[SOLVED] Help a Clinical Paranoid Out

M

Memox

Member
Joined
Feb 13, 2019
Posts
21
Thanks for this amazing forum and for you great work; greetings from Italy. Hopefully you can reassure this tortured soul and his endless flow of thoughts. Let's start from the beginning...

First of all, something like 6 hours ago, i've downloaded something nasty off the internet and clicked on its executable without thinking about it (what was i thinking), then i saw some loading bars here and there on the desktop, hinting to the fact that more than one undesired programs were getting installed. I had the first confirmation of this when one of which actually opened itself instantly: it was "LetsSee YouTube Downloader". So, i downloaded both Malwarebytes and Emsisoft Antimalware (you can never be too sure, lol) and the first one detected 10 malwares and 1 Trojan. After the quarantine and prompt removal from my side, i checked for more remnants here and there on C: and removed every suspicious folder (this only after i got sure i could've deleted those, of course). And now, after plenty of scans and even the help of rkill (i know i should've used this one before the antimalware softwares, but i didn't know about it. It did however make me realize that the hosts file is full of suspicious websites names and different IPs, but i later found out that these are actually blocked from things like Spybot, and not really watching me or something scary like that... right?); But now i'm even more scared because this is the thing: nothing seems to have happened to my PC, performance seems to be ok, after i reboot the PC nothing seems off-place and rkill still doesn't detect anything if not the aforementioned host matter and finally, i've carefully watched a lot of folders to see if those were modified or anything like that. Nothing... Than my heart jumped once again when i found out that that doesn't necessarily mean i'm out of trouble, i mean, ransomwares could be dormant for days, weeks or even months before getting activated. Ironically, today was the first time ever that i had to do a backup on an external hard drive. Speak about choosin' a good day to get several malwares and other stuff like that, am i right? I'm scared that if i do said backup, i could compromise it by spreading ransomware "eggs"; that is, if this is what actually happened along with the Trojan and malwares attacks. Unfortunately, stuff like that is very hard to detect... That's where i appeal to you experts: what do i do now? Should i run FRST and give you more infos about this? (If yes, please guide me with this thing, i'm not that savvy), finally, what about restore points? Just before all of this i completely wiped them out and the shadow copies too, now i "only" have (luckily) two restore points: one just before the infamous download and one after it. One could say that to be 99% sure you would switch to the former, but i made so many progress with some things i have now (especially regarding disk space), that this would be a real chore. But that's not just it, some people says that restore points are pretty useless with ransomware attacks anyway. Please, i need to be reassured or this will be even more of a reason to trigger my insomnia!
 
Hi, Memox.

We can take a look at FRST logs if you wish or you can restore your computer to the restore point just prior to the download. Your choice. If you wish to proceed with FRST, please follow the Malware Removal Posting Instructions.
 
Thanks for receiving me, Corrine.

I want to go with the FRST method, so i've consulted the link you posted. This will take a few hours because as i said before i still have to do my very first, full backup; in order to earn some time, i won't create any system image (is that ok?), but of course thanks to my endless luck i am slowed down anyways, precisely because of a nasty internal error having something to do with the name code "0x80070057". I'm trying to deal with it, on the meantime please let me know if i should actually consider the system image thing too.
 
Hi, Memox.

1. Regarding the error code, you could see if System File Checker solves the problem.
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes). (Note the space before the back slash)
Code: 
sfc /scannow

2. Scanning with FRST will not interfere with creating a system backup. Rather, it will only produce logs for me to review. Since it can take some time to review/research logs, further instructions may not even be forthcoming tonight. Even if the backup isn't complete and instructions are provided, you can wait to continue until the backup finishes. Also note that part of the FRST process that I will provide includes creating a System Restore point.
 
Hello Corrine.

I've already tried that command, but the prompt said it was all ok... Luckily, i have fixed this issue anyway by simply changing the decimal system on the language settings from ',' (comma) to '.' (dot); now the PC is finally doing the backup, but i would rather prefer to not touch anything, especially because I wanted to reboot it after it finishes just to make sure the data i will later provide is "clean", if that makes any sense at all... Of course, after this I will make sure to contact you asap; Other than all that I wanted to ask a legitimate question before starting with the real deal: is CCleaner's register analyzer a problem with all this? Because I think I might've launched it, if not after the attack it definitely happened before that. Obviously, i won't use it anymore from now on, that is until this thread definitely closes.
 
Hi, Memox.

I do not recommend registry cleaners, system optimizers and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.
 
Thanks for letting me know, I didn't know all these details. I'll surely keep it in mind... By the way, yesterday I did a full backup and after something like 8-9 hours it finally finished. The problem with this is that if there are some remnants of malwares and the likes, they are supposedly there too. But that isn't important, if all of this goes well I can just format the hard drive and re-do a whole new backup. Lastly, i've now installed Bitdefender too, just to have a last, allegedly more accurate, scansion. It's taking quite some time and i seriously apologize for being so over-cautious and ultimately make you lose your precious time, but I just thought that maybe it would've been better to have a final confirmation not only by anti-malware softwares but from a good antivirus too. After this I will finally restart the computer and do the FRST thingy. Again, i'm very sorry for spending so much time to do all of this, but I want it to be as clear as possible before starting (I could've done this way earlier, before starting the thread and that's true. But at that time I panicked and I didn't think about it too much).

By the way, I now remembered that Emsisoft found something called "Windows Loader", earlier. I researched a little bit and it seems it's something regarding Windows activation, am I right? The thing is, I've never used it in my entire life... But then I started to suspect that if it wasn't me behind all this, than it could've only been the guys who sold me the machine. They do have a local, legitimate little shop here in my country which is still alive to this day, but I don't know... Their prices are often even lower than Amazon itself, so that made me think that they could've cut the overall costs with stuff like activators. Again, that's just the prime suspect I had, but conjectures nonetheless. And now I don't even know if I can delete the folder from which this Loader resides or if that would screw up my OS; hopefully these last remarks won't make my thread insta-close because that would sadden me deeply... I still think that mentioning this stuff is the right thing to do, though.

Sorry for all this blabbering, as I said, I will post the FRST logs ASAP.
 
Hi, Memox.

If you will note from the Malware Removal Posting Instructions, it is requested that you not run any additional tools. When you "finally" post the FRST logs, please also provide a copy of the Emsisoft and BitDefender logs.

Thank you.
 
The guide says " If you have run and fixed anything with any programs, please restart your computer before proceeding. ", so i thought i just needed to reboot the PC after the scan (by the way this is taking all this time simply because i had not one but two power outages while I was scanning so i had to restart all over again).
 
Yes, it does say that but that is meant as from the point prior to asking for assistance. So, hopefully, no more power outages and you'll be able to post the logs.

Thanks!
 
As i said, i panicked way too much when it happened so i started the thread without thinking nor reading carefully the important threads of this forum. That's despicable and I am very sorry for messing with your patience even further. That being said, I finally have the logs.

