D1BF73931721C51036EEA6A4D1E847A90B2CCC ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Download\Downloads\Reloaded.Steam.Emu.rar"
sh=AFD8A663F981624B9E04B3A0675932160A36CA10 ft=1 fh=305bdb1a718e9536 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack\ESET.PureFix.V2b.exe"
sh=88E4EC58C873FD8465FB532D57582C7E381FEFC7 ft=1 fh=e14cc7a6c84a2b5d vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\setup.exe"
sh=06AD59652302537E3E5DE0E919E95C2309D00952 ft=1 fh=b7a8728e9d5dfc91 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Enterprise.WW\ose.exe"
sh=8D1FFD01C2EBD8B2FE1BF70D8312254325E5F6B0 ft=1 fh=4365d973a29da9e7 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Office.en-us\DW20.EXE"
sh=0FCA5F86EF1075D2AF7969E591730D78CDDCBA3A ft=1 fh=c80d9f9a4d930702 vn="Win32/Tenga.gen virus" ac=I fn="D:\Download\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\Office.en-us\dwtrig20.exe"
sh=20B99F64A6C0BE408BFCFB581BD2C918CDCDB8D3 ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 10.zip"
sh=318EAEC9223BEB18F6AE9EC40D56B4E5ECC799E1 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.AF potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 11.zip"
sh=6D38EA7A1E039662F70FC0D3C88A8829296A7151 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 132.zip"
sh=7A33B4778AD06E80823B4FABD3C55BACD636CED0 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-02-03 000804\Backup Files 2014-02-03 000804\Backup files 5.zip"
sh=4A932988C09DBD733B84BE47EECA3AC04302052A ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 10.zip"
sh=22B41992ECA26EC4B954A3B9895DE95E5934AB81 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.AF potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 11.zip"
sh=2406F0ACA6A459A3E0B21577BE960AC35999E029 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2014-10-20 001158\Backup Files 2014-10-20 001158\Backup files 6.zip"
sh=1168EB05B7E0EEEE0FFA035DAB86DCD70B7E5E63 ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2015-03-22 190002\Backup Files 2015-03-22 190002\Backup files 46.zip"
sh=F1FE23DFC21A1005DD3DA0A29F1311ABE2D79238 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2015-03-22 190002\Backup Files 2015-03-22 190002\Backup files 6.zip"
sh=B0E699D1ADEB2200F5CB1FBDB4ECC420EC11C80F ft=0 fh=0000000000000000 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="D:\PHANTOM\Backup Set 2015-05-26 174832\Backup Files 2015-05-26 174832\Backup files 57.zip"
sh=1183A329019EDF4E35D35A8C3C5FA6915053BB21 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="D:\PHANTOM\Backup Set 2015-05-26 174832\Backup Files 2015-05-26 174832\Backup files 8.zip"
sh=3F9CEE69ED65A08EF0B6A853406F4766AF075682 ft=1 fh=d57c688e2475ab52 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="D:\Program Files\Age of Wonders III\Crack\steam_api.dll"
sh=7F27F601205F01D9BEF010BAF17EBCB11D1E8F8F ft=1 fh=e3ac9bc14cc413fc vn="Win32/Somoto.P potentially unwanted application" ac=I fn="D:\Program Files\Minecraft\MCPatcher.exe"
sh=DD01FC106EBE0F9ECC8BC00704B414B2049910EB ft=1 fh=dba242ebf0aab4e6 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Program Files\The Walking Dead\steam_api.dll"
sh=A0FF034D85029A381FE52D4C9FD65203313F446E ft=1 fh=f2bbb3c096633a58 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="D:\Program Files\uTorrent\uTorrent.exe.7965.tmp"
 
 
 
Will post the other two in next post.