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by Memox (administrator) on PC (14-02-2019 22:22:05)
Running from C:\Users\Memox\Desktop
Loaded Profiles: Memox (Available Profiles: Memox)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Memox\Desktop\EnglishFRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.) [File not signed]
HKU\S-1-5-21-71544129-41464889-658937272-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-71544129-41464889-658937272-1000\...\MountPoints2: {03d885c2-21a6-11e6-b4dd-bc5ff451dd95} - F:\LGAutoRun.exe
HKU\S-1-5-21-71544129-41464889-658937272-1000\...\MountPoints2: {eb458063-f35e-11e5-b662-bc5ff451dd95} - E:\LGAutoRun.exe
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] ()
HKLM\...\Drivers32: [vidc.xtor] => C:\Windows\system32\DxtoryCodec.dll [2610736 2014-06-08] (ExKode Co. Ltd.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32-x32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
HKLM\...\Drivers32-x32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] ()
HKLM\...\Drivers32-x32: [vidc.xtor] => C:\Windows\SysWOW64\DxtoryCodec.dll [2508336 2014-06-08] (ExKode Co. Ltd.)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\Software\...\AppCompatFlags\Custom\MSIEXEC.EXE: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\Nexcel.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\olwin.exe: [{09beda8b-1275-4da3-a0ca-97cbda0c83af}.sdb] -> LucasArts Outlaws
HKLM\Software\...\AppCompatFlags\Custom\picture.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\xdict.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{09beda8b-1275-4da3-a0ca-97cbda0c83af}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{09beda8b-1275-4da3-a0ca-97cbda0c83af}.sdb [2019-01-02]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{deb7008b-681e-4a4a-8aae-cc833e8216ce}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb [2003-06-13]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1A3ABA95-2FCF-4E77-BFA2-4EF52E51D691}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE7F88B6-2298-4FE5-BF28-06F68102F6FA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EE7F88B6-2298-4FE5-BF28-06F68102F6FA}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-23] ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-23] ()
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-71544129-41464889-658937272-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Memox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.it/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default [2019-02-14]
CHR Extension: (Google Drive) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Video Downloader PLUS) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2019-01-19]
CHR Extension: (AdBlock) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-08]
CHR Extension: (Maldives 1080p) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblneeogoicgmlggkanjalojmglllfgg [2019-01-31]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Memox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14]
CHR Profile: C:\Users\Memox\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd -> Disc Soft Ltd)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-02-08] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-02-08] (Electronic Arts, Inc. -> Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [84480 2016-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Alcor Micro, Corp.)
R3 athur; C:\Windows\System32\DRIVERS\athurx.sys [3223040 2016-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-02] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-02] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-17] (Martin Malik - REALiX -> REALiX(tm))
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2016-01-17] (Intel CASE -> )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-07-18] (Intel Corporation -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
U0 aswVmm; no ImagePath
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-14 22:22 - 2019-02-14 22:22 - 000014021 _ C:\Users\Memox\Desktop\FRST.txt
2019-02-14 22:21 - 2019-02-14 22:21 - 000000000 ____D C:\Users\Memox\Desktop\FRST-OlderVersion
2019-02-14 22:08 - 2019-02-14 22:08 - 000004229 _ C:\ProgramData\uninstalltool.1550178480.bdinstall.bin
2019-02-14 17:37 - 2019-02-14 17:37 - 000076732 _ C:\ProgramData\agent.update.1550162221.bdinstall.v2.bin
2019-02-14 16:43 - 2019-01-21 01:58 - 001423680 _ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2019-02-14 16:42 - 2019-02-14 16:42 - 000000000 ____D C:\Users\Memox\AppData\Roaming\QuickScan
2019-02-14 16:41 - 2019-02-14 16:41 - 000415720 _ C:\Windows\system32\FNTCACHE.DAT
2019-02-14 16:30 - 2019-02-14 16:30 - 000111296 _ C:\Users\Memox\AppData\Local\GDIPFONTCACHEV1.DAT
2019-02-14 16:30 - 2019-02-14 16:30 - 000103640 _ C:\ProgramData\agent.1550158249.bdinstall.v2.bin
2019-02-14 16:21 - 2019-02-14 16:21 - 000000000 ____D C:\Users\Memox\AppData\Local\mbamtray
2019-02-14 16:21 - 2019-02-14 16:21 - 000000000 ____D C:\Users\Memox\AppData\Local\mbam
2019-02-14 16:15 - 2019-02-14 16:16 - 064309056 _ (Malwarebytes ) C:\Users\Memox\Downloads\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe
2019-02-14 16:14 - 2019-02-14 16:14 - 000006512 _ C:\Users\Memox\Documents\cc_20190214_161423.reg
2019-02-13 19:10 - 2019-01-27 16:23 - 000396888 _ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-02-13 19:10 - 2019-01-27 15:32 - 000348760 _ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-02-13 19:10 - 2019-01-26 02:02 - 025736192 _ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-02-13 19:10 - 2019-01-26 01:50 - 002724864 _ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-02-13 19:10 - 2019-01-26 01:50 - 000004096 _ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-02-13 19:10 - 2019-01-26 01:38 - 002902528 _ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-02-13 19:10 - 2019-01-26 01:37 - 000066560 _ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-02-13 19:10 - 2019-01-26 01:36 - 000576512 _ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-02-13 19:10 - 2019-01-26 01:36 - 000417280 _ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-02-13 19:10 - 2019-01-26 01:36 - 000048640 _ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-02-13 19:10 - 2019-01-26 01:35 - 000088064 _ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-02-13 19:10 - 2019-01-26 01:32 - 005778944 _ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-02-13 19:10 - 2019-01-26 01:29 - 000054784 _ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-02-13 19:10 - 2019-01-26 01:28 - 000034304 _ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-02-13 19:10 - 2019-01-26 01:27 - 020279808 _ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-02-13 19:10 - 2019-01-26 01:25 - 000615936 _ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-02-13 19:10 - 2019-01-26 01:24 - 000814080 _ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-02-13 19:10 - 2019-01-26 01:24 - 000790016 _ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-02-13 19:10 - 2019-01-26 01:24 - 000144384 _ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-02-13 19:10 - 2019-01-26 01:24 - 000116224 _ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-02-13 19:10 - 2019-01-26 01:18 - 002724864 _ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-02-13 19:10 - 2019-01-26 01:17 - 000969216 _ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-02-13 19:10 - 2019-01-26 01:14 - 000489984 _ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-02-13 19:10 - 2019-01-26 01:07 - 000087552 _ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-02-13 19:10 - 2019-01-26 01:07 - 000077824 _ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-02-13 19:10 - 2019-01-26 01:06 - 000498176 _ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-02-13 19:10 - 2019-01-26 01:06 - 000107520 _ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-02-13 19:10 - 2019-01-26 01:06 - 000062464 _ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-02-13 19:10 - 2019-01-26 01:06 - 000047616 _ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-02-13 19:10 - 2019-01-26 01:05 - 000341504 _ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-02-13 19:10 - 2019-01-26 01:05 - 000064000 _ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-02-13 19:10 - 2019-01-26 01:03 - 002295808 _ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-02-13 19:10 - 2019-01-26 01:03 - 000199680 _ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-02-13 19:10 - 2019-01-26 01:03 - 000092160 _ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-02-13 19:10 - 2019-01-26 01:01 - 000315392 _ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-02-13 19:10 - 2019-01-26 01:00 - 000047104 _ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-02-13 19:10 - 2019-01-26 00:59 - 000152064 _ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-02-13 19:10 - 2019-01-26 00:59 - 000030720 _ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-02-13 19:10 - 2019-01-26 00:58 - 000476160 _ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-02-13 19:10 - 2019-01-26 00:57 - 000663040 _ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-02-13 19:10 - 2019-01-26 00:56 - 000620032 _ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-02-13 19:10 - 2019-01-26 00:56 - 000115712 _ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-02-13 19:10 - 2019-01-26 00:50 - 000262144 _ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-02-13 19:10 - 2019-01-26 00:48 - 000809472 _ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-02-13 19:10 - 2019-01-26 00:48 - 000728064 _ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-02-13 19:10 - 2019-01-26 00:48 - 000416256 _ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-02-13 19:10 - 2019-01-26 00:46 - 015283712 _ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-02-13 19:10 - 2019-01-26 00:46 - 002135552 _ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-02-13 19:10 - 2019-01-26 00:46 - 001359360 _ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-02-13 19:10 - 2019-01-26 00:44 - 000060416 _ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-02-13 19:10 - 2019-01-26 00:43 - 000091136 _ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-02-13 19:10 - 2019-01-26 00:43 - 000073216 _ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-02-13 19:10 - 2019-01-26 00:40 - 000168960 _ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-02-13 19:10 - 2019-01-26 00:40 - 000076288 _ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-02-13 19:10 - 2019-01-26 00:39 - 000279040 _ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-02-13 19:10 - 2019-01-26 00:37 - 000130048 _ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-02-13 19:10 - 2019-01-26 00:34 - 004858880 _ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-02-13 19:10 - 2019-01-26 00:34 - 004494336 _ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-02-13 19:10 - 2019-01-26 00:32 - 000230400 _ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-02-13 19:10 - 2019-01-26 00:31 - 000696320 _ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-02-13 19:10 - 2019-01-26 00:30 - 002060288 _ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-02-13 19:10 - 2019-01-26 00:29 - 013680640 _ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-02-13 19:10 - 2019-01-26 00:29 - 001155072 _ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-02-13 19:10 - 2019-01-26 00:22 - 001556480 _ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-02-13 19:10 - 2019-01-26 00:12 - 000800768 _ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-02-13 19:10 - 2019-01-26 00:11 - 004386304 _ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-02-13 19:10 - 2019-01-26 00:08 - 001331200 _ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-02-13 19:10 - 2019-01-26 00:06 - 000710144 _ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-02-13 19:10 - 2019-01-15 08:06 - 000154856 _ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-02-13 19:10 - 2019-01-15 08:06 - 000095464 _ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-02-13 19:10 - 2019-01-15 08:03 - 001472512 _ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 001211904 _ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000731648 _ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000345600 _ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000316928 _ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000312320 _ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000210432 _ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000190464 _ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000146432 _ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000135680 _ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000094208 _ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000060416 _ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000028672 _ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-02-13 19:10 - 2019-01-15 08:03 - 000028160 _ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-02-13 19:10 - 2019-01-15 08:02 - 000690688 _ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-02-13 19:10 - 2019-01-15 08:02 - 000463872 _ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-02-13 19:10 - 2019-01-15 08:02 - 000123904 _ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-02-13 19:10 - 2019-01-15 08:02 - 000043520 _ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-02-13 19:10 - 2019-01-15 08:02 - 000022016 _ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000666112 _ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000554496 _ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000261120 _ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000254464 _ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000223232 _ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000172032 _ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000146432 _ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000141312 _ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000096768 _ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000082944 _ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000070144 _ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000060416 _ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000022016 _ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-02-13 19:10 - 2019-01-15 07:52 - 000017408 _ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-02-13 19:10 - 2019-01-15 07:51 - 000690688 _ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-02-13 19:10 - 2019-01-15 07:51 - 000342528 _ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-02-13 19:10 - 2019-01-15 07:38 - 000064512 _ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-02-13 19:10 - 2019-01-15 07:33 - 000050688 _ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-02-13 19:10 - 2019-01-15 07:32 - 000291328 _ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-02-13 19:10 - 2019-01-15 07:32 - 000161280 _ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-02-13 19:10 - 2019-01-15 07:32 - 000129536 _ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-02-13 19:10 - 2019-01-15 07:31 - 000030720 _ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-02-13 19:10 - 2019-01-15 07:29 - 000036352 _ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-02-13 19:10 - 2019-01-12 04:08 - 000058880 _ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-02-13 19:10 - 2019-01-12 04:08 - 000008192 _ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-02-13 19:10 - 2019-01-12 03:55 - 000044032 _ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-02-13 19:10 - 2019-01-12 03:55 - 000004608 _ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-02-13 19:10 - 2019-01-12 03:36 - 001311744 _ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-02-13 19:10 - 2019-01-12 03:36 - 000352768 _ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-02-13 19:10 - 2019-01-12 03:36 - 000313344 _ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-02-13 19:10 - 2019-01-09 04:10 - 000631680 _ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-02-13 19:10 - 2019-01-09 04:09 - 005552360 _ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-02-13 19:10 - 2019-01-09 04:09 - 000708328 _ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-02-13 19:10 - 2019-01-09 04:09 - 000262376 _ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-02-13 19:10 - 2019-01-09 04:08 - 001664352 _ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000503808 _ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000361984 _ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000243712 _ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000236032 _ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000215552 _ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000063488 _ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000050176 _ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000016384 _ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000013312 _ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-02-13 19:10 - 2019-01-09 04:07 - 000013312 _ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 001162752 _ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000880640 _ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000419840 _ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000059904 _ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000044032 _ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000034816 _ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000007168 _ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:58 - 004055784 _ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-02-13 19:10 - 2019-01-09 03:58 - 003960552 _ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-02-13 19:10 - 2019-01-09 03:57 - 001314112 _ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 001114112 _ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000644096 _ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000275968 _ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000050688 _ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000043008 _ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000007168 _ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000005120 _ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:45 - 000076800 _ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2019-02-13 19:10 - 2019-01-09 03:45 - 000033408 _ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-02-13 19:10 - 2019-01-09 03:45 - 000030208 _ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2019-02-13 19:10 - 2019-01-09 03:41 - 000148480 _ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-02-13 19:10 - 2019-01-09 03:41 - 000062464 _ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-02-13 19:10 - 2019-01-09 03:41 - 000017920 _ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-02-13 19:10 - 2019-01-09 03:38 - 000338432 _ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-02-13 19:10 - 2019-01-09 03:38 - 000296960 _ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-02-13 19:10 - 2019-01-09 03:38 - 000129536 _ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-02-13 19:10 - 2019-01-09 03:37 - 000009728 _ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-02-13 19:10 - 2019-01-09 03:35 - 000464384 _ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-02-13 19:10 - 2019-01-09 03:35 - 000406016 _ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-02-13 19:10 - 2019-01-09 03:35 - 000169984 _ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-02-13 19:10 - 2019-01-09 03:34 - 000112640 _ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-02-13 19:10 - 2019-01-09 03:34 - 000064512 _ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-02-13 19:10 - 2019-01-09 03:34 - 000062464 _ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-02-13 19:10 - 2019-01-09 03:34 - 000060928 _ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-02-13 19:10 - 2019-01-09 03:34 - 000060928 _ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-02-13 19:10 - 2019-01-09 03:34 - 000025600 _ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-02-13 19:10 - 2019-01-09 03:34 - 000014336 _ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-02-13 19:10 - 2019-01-09 03:34 - 000007680 _ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-02-13 19:10 - 2019-01-09 03:34 - 000002048 _ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-02-13 19:10 - 2019-01-09 03:33 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:33 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-02-13 19:10 - 2019-01-09 03:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-02-13 19:10 - 2019-01-07 18:19 - 003228160 _ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-02-13 19:10 - 2019-01-01 17:08 - 000114408 _ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-02-13 19:10 - 2019-01-01 17:05 - 003247104 _ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-02-13 19:10 - 2019-01-01 17:05 - 000504320 _ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-02-13 19:10 - 2019-01-01 17:05 - 000025088 _ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-02-13 19:10 - 2019-01-01 17:04 - 001942016 _ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-02-13 19:10 - 2019-01-01 17:04 - 000070144 _ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-02-13 19:10 - 2019-01-01 16:58 - 002368000 _ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-02-13 19:10 - 2019-01-01 16:58 - 000337408 _ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-02-13 19:10 - 2019-01-01 16:58 - 000025088 _ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-02-13 19:10 - 2019-01-01 16:57 - 001806848 _ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-02-13 19:10 - 2019-01-01 16:39 - 000128512 _ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-02-13 19:10 - 2019-01-01 16:39 - 000073216 _ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-02-13 07:15 - 2019-02-14 22:22 - 000000000 ____D C:\FRST
2019-02-13 07:10 - 2019-02-14 22:21 - 002433536 _ (Farbar) C:\Users\Memox\Desktop\EnglishFRST64.exe
2019-02-13 01:50 - 2018-12-28 20:59 - 002072576 _ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-02-13 01:50 - 2018-12-28 20:59 - 000876032 _ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-02-13 01:50 - 2018-12-28 20:59 - 000516608 _ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-02-13 01:50 - 2018-12-28 20:59 - 000026112 _ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-02-13 01:50 - 2018-12-28 20:59 - 000008704 _ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-02-13 01:50 - 2018-12-28 20:48 - 001425920 _ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-02-13 01:50 - 2018-12-28 20:48 - 000582144 _ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-02-13 01:50 - 2018-12-28 20:48 - 000026112 _ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-02-13 01:50 - 2018-12-28 20:32 - 000007168 _ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-02-13 01:50 - 2018-12-04 17:07 - 000194048 _ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2019-02-13 01:50 - 2018-12-04 17:07 - 000170496 _ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-02-13 01:50 - 2018-12-04 16:55 - 000158720 _ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2019-02-13 01:50 - 2018-12-04 16:55 - 000142848 _ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-02-13 01:50 - 2018-12-02 17:06 - 000687616 _ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000998480 _ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000918408 _ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000066000 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000063936 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000021968 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000020944 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000019408 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000018880 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000017872 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000017856 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000017360 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000017352 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000016336 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000015824 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000015808 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000015296 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000014312 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000014272 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000013768 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000013760 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000013760 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000013264 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012752 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012736 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012264 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012240 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012240 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012240 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012232 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012224 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012224 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000012024 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011752 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011728 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011728 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011712 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011512 _ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011216 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011216 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011216 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-02-13 01:50 - 2018-10-12 14:05 - 000011200 _ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-02-11 08:24 - 2019-02-13 06:31 - 000015228 _ C:\Users\Memox\Documents\cc_20190211_082401.reg
2019-02-10 04:51 - 2019-02-10 04:51 - 000001517 _ C:\Users\Memox\Desktop\DiskInfo.lnk
2019-02-10 01:50 - 2019-02-10 01:52 - 000000564 _ C:\Users\Memox\Documents\wormtags.txt
2019-02-09 01:28 - 2019-02-09 01:28 - 000715038 _ C:\Windows\unins000.exe
2019-02-09 01:28 - 2019-02-09 01:28 - 000001984 _ C:\Windows\unins000.dat
2019-02-09 01:28 - 2011-12-07 19:37 - 000148992 _ ( ) C:\Windows\system32\lagarith.dll
2019-02-09 01:28 - 2011-12-07 19:32 - 000216064 _ ( ) C:\Windows\SysWOW64\lagarith.dll
2019-02-09 01:11 - 2019-02-09 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2019-02-09 01:11 - 2019-02-09 01:11 - 000000000 ____D C:\Program Files (x86)\ExKode
2019-02-09 01:11 - 2014-06-08 22:14 - 002610736 _ (ExKode Co. Ltd.) C:\Windows\system32\DxtoryCodec.dll
2019-02-09 01:11 - 2014-06-08 22:14 - 002508336 _ (ExKode Co. Ltd.) C:\Windows\SysWOW64\DxtoryCodec.dll
2019-02-08 19:58 - 2019-02-08 19:58 - 000000000 ____D C:\Users\Memox\AppData\Roaming\Publish Providers
2019-02-08 19:04 - 2019-02-08 19:04 - 000000000 ____D C:\Users\Memox\AppData\Roaming\Hardcore
2019-02-08 18:11 - 2019-02-08 18:11 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2019-02-08 17:23 - 2019-02-08 17:23 - 000003310 _ C:\Windows\System32\Tasks\CrystalDiskInfo
2019-02-08 17:21 - 2019-02-08 17:21 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2019-02-08 16:59 - 2019-02-08 16:59 - 000000000 ____D C:\Users\Memox\.QtWebEngineProcess
2019-02-08 02:00 - 2019-02-08 02:19 - 3632272694 _ C:\Users\Memox\Desktop\bytor 1 (rastaworms) unedited.avi
2019-02-08 01:09 - 2019-02-08 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2019-02-08 01:09 - 2019-02-08 01:09 - 000000000 ____D C:\Program Files (x86)\Xvid
2019-02-08 01:09 - 2017-12-08 11:01 - 000713216 _ C:\Windows\system32\xvidcore.dll
2019-02-08 01:09 - 2017-12-08 11:01 - 000251392 _ C:\Windows\system32\xvidvfw.dll
2019-02-08 01:09 - 2017-12-08 11:01 - 000172032 _ C:\Windows\system32\xvid.ax
2019-02-08 01:09 - 2017-12-08 11:00 - 000148480 _ C:\Windows\SysWOW64\xvid.ax
2019-02-08 01:09 - 2017-12-08 10:59 - 000638976 _ C:\Windows\SysWOW64\xvidcore.dll
2019-02-08 01:09 - 2017-12-08 10:59 - 000235520 _ C:\Windows\SysWOW64\xvidvfw.dll
2019-02-07 23:54 - 2019-02-07 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
2019-02-07 23:54 - 2019-02-07 23:54 - 000000000 ____D C:\Program Files (x86)\x264vfw
2019-01-31 05:51 - 2019-02-07 04:08 - 000004590 _ C:\Users\Memox\Documents\prodotto.txt
2019-01-31 05:47 - 2018-12-06 00:47 - 000455217 _ C:\Windows\system32\Drivers\etc\hosts.20190131-054747.backup
2019-01-21 22:46 - 2019-01-21 22:46 - 000001530 _ C:\Users\Memox\Documents\medievilcopy.txt
2019-01-20 06:16 - 2019-01-20 06:16 - 000000000 ____D C:\ProgramData\Apple Computer
2019-01-20 06:16 - 2019-01-20 06:16 - 000000000 ____D C:\Program Files (x86)\QuickTime
2019-01-20 06:11 - 2019-01-20 06:11 - 000000000 ____D C:\Users\Memox\AppData\LocalLow\Apple Computer
2019-01-20 05:44 - 2019-01-20 05:44 - 000064272 _ C:\Users\Memox\Desktop\postal.veg
2019-01-20 05:34 - 2019-01-20 05:44 - 000028592 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-27-22-239.avi.sfk
2019-01-20 05:34 - 2019-01-20 05:44 - 000010720 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-25-30-317.avi.sfk
2019-01-20 05:34 - 2019-01-20 05:44 - 000009856 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-27-53-017.avi.sfk
2019-01-20 05:27 - 2019-01-20 05:28 - 265129190 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-27-53-017.avi
2019-01-20 05:27 - 2019-01-20 05:27 - 908226988 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-27-22-239.avi
2019-01-20 05:25 - 2019-01-20 05:25 - 361646848 _ C:\Users\Memox\Desktop\ParadiseLost 2019-01-20 05-25-30-317.avi
2019-01-19 02:02 - 2019-01-19 02:02 - 000000678 _ C:\Users\Memox\Documents\mjr copypasta.txt
2019-01-17 01:28 - 2019-02-07 04:11 - 000000000 ____D C:\Users\Memox\Downloads\Miami Vice [x5] (Complete) TV

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-14 22:16 - 2016-01-16 16:55 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-14 22:15 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-14 22:15 - 2009-07-14 05:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-14 22:15 - 2009-07-14 05:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-14 22:08 - 2016-01-17 14:26 - 000000978 _ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-02-14 17:43 - 2018-11-12 21:41 - 000000000 ____D C:\Users\Memox\Downloads\Network (1976)
2019-02-14 16:33 - 2017-12-27 17:23 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-02-14 16:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-14 14:40 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-02-13 21:50 - 2017-10-06 18:26 - 000000000 ____D C:\Users\Memox\Documents\Estratti di pigmenti separati e distinti della psiche
2019-02-13 21:49 - 2011-04-12 11:49 - 000741062 _ C:\Windows\system32\perfh010.dat
2019-02-13 21:49 - 2011-04-12 11:49 - 000147116 _ C:\Windows\system32\perfc010.dat
2019-02-13 21:49 - 2009-07-14 06:13 - 001659852 _ C:\Windows\system32\PerfStringBackup.INI
2019-02-13 19:51 - 2016-09-14 00:27 - 000007612 _ C:\Users\Memox\AppData\Local\Resmon.ResmonCfg
2019-02-13 19:20 - 2015-02-10 07:05 - 001633738 _ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-02-13 19:17 - 2015-02-10 05:45 - 000000000 ____D C:\Windows\system32\MRT
2019-02-13 19:16 - 2018-12-05 20:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-02-13 19:14 - 2015-02-10 05:45 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-13 11:24 - 2016-01-16 16:33 - 000000000 ____D C:\Users\Memox
2019-02-12 21:20 - 2017-07-26 22:19 - 000000000 ___RD C:\Users\Memox\Desktop\WIP
2019-02-12 21:16 - 2016-06-27 18:59 - 000000000 ___RD C:\Users\Memox\Desktop\Giochi
2019-02-12 20:27 - 2018-01-19 21:05 - 000000000 ____D C:\Users\Memox\Downloads\Mind Field
2019-02-12 20:22 - 2018-06-29 15:20 - 000000000 ____D C:\Users\Memox\AppData\Local\Discord
2019-02-12 20:17 - 2018-07-04 16:49 - 000000000 ____D C:\GOG Games
2019-02-12 20:17 - 2016-04-06 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2019-02-12 20:15 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-02-12 20:10 - 2016-05-13 19:02 - 000000000 ____D C:\Users\Memox\AppData\Roaming\vlc
2019-02-12 06:16 - 2016-01-16 18:02 - 000000000 ____D C:\Users\Memox\Documents\My Games
2019-02-11 20:27 - 2016-05-06 18:09 - 000000000 ____D C:\Users\Memox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-02-09 01:11 - 2016-01-16 18:22 - 000000000 ____D C:\Users\Memox\AppData\Local\Dxtory Software
2019-02-08 19:24 - 2017-10-25 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2019-02-08 19:24 - 2017-10-24 23:55 - 000000000 ____D C:\Users\Memox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2019-02-08 19:24 - 2017-10-24 23:52 - 000000000 ____D C:\Program Files (x86)\Image-Line
2019-02-08 17:57 - 2017-12-27 17:11 - 000000000 ____D C:\ProgramData\Origin
2019-02-08 17:39 - 2017-12-27 17:22 - 000000000 ____D C:\Users\Memox\AppData\Roaming\Origin
2019-02-08 17:30 - 2017-12-27 17:22 - 000000000 ____D C:\Program Files (x86)\Origin
2019-01-31 03:15 - 2018-08-27 16:54 - 000002146 _ C:\Users\Memox\Documents\pool.txt
2019-01-20 06:16 - 2017-10-27 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== Files in the root of some directories =======

2017-03-29 21:53 - 2019-01-03 23:10 - 000065599 _ () C:\Users\Memox\AppData\Roaming\Camdata.ini
2017-03-29 21:53 - 2019-01-03 23:10 - 000000408 _ () C:\Users\Memox\AppData\Roaming\CamLayout.ini
2017-03-29 21:53 - 2019-01-03 23:10 - 000000408 _ () C:\Users\Memox\AppData\Roaming\CamShapes.ini
2017-03-29 21:49 - 2019-01-03 23:10 - 000004554 _ () C:\Users\Memox\AppData\Roaming\CamStudio.cfg
2019-01-03 23:07 - 2019-01-03 23:07 - 000000098 _ () C:\Users\Memox\AppData\Roaming\CamStudio.Producer.command
2019-01-03 23:11 - 2019-01-03 23:11 - 000000000 _ () C:\Users\Memox\AppData\Roaming\CamStudio.Producer.Data.ini
2019-01-03 23:11 - 2019-01-03 23:11 - 000001206 _ () C:\Users\Memox\AppData\Roaming\CamStudio.Producer.ini
2017-03-29 21:49 - 2019-01-03 23:02 - 000000096 _ () C:\Users\Memox\AppData\Roaming\version2.xml
2018-12-30 04:25 - 2018-12-30 04:56 - 000001456 _ () C:\Users\Memox\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-01-01 19:34 - 2019-01-01 19:34 - 000000000 _ () C:\Users\Memox\AppData\Local\oobelibMkey.log
2018-12-29 05:28 - 2018-12-29 05:28 - 000000912 _ () C:\Users\Memox\AppData\Local\recently-used.xbel
2016-09-14 00:27 - 2019-02-13 19:51 - 000007612 _ () C:\Users\Memox\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-14 14:32

==================== End of FRST.txt ============================

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Memox (14-02-2019 22:23:15)
Running from C:\Users\Memox\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-01-16 15:33:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-71544129-41464889-658937272-500 - Administrator - Disabled)
Guest (S-1-5-21-71544129-41464889-658937272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-71544129-41464889-658937272-1002 - Limited - Enabled)
Memox (S-1-5-21-71544129-41464889-658937272-1000 - Administrator - Enabled) => C:\Users\Memox

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Citra (HKU\S-1-5-21-71544129-41464889-658937272-1000\...\{407f57b0-c0c9-4d02-8a38-d49516063bed}) (Version: 1.0.0 - Citra Team)
Citra (HKU\S-1-5-21-71544129-41464889-658937272-1000\...\{cf070294-a366-4b24-a155-7d9d7848de80}) (Version: 1.0.0 - Citra Team)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
Escape from Monkey Islandâ„¢ (HKLM-x32\...\1885026907_is1) (Version: 1.1 - GOG.com)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hardcore (HKLM-x32\...\Hardcore) (Version: - Image-Line bvba)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LucasArts Outlaws (HKLM\...\{09beda8b-1275-4da3-a0ca-97cbda0c83af}.sdb) (Version: - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d61ab584-9b0a-404e-8a23-76032e6744c0}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-212ccff3-5565-4bb0-952f-09e95428c6a8) (Version: - Epic Games, Inc.)
Nitroplus Blasterz Heroines Infinite Duel (HKLM-x32\...\Nitroplus Blasterz Heroines Infinite Duel_is1) (Version: - )
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Redneck Rampage Collection (HKLM-x32\...\Redneck Rampage Collection_is1) (Version: - GOG.com)
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Sporeâ„¢ (HKLM-x32\...\{4BDCC41C-FFE7-40a4-BCB6-B558916868F7}) (Version: 1.7.0.0 - Electronic Arts)
Sporeâ„¢ Avventure galattiche (HKLM-x32\...\{BA95B36B-9E45-4f28-9E56-32D8B7DDD952}) (Version: 1.3.0.0 - Electronic Arts)
Supporto applicazioni Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
The Ur-Quan Masters 0.7.0 (HKLM-x32\...\The Ur-Quan Masters) (Version: 0.7.0 - )
TP-LINK TL-WN721N_WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-71544129-41464889-658937272-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Utility di configurazione Wireless TP-LINK (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2016-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-01-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-01-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14645412-8828-4C6E-B507-9F6AF0D9EFB0} - System32\Tasks\{9034A58C-2240-4442-81FB-7895081BE782} => C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
Task: {3D96EECA-D8F1-40A4-978D-61A095B02DE8} - System32\Tasks\{0CD73829-DD95-4AB8-9C01-8AFD5B3039E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\language_setup.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition"
Task: {460DF862-EAC5-426F-A3CD-90E0EA67F588} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {53D21447-66EF-4528-AB0D-8BFFF83E023B} - System32\Tasks\AdobeGCInvoker-1.0-PC-Memox => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {63855EC6-E28F-478C-B312-64685638E94C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {67E97C4D-EB50-4392-9DCB-2149F810A781} - System32\Tasks\{F87D0863-ACD4-45E8-8A8C-750516F34A3D} => C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
Task: {7BF9C756-A1C7-404F-A8C9-01206D17895D} - System32\Tasks\{3D082E28-6368-4320-ABF1-4D9168589BD3} => C:\Windows\system32\pcalua.exe -a C:\Windows\ipuninst.exe -c -fC:\Program Files\Interplay\Fallout\uninst.log
Task: {7D2527F2-8B47-4A00-B5F8-7FD7BC156FF7} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32.exe (Noriyuki Miyazaki -> Crystal Dew World)
Task: {8176EF44-7965-4F75-9375-2E4025BBB15B} - System32\Tasks\{9352298C-6186-4FA8-AB5D-337062D5B211} => C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
Task: {8B5DF243-D08F-4547-BD81-908917DD1EF9} - System32\Tasks\{099CBA9E-370B-485F-A20C-EF4635C25700} => C:\Windows\system32\pcalua.exe -a D:\R3setup.exe -d D:\
Task: {97805D14-1FA1-4262-AC2E-E2DCE63C05D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {99156A56-3400-4A13-BD6B-48CD12FA9D1E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {A3DD5F41-86B6-4699-9B4D-BAE105C987A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B48C1ACB-0C53-4899-89C5-03BE73D949BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {BFB70940-1B5F-4843-BEBC-D65C1886C95E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {EEF493C2-9447-426D-A024-3E33E56194A0} - System32\Tasks\Driver Booster SkipUAC (Memox) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {FFDB0A6D-BFCE-4D86-91E0-BF194E8D40A8} - System32\Tasks\{184FE18E-B84F-4760-ACA9-CE6261E3412F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYouTubeToMP3Converter

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\Memox\Desktop\Giochi\Games\Scarface.lnk -> C:\Program Files (x86)\Radical Games\Scarface\Scarface.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-08-29 23:17 - 2018-12-06 00:47 - 001066784 _ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-29 23:17 - 2018-11-20 01:56 - 102804768 _ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-29 23:17 - 2018-11-20 01:56 - 004866336 _ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-29 23:17 - 2018-11-20 01:56 - 000116000 _ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-12-14 03:32 - 2018-12-12 06:11 - 005237216 _ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-14 03:32 - 2018-12-12 06:11 - 000117216 _ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-07-19 17:34 - 2018-12-06 00:47 - 000885536 _ () C:\Program Files (x86)\Steam\SDL2.dll
2018-07-19 17:32 - 2016-09-01 02:02 - 004969248 _ () C:\Program Files (x86)\Steam\v8.dll
2018-07-19 17:32 - 2016-09-01 02:02 - 001563936 _ () C:\Program Files (x86)\Steam\icui18n.dll
2018-07-19 17:32 - 2016-09-01 02:02 - 001195296 _ () C:\Program Files (x86)\Steam\icuuc.dll
2018-07-19 17:34 - 2019-02-02 18:33 - 002667296 _ () C:\Program Files (x86)\Steam\video.dll
2018-07-19 17:32 - 2018-11-05 19:53 - 005137696 _ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-07-19 17:32 - 2018-11-05 19:53 - 000847136 _ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-07-19 17:32 - 2018-11-05 19:53 - 000810784 _ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-07-19 17:32 - 2018-11-05 19:53 - 000351520 _ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-07-19 17:32 - 2018-11-05 19:53 - 000783648 _ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-07-19 17:34 - 2019-02-02 18:33 - 001031456 _ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-07-19 17:32 - 2016-07-04 23:17 - 000266560 _ () C:\Program Files (x86)\Steam\openvr_api.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.

IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-71544129-41464889-658937272-1000\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-71544129-41464889-658937272-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Memox\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Utility di configurazione Wireless TP-LINK.lnk => C:\Windows\pss\Utility di configurazione Wireless TP-LINK.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2DF4A74E-E314-4E4B-9D8A-F418A95E3CA0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{15D0777E-C7A6-450A-B1DF-A87E56B5092A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FF56A8EF-A7F7-4C7E-BA0F-E051BACFD846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe (Easygamestation, Carpe Fulgur LLC)
FirewallRules: [{ECD576B8-B8FF-44E7-AADA-6511B320B6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\recettear.exe (Easygamestation, Carpe Fulgur LLC)
FirewallRules: [{0954C770-68DA-4359-9B93-2E0E7DD13272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe ()
FirewallRules: [{77C12300-F9CA-40F2-A043-5267CA79226E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Recettear\custom.exe ()
FirewallRules: [{EAA0F25C-4F4A-4469-9D88-F1B8BE1410B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic)
FirewallRules: [{0A42BDB1-A609-4BA7-9787-B191AE2F9A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic)
FirewallRules: [{331C8D19-EBDA-4190-802F-67A11C2E4EC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe ()
FirewallRules: [{014AF01C-68F9-42A4-BF19-B95270E8DC9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe ()
FirewallRules: [{8A6E27DC-76B8-476C-971C-67D57638E4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe (DOSBox Team)
FirewallRules: [{DC2C9198-B701-473C-A328-801680935A7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe (DOSBox Team)
FirewallRules: [{761EDCF8-2C6D-459C-B192-05BAAEA11C44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe ()
FirewallRules: [{745FE208-0F62-4777-B547-AA8A5C7781AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe ()
FirewallRules: [{C30D972D-FA03-48AA-8699-0B8F7D5C0555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Hopoo Games, LLC )
FirewallRules: [{AB861EB5-F7BC-404B-82C2-951ADE6CFFB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Hopoo Games, LLC )
FirewallRules: [{AA1F8148-6D65-4C26-93C8-03C51AD3374A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe ()
FirewallRules: [{ECF0B867-A6B7-4E7B-94A5-392F93E3E62D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OrganTrailDC\OrganTrail.exe ()
FirewallRules: [{55F49D01-5BDE-40F8-BBD3-76DDDBAB5073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe ()
FirewallRules: [{FF683D61-BBE3-49FD-8D16-43F15DF9B479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe ()
FirewallRules: [{9C0B9014-67EE-4748-ABCC-DF81C36ADC53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe ()
FirewallRules: [{EF9FD291-108E-4180-818A-87C870CA47D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe ()
FirewallRules: [{87FDBC3E-0E54-4087-A8EC-052E79F5BC2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wickland\Binaries\Win32\Wickland.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Epic Games, Inc.)
FirewallRules: [{963A0CBC-17EE-423D-BB54-61356E0072FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wickland\Binaries\Win32\Wickland.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Epic Games, Inc.)
FirewallRules: [{B69DF366-DDCE-4B34-82B4-98C8C6F8269A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chantelise\chantelise.exe (Easygamestation, Carpe Fulgur LLC)
FirewallRules: [{8858FDF3-20DA-4CE1-9CF3-054A266318FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chantelise\chantelise.exe (Easygamestation, Carpe Fulgur LLC)
FirewallRules: [{2E1B358E-13F1-4674-9071-983FFCD6D896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chantelise\custom.exe ()
FirewallRules: [{227DEADB-DA8D-410C-AD60-5BFB720D9059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chantelise\custom.exe ()
FirewallRules: [{C8842439-B797-4D71-B9FA-A69852277E63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe ()
FirewallRules: [{CB50F698-C773-4BD7-83B9-61FD85AFE97D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe ()
FirewallRules: [{44D8DC73-F2CA-4B96-9D06-5BFFB9D54731}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe ()
FirewallRules: [{6C4F60F6-DF62-43DD-B214-1217DD5086CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe ()
FirewallRules: [{EC7FB390-4DA6-4194-A563-28367CF82013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)
FirewallRules: [{56EEAF4E-A5B5-4CDB-BDE8-A4FB1CAC7448}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)
FirewallRules: [{C6AE2D38-013B-4316-A071-8ABF69CADD4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe ()
FirewallRules: [{BB602749-9764-452E-88E9-D5C0083203E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe ()
FirewallRules: [{B1648299-C0BD-4AC1-ABE8-CA4C4AE0EBC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd)
FirewallRules: [{0087B64B-881B-43C7-BCC6-72ECC1045B3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd)
FirewallRules: [{637060F7-C044-414E-A755-9132E99CF160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe (SEGA EUROPE LIMITED -> SEGA)
FirewallRules: [{C12E588C-462F-4BD2-8820-7DE6B33BFBD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe (SEGA EUROPE LIMITED -> SEGA)
FirewallRules: [{9F79B02A-CF12-4CAE-A00A-CB4D4FAD2DEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FB972522-A332-4AF9-8089-4BACF8334C82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7CE71FE0-79DE-401A-BAC3-E4BC127F0EB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2C04D1F-B4AA-41A8-B6E0-CAD7EE9EE76B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A79360D-955C-4271-831D-EB2B32B68839}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe ()
FirewallRules: [{6FF6F8FB-A601-4C50-9896-0E01A94B7366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe ()
FirewallRules: [{A23A5549-C6E9-4453-86BC-F3638D931766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe ()
FirewallRules: [{05558DC3-456F-43C5-A2C8-10F4CEF7C72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe ()
FirewallRules: [{B20B4647-2DB9-4D7E-9A00-69E8ADC171C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe ()
FirewallRules: [{1E0D5EC8-B4D8-48A5-A693-7898C0DBAE2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe ()
FirewallRules: [{1CE6976B-9C98-4EDE-885B-59C323C81EC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe (LucasArts Entertainment Company)
FirewallRules: [{C61C0F65-A046-4401-A84D-94E14B446E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe (LucasArts Entertainment Company)
FirewallRules: [{4ADCBF05-3A2C-49FA-8D3E-758B2B3D6726}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe ()
FirewallRules: [{CDDEA126-0C53-4951-B04B-ECA05B9B2344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe ()
FirewallRules: [TCP Query User{83AFB1E0-94F9-42B3-897A-B4E3DDFA3BFF}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe ()
FirewallRules: [UDP Query User{7C69856E-987E-4962-9048-C658026A5CB2}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe ()
FirewallRules: [{F506C5CC-0920-4C3C-A9C5-C83ADC4489BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem Forever\System\DukeForever.exe ()
FirewallRules: [{34D464DC-E7AC-4939-9952-79C46955A35E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem Forever\System\DukeForever.exe ()
FirewallRules: [{58354BAC-021B-41B2-9E43-63E7E7266586}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe ()
FirewallRules: [{8480CB6F-4AFF-4B3B-88E2-F6492B788A20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe ()
FirewallRules: [{DF6A6B60-ED9E-4616-A0F3-F89F8860A053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe ()
FirewallRules: [{9ABC703D-BE63-489C-BABE-9E9F97831189}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe ()
FirewallRules: [{6145C5E5-103F-4931-AC2F-FFB89FB93F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe (Triumph Studios)
FirewallRules: [{ABB9D037-E548-4A7E-81EE-A6BB78878352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe (Triumph Studios)
FirewallRules: [{6D50B3F2-F8AB-4CA0-A089-8CFDDCC4AC60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe ()
FirewallRules: [{0509A296-B543-435F-BB2D-C978AA2454D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe ()
FirewallRules: [{979AAFED-2277-4A0C-8A39-EDB409CAA4B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe ()
FirewallRules: [{8454CD83-8EBE-4482-AC0D-2E96FAB9252D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Overlord2.exe ()
FirewallRules: [{E7E843B8-0E95-46FF-AC71-0921AD57C671}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe ()
FirewallRules: [{E62535E0-6C47-414F-B973-C75A919324CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord II\Config.exe ()
FirewallRules: [{B31BD62A-4CEE-48B3-A518-96C37D690542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellforce Platinum Edition\SpellForce.exe ()
FirewallRules: [{0C4244B2-6D5A-473A-99D1-2181B20E2576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellforce Platinum Edition\SpellForce.exe ()
FirewallRules: [{65BB561D-7FB0-400A-A9F2-623D31F253FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe (Valve Corp. -> Croteam)
FirewallRules: [{BEFF5A3A-4A7B-4E87-8FE5-B8993C7CB1C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe (Valve Corp. -> Croteam)
FirewallRules: [{39B36A04-3B25-4E15-A962-BF4D0AD5D65B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe (GHI Media LLC -> )
FirewallRules: [{FAC2D3C6-997A-4F7F-8CAC-15F8A2E76E0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe (GHI Media LLC -> )
FirewallRules: [{5208C2BA-526E-4712-843F-2F44906A884E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe (GHI Media LLC -> )
FirewallRules: [{C2B8BE35-969E-4CD8-8E4F-E3B0EEC74ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe (GHI Media LLC -> )
FirewallRules: [{67E87C4D-F63C-4779-AC4B-9596EAC8315E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe (Epic Games, Inc.)
FirewallRules: [{5DF11DEC-34B3-400D-8281-49320E3F5C61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe (Epic Games, Inc.)
FirewallRules: [{4652576B-F78D-49A4-BDF4-9B2ACA79BE4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd)
FirewallRules: [{734D299B-4124-4069-82E3-5E4602AACF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd)
FirewallRules: [{E765449A-F464-4683-89FA-577D4B915DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE (Looking Glass Studios)
FirewallRules: [{43F3B878-806A-408F-BC9B-0D175032D515}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\thief_gold\THIEF.EXE (Looking Glass Studios)
FirewallRules: [{C51EEC78-ECEE-461D-AA08-C648B4788F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe ()
FirewallRules: [{8A859BD0-0B25-45B0-A71F-537256B4E5CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\Wiz8.exe ()
FirewallRules: [{98E00715-8037-4C98-9950-B54F2CDE8D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe ()
FirewallRules: [{3BDF355A-E737-4D25-A587-D94977F8B6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\3DSetup.exe ()
FirewallRules: [{09BE4BBB-80FA-4602-B8B5-80F09DED072B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe (Zeus Software)
FirewallRules: [{4FD45B4A-00B8-4DE2-B6E0-05F3D41397EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry8\nglide_config.exe (Zeus Software)
FirewallRules: [{B7C6B616-540B-448F-8B0C-ADAC141FF3D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [{128A4DC1-1ADF-4B98-ACB2-41C40E6F61CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe ()
FirewallRules: [{156ED26B-726E-4D60-9AC4-2CDD73CDC9AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disciples II Galleans Return\Discipl2.exe (Strategy First)
FirewallRules: [{AE158C47-047E-46FA-B122-6CA8F4BD99D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disciples II Galleans Return\Discipl2.exe (Strategy First)
FirewallRules: [{B500E45A-2D3D-49CA-82E9-35AB52BCB2DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disciples II Galleans Return\ConfigEditor.exe ()
FirewallRules: [{64A345B4-E65C-4043-961B-2A34FB1FA927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disciples II Galleans Return\ConfigEditor.exe ()
FirewallRules: [{34485661-8A5D-4499-8679-C13771140335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [{5B90B53F-76AD-49BA-A4A0-A2E799F8332D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe (CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [{931FA2E9-B3C2-419A-A73F-570D2A4076D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB)
FirewallRules: [{144D0B8F-A82C-41BF-8A53-30FFB40F992F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB)
FirewallRules: [{94BDB5E8-C7B6-473E-B153-27448A260D28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions)
FirewallRules: [{968B5664-755B-4B2D-B49B-0BE0B3FC2143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions)
FirewallRules: [TCP Query User{BEA91743-3B22-4BE9-B8D6-28B98C01EA97}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe ()
FirewallRules: [UDP Query User{2501BB43-AF50-4C75-9C39-F8A795A379EC}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe ()
FirewallRules: [{0A1C7A95-55A2-45F8-BAAB-B32FB9793B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe (Gameplay Crush)
FirewallRules: [{B4B2BA96-423C-420F-8A2C-E04B49D60883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe (Gameplay Crush)
FirewallRules: [{3E457C76-350F-457D-B8EF-F6D6040FDD6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.)
FirewallRules: [{EB240149-87BC-47CD-8622-31F95553071A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.)
FirewallRules: [{40EF6B2F-F6B0-45E7-A727-2FB582328C60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.)
FirewallRules: [{3F4D0AD7-D9C6-45D8-9F44-CEB02115C80C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.)
FirewallRules: [{BA4E52DA-C3D3-44DB-9DDB-5B4E2BC9D99E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\legacy_kain_defiance\defiance.exe (Eidos Inc.)
FirewallRules: [{245DC6D4-4D91-40DD-AF60-F9C5E51AAE13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\legacy_kain_defiance\defiance.exe (Eidos Inc.)
FirewallRules: [{53C86DBE-B2EA-4EA9-9924-89A5078F3090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe ()
FirewallRules: [{55548823-C82D-4864-B4A4-A1372880ED22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe ()
FirewallRules: [{6D29165F-4B05-4C23-9AA9-716A2A4D6808}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillerIsDead\Binaries\Win32\KidGame.exe ()
FirewallRules: [{58E1CFA8-EC61-4A9F-8240-B1B9D2723678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillerIsDead\Binaries\Win32\KidGame.exe ()
FirewallRules: [{791DD5B6-070C-4007-9F2D-82BB4CFE6174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [{0DDA9D42-0CE8-48EB-8E90-BBA61428B976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [{A2C59468-B6CF-45B6-836F-D39C652017AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{E6698D44-C380-4D74-AF87-B8ECF4EBDA25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe ()
FirewallRules: [{362B1346-64A6-4DAB-8918-0C9EA9DB761B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nosferatu The Wrath of Malachi\Nosferatu.exe (Idol FX AB)
FirewallRules: [{D3711F49-5429-4AE8-A8A3-30E3F3AF93C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nosferatu The Wrath of Malachi\Nosferatu.exe (Idol FX AB)
FirewallRules: [{24457380-A9B0-4222-9E0A-C1B3F9554204}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe ()
FirewallRules: [{D96C21A5-DF46-49D9-AB76-3C69A3129502}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Messiah Might and Magic Single Player\mm.exe ()
FirewallRules: [{1A9BBFA7-4DD3-47CE-BE42-756046EFCAAB}] => (Allow) C:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [{8CD1E1D6-2AFF-44C1-B87F-934E94D64506}] => (Allow) C:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [{F04E2C43-38C3-436B-85D5-134792D7B8B3}] => (Allow) C:\Program Files (x86)\Origin Games\SPORE Galactic Adventures\SporebinEP1\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [{3B72552E-0600-485C-86F8-95026B315B8F}] => (Allow) C:\Program Files (x86)\Origin Games\SPORE Galactic Adventures\SporebinEP1\SporeApp.exe (Electronic Arts -> Maxis, a division of Electronic Arts Inc.)
FirewallRules: [{64207EFA-4D98-4EC3-A2AE-A0E443794D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe ()
FirewallRules: [{D161B97E-6973-457C-8810-2E44F1D24FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe ()
FirewallRules: [{FD7CEB4B-4D6D-459F-B429-DC607AD2659B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe ()
FirewallRules: [{B3AAC73E-2FA6-4E68-9A6E-A2C872184525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Overture\redist\Penumbra.exe ()
FirewallRules: [{0C450D6C-38B8-44E8-A510-16363DF3E785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe ()
FirewallRules: [{BB59E684-ACB3-4C2B-A90B-D18A2E28CFDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe ()
FirewallRules: [{7F2CE5D7-D015-46DE-BE93-1999F20BC5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver)
FirewallRules: [{E6FF3895-43D1-4CDD-AC98-F15BF7F49188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver)
FirewallRules: [{341E5648-9892-489F-B4AD-779BC81DA0F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe ()
FirewallRules: [{4514998D-0C0A-4895-8EF5-E9475FBD3E05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe ()
FirewallRules: [{742B0974-1BBF-42EB-B268-05A7E6B78B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe ()
FirewallRules: [{9DA14B64-0085-4D86-8B59-E28B328E39C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe ()
FirewallRules: [{B0D49A61-2379-4089-8D9F-91727082A64B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2 Wrong Number Digital Comic\hlm2comics.exe ()
FirewallRules: [{49DCB4DB-47CD-4D3F-8B9B-9C5EEA622AFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2 Wrong Number Digital Comic\hlm2comics.exe ()
FirewallRules: [{0A9BE3E6-4906-4A14-A2D8-2F08718B466C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delver\delver_x64.exe (Priority Interrupt)
FirewallRules: [{85F80F61-5EAB-4EE2-B166-DB46BF9E13D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delver\delver_x64.exe (Priority Interrupt)
FirewallRules: [{5029FD46-E460-44F0-B2EA-00627949B932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe (GarageGames)
FirewallRules: [{6EBD32EA-1BD2-4AA6-899B-B07134E345CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe (GarageGames)
FirewallRules: [{F3D682C1-11CB-4A7C-9AB5-44A3DCD1CEB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe ( )
FirewallRules: [{06CF5E17-225C-4F93-BE8A-00654289CC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe ( )
FirewallRules: [{C0BAEB44-9F02-4A1A-AABB-A739C6158F4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe ()
FirewallRules: [{2FD828E8-4BAE-44C7-805F-976D4AF1B902}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe ()
FirewallRules: [{86150850-4C5E-4B63-99FA-19D44CDE7776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe ( )
FirewallRules: [{FC31F7B2-2127-413C-A053-48733CEB2EA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe ( )
FirewallRules: [{60EDC641-F8C4-486F-B4EC-6D118ED4BF0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe ( )
FirewallRules: [{58F6FF58-AB81-493D-A3C8-F62A8A5D66C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe ( )
FirewallRules: [{7AC24C73-850E-4B10-B88F-720D76475DBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beat Hazard\BeatHazard.exe ()
FirewallRules: [{8D871845-2256-4DFA-A666-772FBD17B4E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beat Hazard\BeatHazard.exe ()
FirewallRules: [{E51D63B7-21B4-4689-B084-D94D1835D0E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beat Hazard\runme.exe ()
FirewallRules: [{52B84359-C5D0-47AE-A1F9-C185C1A38E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beat Hazard\runme.exe ()
FirewallRules: [{7B001FDC-EE99-4C0D-84BA-21A2F10D5000}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe ()
FirewallRules: [{6BFA901F-56EC-48A9-8C0F-4021F60D16AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe ()
FirewallRules: [{AE97BED4-D314-44A2-BA06-574E5BDD010F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargunner\Stargunner\Dosbox\DOSBox.exe (DOSBox Team)
FirewallRules: [{70AB8E20-3BBD-40CF-B196-39F0D78EC2E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargunner\Stargunner\Dosbox\DOSBox.exe (DOSBox Team)
FirewallRules: [{75B33C89-63C7-47C8-8372-CE569737B160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe ()
FirewallRules: [{9B04981A-B2C2-4866-A4A6-2F30CF8AC24F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe ()
FirewallRules: [{85CDE343-144E-4EA3-A8DF-FFB67997B9DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Original\bin\DOSBox.exe (DOSBox Team)
FirewallRules: [{DB26D968-D148-4834-B554-56309BD87F3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior Original\bin\DOSBox.exe (DOSBox Team)
FirewallRules: [{6FFA2A75-A705-4573-83EF-75A05CA61799}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe ()
FirewallRules: [{4B00D95C-D21B-4786-A1C8-85269C4BEE8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe ()
FirewallRules: [{22EA013C-37DE-4BC5-BF56-08CD53522435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe ()
FirewallRules: [{80C0BAEF-3895-4391-85BF-D4F3812290B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe ()
FirewallRules: [{1A82E02F-A183-459B-99B2-A894B03BE949}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe ()
FirewallRules: [{5DF3ACCB-D6E5-48C5-B8C9-6B6D6CD8C4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe ()
FirewallRules: [{6C08F412-2A40-42B9-9914-412056134554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe ()
FirewallRules: [{7EBA3793-FB44-46F5-9F44-864DE7DA8EC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe ()
FirewallRules: [{0096E819-C782-4997-BF64-CBB10DFD1B74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe ()
FirewallRules: [{3E043B7D-80A8-4A6D-B6FC-686B7BC7ADD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe ()
FirewallRules: [{BCCDC93F-5E96-4A00-9E9E-547030F57DED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe ()
FirewallRules: [{F775543C-5C12-4834-9B41-A6B97D8844A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe ()
FirewallRules: [{7DCE9710-EFB1-4E72-A019-B99A380CC859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{BC11AF55-1866-47FB-BBB3-A4909B64079D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{7AF04CBC-6169-4870-8649-EDCD810A9B3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe ()
FirewallRules: [{BE9F224E-6FD1-477F-95B1-400CF9AEC006}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe ()
FirewallRules: [{A3377062-E96A-4D30-99C7-1F2F84D6D939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe ()
FirewallRules: [{EF689633-30BE-4655-9CFD-4E170DA1B9F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe ()
FirewallRules: [{B3D1C02C-317B-4D83-9BBF-0D81E9A8F0B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe ()
FirewallRules: [{03AC3A91-B01D-4309-BB0C-BC725060A2C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe ()
FirewallRules: [{DE55E29A-9101-4C92-9840-D01F9AFA175A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe (Night Dive Studios, Incorporated)
FirewallRules: [{B54DEFEC-8A47-4527-ADB7-4EDBEF0B4944}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe (Night Dive Studios, Incorporated)
FirewallRules: [{4503093E-0761-44AA-930E-0DA3FCC2336E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe ()
FirewallRules: [{B827BD12-39DB-4895-8D50-B03C413262E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe ()
FirewallRules: [{DEB2DE1B-2974-4BE8-BDC3-0BEFFBFB4297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe ( )
FirewallRules: [{FD5A3324-6D89-4CD3-A484-F929E8DDD3A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe ( )
FirewallRules: [{7629A68D-CC3D-47CD-9F6A-A64EA8F2F23C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe ( )
FirewallRules: [{EB5D1922-524F-412C-8961-8EFAE2B5619B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe ( )
FirewallRules: [{1C29F33E-DE4F-46D0-88E1-97DF20453D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe ( )
FirewallRules: [{0E407980-CC17-4A82-909D-BEE7B4A6E317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe ( )
FirewallRules: [TCP Query User{C2A975C9-FAFD-4494-83E1-2ACF74CA2CF9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic)
FirewallRules: [UDP Query User{73944378-89F8-4E46-8FA4-5D3C5EAEB410}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic)
FirewallRules: [TCP Query User{17C70ED6-FC3B-4167-8527-6ED9E1D39F8F}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe ()
FirewallRules: [UDP Query User{56DB185F-A409-4B8A-8AA2-8B48B1062482}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe ()
FirewallRules: [{A94DEF73-08FA-4832-BB1A-B2A04F9092B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe ()
FirewallRules: [{538EE9A8-6D5F-4767-8117-D199C904639F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe ()
FirewallRules: [{EF5DA66D-9BD2-4DE1-8FE5-4819EE7D2953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake 2\quake2.exe ()
FirewallRules: [{4D53B51B-0CE5-45DF-ABBA-13B18A1D2517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake 2\quake2.exe ()
FirewallRules: [{6AB22B6F-88DF-4DF1-A142-8252E129199B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ECC162F4-2238-4F39-988F-FB64A6682A14}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6D059C4D-A6F3-4F0E-A234-AD4D9A811D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Black Edition\Bin\Painkiller.exe (People Can Fly)
FirewallRules: [{3A2A2162-25C6-4BA3-A7E1-B2DCFE88A295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Painkiller Black Edition\Bin\Painkiller.exe (People Can Fly)
FirewallRules: [{2FDFE703-90FB-4915-B0FA-C79B4F4A0482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe ()
FirewallRules: [{D69258F4-2008-4FC9-B43A-D90F463E74B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe ()
FirewallRules: [{952B4C9A-D80E-4790-AC36-14707C58723A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe ()
FirewallRules: [{BD0D1837-44F1-4B10-85EE-8FADFF5564F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe ()
FirewallRules: [{70BDF9D8-BEF4-4FF2-A551-3F3EDB490350}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe ()
FirewallRules: [{1DAA2268-6994-4877-A3BD-9AC609359788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe ()
FirewallRules: [{F2CFFA45-73D5-4566-93A1-36F24F64E999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe ()
FirewallRules: [{FD3AD6C4-C375-4B1D-981E-C5FA59AD87DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe ()
FirewallRules: [{8C4D1EA8-A9E8-4002-A414-48C120BD085D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe ()
FirewallRules: [{B713D02E-C5BF-4DAA-8549-65FD5E695CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe ()
FirewallRules: [TCP Query User{6CF63265-6FC7-44C9-A97B-5B32A1620A78}C:\program files (x86)\steam\steamapps\common\grezzo 2\grezzo2final\g2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grezzo 2\grezzo2final\g2.exe ( )
FirewallRules: [UDP Query User{5EF745B9-22F0-4335-AC78-7280AE415DB5}C:\program files (x86)\steam\steamapps\common\grezzo 2\grezzo2final\g2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grezzo 2\grezzo2final\g2.exe ( )
FirewallRules: [{B685F01B-61FE-49F1-9B3B-5690A870DFA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deathtrap Dungeon\DD_CD.EXE ()
FirewallRules: [{D433C09D-035A-42BB-AC4B-A7EE0CD7775F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deathtrap Dungeon\DD_CD.EXE ()
FirewallRules: [{6070BA0C-6464-4361-9AD4-DCDB29D3F525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver\kain2.exe ()
FirewallRules: [{9358BC68-EF1B-4130-899B-8C6C04932828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver\kain2.exe ()
FirewallRules: [{90EB55E5-1794-43A7-AD42-F123A7C83ACC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver 2\sr2.exe ()
FirewallRules: [{54B8D4FC-DCBD-433F-AF78-C2A098D8E61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legacy of Kain Soul Reaver 2\sr2.exe ()
FirewallRules: [{A80E5CF9-3411-45CD-8D73-8D60BE6DCDAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe ()
FirewallRules: [{AECDBE1E-496E-40A7-ACE9-F731B7B2CA4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe ()
FirewallRules: [{4E02C78E-C927-4943-BA8F-695C16A0A2AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{F36B72C3-4949-4D56-8ACF-D954EAEC71E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix)
FirewallRules: [{A3BE64BE-926A-46E7-B664-B63CEB9A4B2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (II)\Tomb2.exe ()
FirewallRules: [{86F21255-691A-472C-9E3E-114B1CA4F6F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (II)\Tomb2.exe ()
FirewallRules: [{072FBAF9-A2B8-43F6-9B58-385B766D02F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TombRaider (III)\tomb3.exe ()
FirewallRules: [{4896FDB7-EF21-405A-B33F-3CC87575DB2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TombRaider (III)\tomb3.exe ()
FirewallRules: [{05196520-17C4-4875-8B7B-BBF51EE4F4ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowMan\Shadowman.exe ()
FirewallRules: [{7A310C04-A47B-4B7B-BE57-EE6508FA24FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowMan\Shadowman.exe ()
FirewallRules: [{394F3242-E648-4F1B-8CB9-E09B34C77C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowMan\D3DConfigUtility.exe ()
FirewallRules: [{6D3A3768-438C-4DB3-B14A-8FFFAD487FBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowMan\D3DConfigUtility.exe ()
FirewallRules: [{9A894515-6980-44C3-BBCE-B57DBF7BA33F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe (Stardock Corporation -> Stardock Corporation)
FirewallRules: [{1F83D0FD-D06C-49B0-9870-81F2EEC353A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe (Stardock Corporation -> Stardock Corporation)
FirewallRules: [{F1C99A36-D57C-4F80-9D2D-1F2408C53471}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry6\dosbox_windows\dosbox.exe (DOSBox Team)
FirewallRules: [{97B25272-9617-4B76-8A71-668197CEA0B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry6\dosbox_windows\dosbox.exe (DOSBox Team)
FirewallRules: [{D4B8D04E-0F87-4063-9341-40830FC4E8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry6\dosbox_windows\daum\dosbox.exe (DOSBox Team)
FirewallRules: [{D40499CC-7634-40F1-BAB4-565FBBD62E1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry6\dosbox_windows\daum\dosbox.exe (DOSBox Team)
FirewallRules: [{BE10D72B-1DD7-4E25-B0F6-E6F753E5B074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe (DOSBox Team)
FirewallRules: [{5D593F08-51B5-4DAB-B08D-9EED8AC570C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\dosbox.exe (DOSBox Team)
FirewallRules: [{EEDAAF76-C207-4D6B-ACB6-BA48D8E28C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe (DOSBox Team)
FirewallRules: [{85FFA41E-D884-45B2-A9CE-3E59B10AF118}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\dosbox_windows\daum\dosbox.exe (DOSBox Team)
FirewallRules: [{BAA9CC66-4697-4653-BF60-70542A923849}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE ()
FirewallRules: [{2791E745-9468-4AAC-976F-09728721F96F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wizardry7\wizardry7gold\WIZARD.EXE ()
FirewallRules: [{A61EFCE9-AF38-4728-AC39-EF33DB7C4467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aliens versus Predator Classic\Launcher\AvpGoldLauncher.exe ()
FirewallRules: [{65D7F12C-4358-4922-A73E-DA66419DBF0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aliens versus Predator Classic\Launcher\AvpGoldLauncher.exe ()
FirewallRules: [{0743D1B7-CB7E-4E9F-BEF9-9F00049C4BD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{BFAC1B9B-272C-4BC2-B914-7C050364B412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\soniccd.exe ()
FirewallRules: [{894B36E3-7BDD-456E-8C08-CE5EF55374AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\soniccd.exe ()
FirewallRules: [{6B1B21C5-AD19-4508-A565-CFC43F0ACF2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\setup.exe ()
FirewallRules: [{F7968AB3-9B6A-44B0-9AF6-0B9B8017D0A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic CD\setup.exe ()
FirewallRules: [{EE818ED3-C691-4076-94D5-26AE13DEF257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic the Hedgehog 4 EP 1\SonicLauncher.exe (Sega Corporation)
FirewallRules: [{3588ED1D-0F9E-4010-8065-6A467A988581}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic the Hedgehog 4 EP 1\SonicLauncher.exe (Sega Corporation)
FirewallRules: [{990BA182-0F5E-4944-ADBD-B252EE4CCF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe ()
FirewallRules: [{6DBEA849-6FFA-4B57-84BA-E7291A496F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure 2\Launcher.exe ()
FirewallRules: [{C810B249-1B6C-41A2-BAB5-62E6466FD764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe ()
FirewallRules: [{1B6CB5E2-B756-4E7C-B1F4-6C7834B8E512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe ()
FirewallRules: [{FB12A10D-A812-4589-BA7C-35D6ECED9FEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe ()
FirewallRules: [{0AC7AAD6-4DA4-4557-8E05-C7C4D223F88E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe ()
FirewallRules: [{DBAB08C7-29EA-401A-9004-6316EFFFCB31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Config.exe (Sumo Digital Ltd)
FirewallRules: [{625CB7C2-73C1-40AC-BF6C-381667F97E15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Config.exe (Sumo Digital Ltd)
FirewallRules: [{452CCE69-8154-42A0-B7C0-C7C624E2A8CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlaws\olwin.exe (LucasArts Entertainment Company)
FirewallRules: [{82C73E8C-7B1B-4CC5-A2F8-0DF70DFC9286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlaws\olwin.exe (LucasArts Entertainment Company)
FirewallRules: [{D4E52682-7D09-42D6-9912-D2D963A3057D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DX-Ball 2 - 20th Anniversary Edition\DXBall2.exe (Longbow Digital Arts)
FirewallRules: [{7E7AA85F-D4DC-4BBF-BFC6-03B27A67FB19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DX-Ball 2 - 20th Anniversary Edition\DXBall2.exe (Longbow Digital Arts)
FirewallRules: [{A5B8BE81-3257-4AE3-AE49-B7E04AD8F2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{79D8E56F-F543-4173-833F-F4F85286CB86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe ()
FirewallRules: [{A5B7ADAE-0014-4439-90E6-2E8C4EDBAA01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe ()
FirewallRules: [{F3B40288-81F6-4293-83CB-596A593CFE91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe ()
FirewallRules: [{36FC1501-2BA2-487F-A03F-BB7C0AEF1D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 2004\System\UT2004.exe ()
FirewallRules: [{C3FD45CD-B2CE-4BAF-8C1E-40FB57A43DB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 2004\System\UT2004.exe ()
FirewallRules: [{CA9677B3-DE35-47F4-941B-D72875C2E19E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD)
FirewallRules: [{05FD2E0B-AAFA-48DB-93AD-D28E946A162E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD)
FirewallRules: [{8601A77B-84D5-4D0C-9019-3A62658F83EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe ()
FirewallRules: [{A1F2BBC5-9284-4289-934D-8200D63CB027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe ()
FirewallRules: [{091B26C8-4901-45BC-8A72-36E01FC4CFA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe ()
FirewallRules: [{7E35B298-EBE2-4F42-840E-CBE1595C43C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe ()
FirewallRules: [{41D07504-6269-4942-B558-4BEE63BD6751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD)
FirewallRules: [{B6F01602-9B3C-422E-9F92-0E02AE9B44B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD)
FirewallRules: [{C833DBC1-53A8-4533-93B9-27DACB76BC5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe ()
FirewallRules: [{960DF8C2-DE2B-4C7B-9D14-60C5E2771396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe ()
FirewallRules: [{54BB32F7-DE12-467A-BD9C-A3C1855F3FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DX-Ball 2 - 20th Anniversary Edition\Tools\DXB2Editor.exe ()
FirewallRules: [{E1442B6D-D4F1-48BB-9FF5-2FF04217BFCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DX-Ball 2 - 20th Anniversary Edition\Tools\DXB2Editor.exe ()
FirewallRules: [{E0BFF904-DAAF-4218-86D8-00B720D06F83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe ()
FirewallRules: [{03DA1455-E416-4F57-94D6-DBDBDA928F10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe ()

==================== Restore Points =========================

12-02-2019 18:54:34 Windows Update
13-02-2019 01:51:20 Windows Update
13-02-2019 19:13:59 Windows Update
13-02-2019 21:48:35 Windows Backup
13-02-2019 21:53:28 Windows Backup
13-02-2019 22:30:35 Windows Backup
13-02-2019 22:45:26 Windows Backup
13-02-2019 23:51:33 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2019 10:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 10:11:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 10:01:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 07:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 06:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: Explorer.EXE, versione: 6.1.7601.23537, timestamp: 0x57c44efe
Nome del modulo che ha generato l'errore: wwanapi.dll, versione: 6.1.7600.16385, timestamp: 0x4a5be0a8
Codice eccezione: 0xc0000005
Offset errore 0x00000000000333eb
ID processo che ha generato l'errore: 0x784
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d4c48a14ebfe8a
Percorso dell'applicazione che ha generato l'errore: C:\Windows\Explorer.EXE
Percorso del modulo che ha generato l'errore: C:\Windows\system32\wwanapi.dll
ID segnalazione: 9c30e6e0-307d-11e9-9974-bc5ff451dd95

Error: (02/14/2019 06:25:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 05:36:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.

Error: (02/14/2019 04:43:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore 0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.


System errors:
=============
Error: (02/14/2019 10:16:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (02/14/2019 10:16:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: All'avvio non è stato possibile caricare i seguenti driver:
epp

Error: (02/14/2019 10:16:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (02/14/2019 10:15:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (02/14/2019 10:15:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Impossibile avviare il modulo di estendibilità WLAN.

Percorso modulo: C:\Windows\system32\athExt.dll
Codice di errore: 126

Error: (02/14/2019 10:15:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (02/14/2019 10:10:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (02/14/2019 10:10:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.


Windows Defender:
===================================
Date: 2019-02-08 18:59:18.418
Description:
Windows Defender: analisi interrotta prima del completamento.
ID analisi:{91225129-8A3C-4F31-A238-3E68CABF02E9}
Tipo analisi:Antispyware
Parametri analisi:Analisi veloce
Utente:PC\Memox

Date: 2019-02-08 18:00:27.765
Description:
Windows Defender: analisi interrotta prima del completamento.
ID analisi:{9695E495-DBE6-437B-B40D-20F2DF3E19B9}
Tipo analisi:Antispyware
Parametri analisi:Analisi veloce
Utente:PC\Memox

Date: 2018-09-02 03:45:52.577
Description:
Windows Defender: analisi interrotta prima del completamento.
ID analisi:{A524018F-DD7C-4CF7-AF80-2C5955ED9E5D}
Tipo analisi:Antispyware
Parametri analisi:Analisi veloce
Utente:NT AUTHORITY\SERVIZIO DI RETE

Date: 2018-07-04 13:09:34.456
Description:
Windows Defender: errore durante il tentativo di aggiornare le firme.
Nuova versione firma:1.271.442.0
Versione firma precedente:1.269.1075.0
Origine aggiornamento:Utente
Tipo firma:Antispyware
Tipo aggiornamento:Delta
Utente:NT AUTHORITY\SYSTEM
Versione modulo corrente:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2018-07-04 13:09:34.455
Description:
Windows Defender: errore durante il tentativo di aggiornare il modulo.
Nuova versione modulo:1.1.15000.2
Versione modulo precedente:1.1.14901.4
Origine aggiornamento:Utente
Utente:NT AUTHORITY\SYSTEM
Codice errore:0x80070666
Descrizione errore:È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===================================

Date: 2019-02-13 19:13:19.322
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2019-02-13 10:32:33.420
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2019-02-13 09:50:57.020
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2019-02-13 09:40:58.034
Description:
Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G860 @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 7895.2 MB
Available physical RAM: 4468.58 MB
Total Virtual: 15788.55 MB
Available Virtual: 12232.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:439.39 GB) NTFS
Drive e: (HD 240GB) (Fixed) (Total:232.88 GB) (Free:93.55 GB) NTFS

\\?\Volume{7cf54848-bc60-11e5-8e42-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6060AAD1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 04540453)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Hi, Memox.

Please follow the instructions in the order provided.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-71544129-41464889-658937272-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Memox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) 
U0 aswVmm; no ImagePath
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
C:\ProgramData\Spybot - Search & Destroy
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= 
Task: {EEF493C2-9447-426D-A024-3E33E56194A0} - System32\Tasks\Driver Booster SkipUAC (Memox) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.

2. Urgent! You indicated that you installed BitDefender, yet it is not listed in Installed Programs, although there is a leftover driver shown in the logs as well as leftovers from Avast and Avira. Since you are only running Windows Defender, which on Windows 7 is only an anti-spyware program, you most certainly are taking a risk not having an active anti-virus software installed. The very first thing you need to do is install anti-virus software. BitDefender, Avast, Avira or Microsoft Security Essentials are all fine free anti-virus solutions. (Note: I included the leftovers for removal with FRST so you will be able to do a clean install of whatever program you choose.

Note: For the following items, please be observant when installing updates and UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

3. Adobe Acrobat 5.0 is not compatible with Windows 7. Even if you are running it in compatibility mode, you are opening your computer to serious exploits. I strongly suggest you uninstall Adobe Acrobat 5.0 and install the latest version of Acrobat DC for Windows from here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

4. Adobe Flash Player for IE is extremely out of date. Even though IE isn't your primary browser, it is very important to keep it updated. The installation link for IE is available here: Flash Player for Internet Explorer - ActiveX.

5. Google Chrome has been updated to version 72.0.3626.109. To update to the latest version, open Chrome. At the top right, click More. Click Update Google Chrome.

6. Oracle Java: Personally, I haven't had Java installed on a computer in at least ten years. However, since you have a lot of games installed, it appears you need to keep it installed. That being the case, due to critical vulnerabilities, it is important to keep it updated. Please see the "Notes" and "Java Security Recommendations" in my blog post at Java Critical Security Updates Released. It also includes links to the latest version as well as the schedule for the next security updates. If you absolutely must use Java, you need to keep it updated.

Lastly, let me know in your reply what anti-virus software you installed.
 
Hello, Corrine. Thank you very much for the help. Please, read carefully my next post in its entirety: I need some answers... Thanks again for the patience.


Ok, after having some issues here and there with updates and options, I managed to have all I needed, respectively: Adobe Acrobat Reader v. 19.008.20071; Adobe Flash Player 32 ActiveX v.32.0.0.142; Google Chrome v.72.0.3626.109 and finally Java 8 v.201.

Regarding the antivirus, it's not about what I have installed, but rather what I have uninstalled: Emsisoft, Bitdefender, Avira and Avast (the last two I didn't use them since a lot of time) won't result installed simply because I don't have them anymore, because they all slowed down the PC in a very noticeable way. I just used them for security reasons and then deleted when I found out they didn't help me in the slightest. Malwarebytes on the other hand I'm willing to reinstall it and I still have the setup ready, because I already knew I needed it again sooner or later. I do know that maybe this program alone is not enough, but it really seems that is the only one that doesn't make my machine a slog.

That being said, FRST did its work and there's a Fixlog.txt now... But I managed to screw this up anyway: for some reason (maybe it could be that I didn't sleep a whole lot), the first thing I did was updating my softwares, only after this i ran FRST and its Fix. Is that a problem? To simply put, i didn't follow all of this step by step but rather in a different order.

Finally, some questions... Pardon my ignorance and maybe intrusiveness, but what does this do? I know that allegedly it did either delete or reallocate something, and maybe also has something to do with the Register entries, but what about my original post? I absolutely appreciated the valuable help and this surely was helpful from A to Z, but I'm still not certain about the whole ransomware and/or generic virus and the likes. I mean, what if all of this was useful but at the end of the line these nasty malwares and the trojan are still present in some form? Like, on the Windows folder or perhaps it's dormant somewhere in my PC... The thing is, this still scares me a lot because I clearly remember that the notorious executable was updated the very day I've downloaded it, perhaps making useless whatsoever Antivirus or Anti-malware, etc. simply because the menace is up-to-date way more than the weapon(s) to fight it. It's true that MBAM did detect 11 malwares and 1 trojan, but what if that wasn't all of it? Or if it simply was a disguise? Thanks for the comprehension.
 
Hi, Memox.

You came here for help and that is what I am attempting to provide. When I help someone, I don't merely have them run programs to remove malware but also provide advice on how to protect their PC. This includes updating installed programs that have had critical security updates. It also includes recommendations on how to protect their computer. It is something I have been doing on forums for 16 years. Consider that an installed anti-virus software may have detected whatever it was you downloaded in the first place and, kindly note, the free versions of Emsisoft and MBAM are not anti-virus software programs. Personally, I wouldn't chance connecting to the Internet without proper security on my computer. This is particularly true if you do any online banking/bill paying, purchases or download programs.

That said, it is your PC, your choice.

As to whether your PC is 100% clean, there are no guarantees but the files removed by FRST were not malicious, merely cleanup. Please go to your desktop and open the FRST folder and locate fixlog.txt. Copy/paste it in your next reply.
 
Perhaps I didn't explain myself correctly, sorry. I'm not doubting in any way what you did, actually I very much appreciated the help, especially regarding the softwares updates. I only wondered what the FRST thing was about, not the program itself but the codes you made me use for the fix. I thought that those did help for cleaning matters, but weren't in fact related to any malware whatsoever (but maybe that's actually a very good thing), and my previous point about an alleged, dormant virus that is more up-to-date to the antivirus/anti-malware still persists. I did think about re-installing Bitdefender because i do know it's very different from a simple anti-malware, but again, that would slow my PC even more than a virus, paradoxically. And I have noticed this even when it wasn't scanning anything; the best thing would be if I can install it but being able to change the default setting of the program launching itself on startup, or even better to be able to close both the process and the service when I don't really need it (for example, when I'm disconnected from the internet). That being said, here's the fixlog.txt


Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Memox (15-02-2019 04:04:14) Run:1
Running from C:\Users\Memox\Desktop
Loaded Profiles: Memox (Available Profiles: Memox)
Boot Mode: Normal
==============================================

fixlist content:
*
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-71544129-41464889-658937272-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Memox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
U0 aswVmm; no ImagePath
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
C:\ProgramData\Spybot - Search & Destroy
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
Task: {EEF493C2-9447-426D-A024-3E33E56194A0} - System32\Tasks\Driver Booster SkipUAC (Memox) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
EmptyTemp:

*

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.101.2 => not found
"C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll" => not found
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2 => not found
"C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll" => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
"C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll" => not found
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => removed successfully
C:\Users\Memox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => moved successfully
HKLM\System\CurrentControlSet\Services\aswVmm => removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\ProgramData\Spybot - Search & Destroy => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall => removed successfully
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-71544129-41464889-658937272-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEF493C2-9447-426D-A024-3E33E56194A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEF493C2-9447-426D-A024-3E33E56194A0}" => removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Memox) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Memox)" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26318520 B
Java, Flash, Steam htmlcache => 431407222 B
Windows/system/drivers => 424191753 B
Edge => 0 B
Chrome => 397678086 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66788 B
LocalService => 0 B
NetworkService => 2658 B
Memox => 71478589 B

RecycleBin => 1288730913 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:05:21 ====
 
Hi, Memox.

Correct, the FRST script was only for a bit of cleanup, however, do note that 2.5 GB of temporary data was removed.

Actually, if you scroll down to the "Impact Score" in the last AV-Comparatives Performance Test October 2018, note that Avast scored extremely good as far as having minimal impact on performance. As to installing an A/V and then not having it active and regularly updated, what is the purpose? The entire point of the software is to protect your computer which it cannot do if it is disabled. Again, your PC, your choice as to whether it is better to protect your personal information or your machine running slower. Hopefully, you'll continue making regular backups in the event you're hit with ransomware.

As to some hidden malware remaining dormant on your computer, although unlikely, let's see what a scan with ESET Online Scanner shows:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here. (Edit Note: Although not using an A/V program, you do have Windows Defender active. and should temporarily disable it.)

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Don't forget to re-enable previously switched-off protection software!
 
Last edited:
Thanks for always being so crystalline. I'll do try Avast Free, if that doesn't impact performance that much. I was indeed interested to A/V(es) to begin with, running when I am online and/or when I'm doing tasks I don't know about, it's just that when it's the complete opposite of those two instances I would rather completely disable it in order to not burden the CPU.

By the way, I think I am stuck just after this step
Corrine said:
Double click esetonlinescanner_enu.exe. Accept the Terms of Use
Click to expand...
Simply because this guide may be slightly outdated, or at least it doesn't respond to those exact commands you gave me. To be more precise, I can't see "Enable detection of potentially unwanted applications" just like I don't see any of those other lines, all up until "Scan". Scan too doesn't respond the same to what you told me, because it's divided into Computer scan, Periodic and Full protection; when I click the former i still have options, such as "Full", "Quick" and "Custom". I would've clicked "Full" without even writing this comment but I'm not so sure because there isn't any advanced settings or the other things you requested before all that, so I could've been missing to something important here. I made sure that I downloaded "ESET Online Scanner" and not "ESET Smart Security Premium" too, and the .exe file coincides with the name you gave me.
 
Thank you, Memox. In checking I see that, indeed, there was a change to the ESET Online Scanner a couple weeks ago. Please see the following, revised, instructions:

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
 
Damn, this tool was even more useful than all the other A/V and Anti-malware programs I've tried before, it detected 8 threats. 7 of which were "simple" adwares that came with Format Factory (it's a software i use a lot), but the last one was none other than another trojan, labeled as "Qadar"-something.

15/02/2019 23:42:21
Files scanned: 439314
Infected files: 8
Cleaned threats: 8
Total scan time 01:37:32
Scan status: Finished
 
Oh and I almost forgot that on the Registry I found, on the Softwares folder, two suspicious ones: Moon Bot and Margin Software. Allegedly, these have something to do with cryptomining. I've deleted those folders from the Registry; I don't know how much time those were there, though. I also deleted plenty of other folders I was 100% sure I could delete, such as stuff related to old videogames I don't play anymore. I can restart the PC just fine so all of this doesn't seem to have damaged anything.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top