  • 0

#55
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Heres Fixlog from FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by Ronnie at 2015-07-01 01:13:15 Run:2
Running from C:\Users\Ronnie\Desktop
Loaded Profiles: Ronnie (Available Profiles: Ronnie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {0c7b9cd5-e316-11e3-afb1-002522be6e61} - H:\Startme.exe
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {868a46db-1133-11e3-8a83-002522be6e61} - G:\Startme.exe
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\...\MountPoints2: {d446abe4-5f7d-11e2-8b85-002522be6e61} - F:\setup.exe
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2885900399-2701757196-3320320212-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {6AB0293A-1176-4552-89A9-5FFA3558EBFC} - System32\Tasks\Umusxnojla => C:\ProgramData\Umusxnojla\1.0.1.0\nojriomx.exe
C:\ProgramData\Umusxnojla
Task: {CBC3173C-81DB-41A4-9E25-F71ADC04BA50} - System32\Tasks\PaintTool SAI => C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp\prsetup.exe [2015-06-19] (SystemaxJP, Inc.                                            ) <==== ATTENTION
C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp
FirewallRules: [{2E7745B4-23D7-4C68-8E79-768F690A8348}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{BFD328B6-2388-44F6-8180-382334FFA96C}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\SweetIM
emptytemp:
end
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7b9cd5-e316-11e3-afb1-002522be6e61}" => key removed successfully
HKCR\CLSID\{0c7b9cd5-e316-11e3-afb1-002522be6e61} => key not found. 
"HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{868a46db-1133-11e3-8a83-002522be6e61}" => key removed successfully
HKCR\CLSID\{868a46db-1133-11e3-8a83-002522be6e61} => key not found. 
"HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d446abe4-5f7d-11e2-8b85-002522be6e61}" => key removed successfully
HKCR\CLSID\{d446abe4-5f7d-11e2-8b85-002522be6e61} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2885900399-2701757196-3320320212-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6AB0293A-1176-4552-89A9-5FFA3558EBFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AB0293A-1176-4552-89A9-5FFA3558EBFC}" => key removed successfully
C:\Windows\System32\Tasks\Umusxnojla => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Umusxnojla" => key removed successfully
"C:\ProgramData\Umusxnojla" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBC3173C-81DB-41A4-9E25-F71ADC04BA50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBC3173C-81DB-41A4-9E25-F71ADC04BA50}" => key removed successfully
C:\Windows\System32\Tasks\PaintTool SAI => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PaintTool SAI" => key removed successfully
C:\Users\Ronnie\AppData\Local\Temp\is-7O7E3.tmp => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E7745B4-23D7-4C68-8E79-768F690A8348} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFD328B6-2388-44F6-8180-382334FFA96C} => value removed successfully
"C:\Program Files (x86)\SweetIM" => File/Folder not found.
EmptyTemp: => 797.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 01:13:38 ====
 
And JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.3 (06.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ronnie on Wed 01/07/2015 at  1:17:05.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Ronnie\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Ronnie\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Ronnie\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Ronnie\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/07/2015 at  1:19:16.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements


#56
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Excellent.

 

How are things running now?


  • 0

#57
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I haven't really run any programs but everything seems normal except this new visual bug when I drag windows around, background starts flashing white.

Also, minimizing and maximizing windows seems to be slightly laggier.


Edited by magnia, 30 June 2015 - 09:44 AM.

  • 0

#58
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Well your PC appears pretty good malware wise now so I will leave with my parting speech and advice for that.

Your internet explorer is seriously out of date, so please pay particular attention to the update section, even if you don't really use IE.
Might be worth uninstalling the graphic card driver and reinstalling before going further but if that doesn't work then might be worth posting in the windows section for more help with that particular issue.

 
As a note, there appears to be quite a lot of cracked software on your PC that showed up on the ESET scan. We don't support usage of that nature here so would be advisable to clear that off as it is probably the cause of what brought you here in the first place.
 
Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    We need to uninstall a program
    Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
    Select the following programs from the list below, one at a time and click Uninstall.
    • ESET Online Scanner
    Delete the following Files and Folders (If Present):
    C:\Program Files (x86)\ESET
    Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



    Keep your machine updated

    Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


    To enable automatic updates:

    Windows 7
    To turn on Automatic Updates yourself, follow these steps:
    • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
    • In the left pane, click Change settings.
    • Select the option that you want.
    • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
    It is recommended to install an anti-malware to help prevent reinfection.
    Below are some free ones that can help keep you clean.

    Malwarebytes AntiMalware

    As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

    The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
    Consider purchasing the full version for active monitoring of threats.

    JAVA Advice
    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
    In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
    • For Firefox, install the NoScript add-on.
    • For Chrome, install the ScriptSafe add-on.
      -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
    • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
    If you still want to update your Java, follow the instructions below:

    A.
    Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
    • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
    • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
    • Click the "Download button under "JRE".
    • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
    • Under the Java SE Runtime Environment 8u25 heading:
      To install the version for your system:
      • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
    • Close any programs you may have running - especially your web browser.
    B.
    Uninstall all versions of Java
    • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
    • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
    • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
      The versions I see on the computer are:
      • Java 7 Update
      • Java 8 (64-bit)
      • Java SE Development Kit 8
    • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    C.
    Install the latest JAVA

    Back on your desktop:
    • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    [Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


    Update Adobe Flash Player

    NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
    • Please click here to go to the FlashPlayer Installation page.
    • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
      • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
    • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
    • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
    • Close the browser and all open windows.
    • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
    Cryptolocker Warning
    Go here for information about CryptoLocker Ransomeware.
    The main thing with this infection is ~ Backup.
    If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

    Recommended Programs
    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
    [url=https://www.foolishi.../cryptoprevent/

is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#59
magnia

magnia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks again for taking the time to help me, hopefully the computer's clean for now.

 

:D


  • 0

#60
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

No problem

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP