Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Browser redirect malware with additional side effects

  1. #1
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default Browser redirect malware with additional side effects

    I have what I believe is a multi-faceted problem stemming from a particularly stubborn piece of malware.

    The key indicator is when searching from Chrome's Omnibar it redirects before showing my search results as shown here:

    2017-12-14 21_32_56-test - Bing.png

    It's almost never the same URL or even CLOSE. I believe whatever is causing this is also preventing me from updating Spybot S&D. Running the update module in my Spybot install does nothing, I can't run the updater directly from the file, and downloading the files manually does not appear to work either. I am also unable to start the updater service due to it timing out immediately.

    In trying to gather the troubleshooting information needed for this post I also experienced problems. My FRST log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
    Ran by Jay (administrator) on JAY-PC (14-12-2017 21:21:19)
    Running from C:\FRST
    Loaded Profiles: Jay (Available Profiles: Jay)
    Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ========================================================



    Please note this is the WHOLE log and no addition.txt file was created. I tried running several times, deleting and re-downloading the files and tool, running as admin... no change.

    Running aswMBR.exe had even more drastic results:

    BSOD.jpg

    I have attempted Malware Bytes to no avail, and also tried running it in Safe Mode.

    My version of windows is Win 10 64bit 1703 (OS Build 15063.540)

    I have tried updating to 1709 several times and am also unable to do that due to constant failures, though that may be unrelated.

    I'm at a loss as to what to try next. Any direction or help would be greatly appreciated.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,458

    Default

    When I first read your information I kinda cringed a bit, if the infection on your machine is what I think it is, we're in for a battle that not all have been lucky enough to remove.
    It is also possible attempts to repair or delete the infection might have to be done in Recovery Environment:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

    https://forums.malwarebytes.com/topi...-malwarebytes/

    If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    I am working on following these steps, but am fighting with unrelated ISP issues making it difficult to download the tool.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,458

    Default

    I don't know if this is going to help but, try to boot into safe mode with networking and attempt to download the tool from there.
    https://support.microsoft.com/en-us/...c-in-safe-mode

    Also, if it can be done, download and attempt to download these additional tools while in safe mode with networking and post the logs for me

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura

    ****
    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    I will post the logs in the order they were requested in the thread:

    MBAR log:

    Malwarebytes Anti-Rootkit BETA 1.10.3.1001
    www.malwarebytes.org

    Database version:
    main: v2017.12.19.06
    rootkit: v2017.10.14.01

    Windows 10 x64 NTFS
    Internet Explorer 11.540.15063.0
    Jay :: JAY-PC [administrator]

    12/19/2017 8:51:09 PM
    mbar-log-2017-12-19 (20-51-09).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 222269
    Time elapsed: 8 minute(s), 16 second(s)

    Memory Processes Detected: 5
    C:\Users\Jay\AppData\Local\psohkwl\psohkwl.exe (Trojan.Clicker) -> 9764 -> Delete on reboot. [1260a9827535cc6a75755d521ce534cc]
    C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 11748 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
    C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 3112 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
    C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 4876 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
    C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> 12680 -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\WINDOWS\SYSTEM32\drivers\69bc6d74e29d13e16e2b101abfb49035.sys (Adware.Wajam) -> Delete on reboot. [a9dd56a37c1ab181b2d2400331b43044]
    C:\WINDOWS\SYSTEM32\drivers\sncfilps.sys (Rootkit.Agent.PUA) -> Delete on reboot. [d4b78f4f04a1132bf3088f93b9e5d140]
    C:\Users\Jay\AppData\Local\psohkwl\psohkwl.exe (Trojan.Clicker) -> Delete on reboot. [1260a9827535cc6a75755d521ce534cc]
    C:\Users\Jay\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> Delete on reboot. [b9b92b0009a1191d6737ab92c23ffe02]
    C:\Windows\System32\config\systemprofile\AppData\Local\psohkwl\psohkwl.exe (Trojan.Agent) -> Delete on reboot. [3e340724ffab0036c351ab2620e1fb05]
    C:\Windows\System32\config\systemprofile\AppData\Local\psohkwl\ushdnme.exe (Adware.Yelloader) -> Delete on reboot. [29492dfe723893a3861853ea5ba602fe]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

  6. #6
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    Rogue Killer Log:

    RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.15063) 64 bits version
    Started in : Normal mode
    User : Jay [Administrator]
    Started from : C:\Users\Jay\Desktop\RogueKiller_portable64.exe
    Mode : Delete -- Date : 12/19/2017 22:06:14 (Duration : 00:31:30)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 35 ¤¤¤
    [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Conduit -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\InstallCore -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\WeatherAlerts -> Deleted
    [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Conduit -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\InstallCore -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\WeatherAlerts -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\IM -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\IM -> Deleted
    [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\Conduit -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\PriceGong -> Deleted
    [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\Conduit -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\AppDataLow\Software\PriceGong -> Deleted
    [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\Conduit -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\ConduitSearchScopes -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\PriceGong -> Deleted
    [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\Conduit -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\ConduitSearchScopes -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\AppDataLow\Software\PriceGong -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search -> Deleted
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_EAB4\ControlSet001\Services\SPPD (\??\C:\Windows\system32\drivers\SPPD.sys) -> Deleted
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_EAB4\ControlSet002\Services\SPPD (\??\C:\Windows\system32\drivers\SPPD.sys) -> Deleted
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=BNHP -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3889070278-3414657367-3443163699-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=BNHP -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.11.1 208.73.63.114 ([-][United States]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caa2ce7e-e35b-4c74-9a90-00093b61115a} | DhcpNameServer : 192.168.11.1 208.73.63.114 ([-][United States]) -> Replaced ()
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Dietrich_ON_E_08FC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Samantha Layne_ON_E_1283\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 5 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
    [PUP.Gen0][Chrome:Addon] Default : Amazon Assistant for Chrome [pbjikboenpfhbbejgkoklgkhjpfogcam] -> ERROR [2]
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [bing.com] -> Deleted
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN] -> Deleted
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
    --- User ---
    [MBR] f8196a3f36464a3c80b0c03a41a02241
    [BSP] 608c79d957753ee8236c468d14c98aa5 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 113921 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD7500AAKS-00RBA0 ATA Device +++++
    --- User ---
    [MBR] 66c2a20d1a2b4bc6acd8fbd9269536cc
    [BSP] cede988f4171384d55a70ab29563e4cd : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
    --- User ---
    [MBR] f62fb7523fee5d10dec91fe20d1429d6
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - android_meta | Offset (sectors): 2048 | Size: 16 MB
    1 - android_expand | Offset (sectors): 34816 | Size: 61038 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

  7. #7
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    ADW Cleaner Log:

    # AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 20 04:42:31 2017
    # Updated on 2017/29/11 by Malwarebytes
    # Running on Windows 10 Home (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Windows\System32\\SSL
    Deleted: C:\Windows\SysWOW64\\SSL


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    No malicious registry entries deleted.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [1010 B] - [2017/12/20 4:42:22]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  8. #8
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    Running these scans seems to have at least fixed something. I can now update spybot any my other AV/Malware software. Should I run that now?

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,458

    Default

    yes!

    I want you to find the installation you have for Farbar Recovery Scan Tool and delete it. The version you had was corrupted.

    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  10. #10
    Junior Member
    Join Date
    Dec 2017
    Posts
    9

    Default

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
    Ran by Jay (administrator) on JAY-PC (20-12-2017 09:39:14)
    Running from C:\Users\Jay\Desktop
    Loaded Profiles: Jay (Available Profiles: Jay)
    Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ========================================================

    C:\FRST\FRST64.exe => Win32/Suweezy? - moved successfully

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Greenshot) C:\Program Files\Greenshot\Greenshot.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (f.lux Software LLC) C:\Users\Jay\AppData\Local\FluxSoftware\Flux\flux.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\AMHelper.exe
    HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => E:\Keepvid\KeepVid Pro (Desktop)\KeepVidProUpdateHelper.exe
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1971872 2016-07-19] ()
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [441856 2017-10-23] (Power Software Ltd)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1069032 2017-12-15] (Blizzard Entertainment)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [GoogleChromeAutoLaunch_1DC2C497258DC181EE7CEA8580F59E00] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [f.lux] => C:\Users\Jay\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Discord] => C:\Users\Jay\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\MountPoints2: F - "F:\setup.exe"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\MountPoints2: H - "H:\setup.exe"
    Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2017-10-23]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 208.73.63.114
    Tcpip\..\Interfaces\{caa2ce7e-e35b-4c74-9a90-00093b61115a}: [DhcpNameServer] 192.168.11.1 208.73.63.114

    Internet Explorer:
    ==================
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-22] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-22] (Oracle Corporation)
    BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-07-19] ()
    Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
    FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-11-04] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
    FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-22] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/docs/spreadsheets/favicon_jfk2.png
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
    CHR Extension: (Slides) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (Overwatch Performance Tracker (Blank)...) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\amemnopljkanfileagmgohnmfnflikdo [2017-05-31]
    CHR Extension: (Docs) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
    CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
    CHR Extension: (Honey) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-19]
    CHR Extension: (Adblock Plus) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
    CHR Extension: (Steam Inventory Helper) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-19]
    CHR Extension: (Tampermonkey) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-05]
    CHR Extension: (Google Play Music) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-12-09]
    CHR Extension: (Sheets) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (Google Docs Offline) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-16]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-21]
    CHR Extension: (eSport Tournaments For Money ⚡ Hearth...) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnihfekhncchmljjkikeondcdehkbee [2016-10-04]
    CHR Extension: (TubeBuddy for YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-12-19]
    CHR Extension: (Google Hangouts) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
    CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-12-19]
    CHR Extension: (As Noted) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\phamnjjjhnobmbnkohdhfdlpiaoplaja [2016-08-19]
    CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-18]
    CHR Extension: (Chrome Media Router) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08]
    CHR HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
    R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-05-31] (Apple Inc.)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-12-15] (EasyAntiCheat Ltd)
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
    R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-20] (Electronic Arts)
    S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-20] (Electronic Arts)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
    S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AVer330USB; C:\WINDOWS\system32\DRIVERS\AVer330USB.sys [1551616 2015-04-09] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
    R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
    S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2013-08-05] (Etron Technology Inc)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
    S3 SMIGrabber3C; C:\WINDOWS\System32\Drivers\SmiUsbGrabber3C.sys [827952 2013-07-16] (Windows (R) Win 7 DDK provider)
    R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
    R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
    S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-20 09:39 - 2017-12-20 09:39 - 000020787 _____ C:\Users\Jay\Desktop\FRST.txt
    2017-12-20 09:38 - 2017-12-20 09:38 - 002392064 _____ (Farbar) C:\Users\Jay\Desktop\FRST64.exe
    2017-12-19 22:40 - 2017-12-19 22:42 - 000000000 ____D C:\AdwCleaner
    2017-12-19 21:07 - 2017-12-19 22:40 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-12-19 21:07 - 2017-12-19 21:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-12-19 20:51 - 2017-12-19 20:51 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\777281FE.sys
    2017-12-19 20:50 - 2017-12-19 22:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-12-19 20:48 - 2017-12-19 21:01 - 000000000 ____D C:\Users\Jay\Desktop\mbar
    2017-12-19 20:48 - 2017-12-19 20:48 - 017583333 _____ C:\Users\Jay\Downloads\mbar-1.10.3.1001.zip
    2017-12-19 20:47 - 2017-12-19 20:48 - 026878536 _____ (Adlice Software) C:\Users\Jay\Desktop\RogueKiller_portable64.exe
    2017-12-19 20:46 - 2017-12-19 20:46 - 008172032 _____ (Malwarebytes) C:\Users\Jay\Downloads\AdwCleaner.exe
    2017-12-16 00:07 - 2017-12-16 00:07 - 000000000 ___HD C:\$Windows.~WS
    2017-12-16 00:06 - 2017-12-16 00:06 - 018617536 _____ (Microsoft Corporation) C:\Users\Jay\Downloads\MediaCreationTool.exe
    2017-12-15 23:09 - 2017-12-15 23:09 - 000000000 ____D C:\Users\Jay\AppData\Roaming\EasyAntiCheat
    2017-12-15 23:09 - 2017-12-15 23:09 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
    2017-12-15 00:51 - 2017-12-15 00:51 - 000002402 _____ C:\Users\Jay\Desktop\closers.lnk
    2017-12-14 22:17 - 2017-12-14 22:17 - 000000000 ____D C:\Users\Jay\AppData\Local\En Masse Entertainment
    2017-12-14 22:17 - 2017-12-14 22:17 - 000000000 ____D C:\ProgramData\boost_interprocess
    2017-12-14 22:16 - 2017-12-14 22:16 - 000001426 _____ C:\Users\Public\Desktop\En Masse Launcher.lnk
    2017-12-14 22:16 - 2017-12-14 22:16 - 000000000 ____D C:\Users\Public\Games
    2017-12-14 22:16 - 2017-12-14 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment
    2017-12-14 22:10 - 2017-12-14 22:11 - 018689800 _____ (En Masse Entertainment ) C:\Users\Jay\Downloads\CLOSERS-Minimal-Installer.exe
    2017-12-14 21:11 - 2017-12-14 21:11 - 000000000 ____D C:\Users\Jay\Downloads\tweaking.com_registry_backup_portable
    2017-12-14 21:10 - 2017-12-14 21:10 - 003449206 _____ C:\Users\Jay\Downloads\tweaking.com_registry_backup_portable.zip
    2017-12-14 21:03 - 2017-12-14 21:18 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
    2017-12-14 21:03 - 2017-12-14 21:18 - 000000719 _____ C:\Users\Jay\Desktop\Windows 10 Update Assistant.lnk
    2017-12-14 21:03 - 2017-12-14 21:03 - 000000000 ____D C:\Windows10Upgrade
    2017-12-14 21:00 - 2017-12-14 21:00 - 000195346 _____ C:\Users\Jay\Downloads\wu170509.diagcab
    2017-12-14 20:58 - 2017-12-14 20:59 - 006541184 _____ (Microsoft Corporation) C:\Users\Jay\Downloads\Windows10Upgrade9252.exe
    2017-12-14 20:55 - 2017-12-14 20:55 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-12-14 20:55 - 2017-12-14 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-12-14 20:55 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-12-14 20:26 - 2017-12-14 20:26 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-12-14 10:56 - 2017-11-01 23:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2017-12-14 10:56 - 2017-09-29 23:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2017-12-14 10:56 - 2017-09-29 23:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
    2017-12-14 10:56 - 2017-09-29 01:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-12-14 10:56 - 2017-09-18 17:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-12-14 10:56 - 2017-09-04 23:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-12-14 10:56 - 2017-09-04 23:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-12-14 10:56 - 2017-09-04 22:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2017-12-14 10:56 - 2017-09-04 22:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2017-12-14 10:56 - 2017-09-04 22:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2017-12-14 10:56 - 2017-09-04 22:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2017-12-14 04:28 - 2017-12-14 04:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-12-14 04:28 - 2017-10-27 10:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2017-12-14 04:28 - 2017-09-13 17:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-12-14 04:28 - 2017-09-13 17:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-12-14 04:28 - 2017-09-13 17:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-12-14 04:28 - 2017-09-13 17:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-12-14 04:27 - 2017-10-16 23:11 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2017-12-14 04:27 - 2017-10-16 23:10 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2017-12-14 04:27 - 2017-10-16 23:10 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2017-12-14 04:27 - 2017-10-16 23:10 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2017-12-14 04:27 - 2017-10-16 23:05 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2017-12-14 04:27 - 2017-10-16 23:04 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-12-12 21:02 - 2017-12-13 00:05 - 000000000 ____D C:\Users\Jay\AppData\Roaming\.minecraft
    2017-12-12 21:00 - 2017-12-12 21:05 - 000000000 ____D C:\Program Files (x86)\Minecraft
    2017-12-12 21:00 - 2017-12-12 21:00 - 000001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
    2017-12-12 21:00 - 2017-12-12 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
    2017-12-12 20:54 - 2017-12-12 20:57 - 002314240 _____ C:\Users\Jay\Downloads\MinecraftInstaller.msi
    2017-12-12 20:37 - 2017-12-12 20:39 - 011204152 _____ (Piriform Ltd) C:\Users\Jay\Downloads\ccsetup538.exe
    2017-12-09 11:29 - 2017-12-09 11:29 - 000000000 ___HD C:\$WINDOWS.~BT
    2017-12-08 23:22 - 2017-12-08 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
    2017-11-30 23:17 - 2017-12-01 00:56 - 000000000 ____D C:\Users\Jay\Documents\American Truck Simulator

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-20 09:39 - 2017-10-23 22:27 - 000000000 ____D C:\FRST
    2017-12-20 09:35 - 2017-06-29 21:00 - 000000000 ____D C:\Users\Jay
    2017-12-20 09:35 - 2017-06-29 21:00 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-12-20 09:35 - 2016-04-18 18:38 - 000000000 ____D C:\Program Files (x86)\Steam
    2017-12-20 09:35 - 2016-04-18 18:35 - 000000000 ____D C:\Users\Jay\AppData\Local\Battle.net
    2017-12-20 09:35 - 2016-04-18 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2017-12-20 09:35 - 2016-03-08 20:34 - 000000000 __SHD C:\Users\Jay\IntelGraphicsProfiles
    2017-12-19 22:49 - 2017-07-08 00:21 - 000000000 ____D C:\WINDOWS\Minidump
    2017-12-19 22:49 - 2017-06-29 21:09 - 002222230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-12-19 22:49 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
    2017-12-19 22:43 - 2017-06-29 21:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-12-19 22:42 - 2017-03-18 05:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2017-12-19 22:38 - 2017-06-29 21:04 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ABA966A0-F804-4519-82BF-7CEA604833E8}
    2017-12-19 21:37 - 2016-04-18 20:59 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-12-19 21:08 - 2017-09-28 23:45 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-12-19 21:03 - 2017-09-28 23:45 - 000000000 ____D C:\Users\Jay\AppData\Local\psohkwl
    2017-12-19 20:51 - 2017-09-29 00:48 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-12-19 20:36 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-16 01:11 - 2016-03-09 01:15 - 000000000 ____D C:\ESD
    2017-12-16 00:07 - 2017-09-29 18:52 - 000000000 ____D C:\WINDOWS\Panther
    2017-12-16 00:01 - 2017-09-28 23:29 - 002797056 _____ C:\WINDOWS\system32\wmevglcsvc.exe
    2017-12-15 23:57 - 2017-03-18 05:40 - 015990784 _____ C:\WINDOWS\system32\config\HARDWARE
    2017-12-15 21:07 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-12-14 22:17 - 2017-08-01 21:58 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
    2017-12-14 21:02 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-12-14 21:02 - 2016-04-18 18:07 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
    2017-12-14 20:48 - 2017-03-18 15:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2017-12-14 20:48 - 2017-03-18 15:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\setup
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-12-14 20:48 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-12-14 06:40 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-12-14 04:29 - 2017-06-29 21:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-12-14 04:29 - 2017-01-28 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-12-14 04:29 - 2016-04-15 21:11 - 000000000 ____D C:\Temp
    2017-12-14 04:28 - 2017-06-29 21:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-12-14 04:28 - 2017-06-29 21:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-12-13 20:33 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-12-13 20:33 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-12-13 00:08 - 2017-06-29 20:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-12-12 20:39 - 2017-10-24 21:01 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2017-12-12 20:39 - 2017-10-24 21:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-12-12 20:35 - 2017-05-10 22:26 - 000000000 ____D C:\Users\Jay\AppData\Local\Discord
    2017-12-12 20:35 - 2016-10-25 21:14 - 000000000 ____D C:\Users\Jay\AppData\Roaming\discord
    2017-12-10 21:52 - 2016-05-17 08:35 - 000000000 ____D C:\Users\Jay\AppData\Local\Greenshot
    2017-12-05 23:08 - 2017-11-13 21:51 - 000000871 _____ C:\Users\Jay\Desktop\DRAGON BALL XENOVERSE 2.lnk
    2017-12-05 00:05 - 2017-01-27 22:12 - 000000000 ____D C:\Users\Jay\Documents\Square Enix
    2017-12-04 22:56 - 2016-07-23 14:36 - 000000000 ____D C:\Users\Jay\AppData\Local\CrashDumps
    2017-12-01 20:25 - 2017-03-18 15:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-12-01 20:25 - 2017-03-18 15:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-27 23:58 - 2016-04-24 20:03 - 000000000 ____D C:\Users\Jay\AppData\Roaming\vlc
    2017-11-27 23:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-11-20 23:36 - 2017-09-28 23:45 - 000000000 ____D C:\Users\Jay\AppData\Local\atrzclv

    ==================== Files in the root of some directories =======

    2016-08-21 14:00 - 2016-08-21 14:00 - 000002112 _____ () C:\Users\Jay\AppData\Local\recently-used.xbel
    2016-07-12 22:24 - 2017-01-22 18:06 - 000007660 _____ () C:\Users\Jay\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-11-30 22:36

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
    Ran by Jay (20-12-2017 09:39:44)
    Running from C:\Users\Jay\Desktop
    Windows 10 Home Version 1703 15063.540 (X64) (2017-06-30 03:07:31)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3889070278-3414657367-3443163699-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3889070278-3414657367-3443163699-503 - Limited - Disabled)
    Guest (S-1-5-21-3889070278-3414657367-3443163699-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3889070278-3414657367-3443163699-1002 - Limited - Enabled)
    Jay (S-1-5-21-3889070278-3414657367-3443163699-1000 - Administrator - Enabled) => C:\Users\Jay

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
    Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
    ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Belkin N300 Micro USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155.1 - Belkin International, Inc.)
    Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
    CLOSERS (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\EME_GAME_closers) (Version: - Naddic)
    CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4502.0 - CyberLink Corp.)
    Discord (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
    DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version: - )
    En Masse Launcher (HKLM-x32\...\{5d5e6f2b-6c03-4f96-8cd7-c16318764bc8}_is1) (Version: 1.0 - En Masse Entertainment)
    ezcap Video Grabber (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.1.1 - Somagic)
    EzGrabber version 3.0.1 (HKLM-x32\...\{59D21F0E-EA54-4438-A5B7-7EAD262FD873}_is1) (Version: 3.0.1 - Geniatech)
    f.lux (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\Flux) (Version: - f.lux Software LLC)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    HitFilm Express 2017 (HKLM\...\{752C4EC4-8031-476E-A3A5-A7023C06AC2C}) (Version: 5.0.7012.39363 - FXHOME)
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
    KeepVid Pro(Build 4.10.0.5) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.0.5 - KeepVid Studio)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LBRY 0.13.0 (HKLM-x32\...\e406725b-d361-5b1c-81f7-0a4c5ac54cb3) (Version: 0.13.0 - LBRY Inc.)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
    NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
    RetroArch 1.6.3 (HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\RetroArch) (Version: 1.6.3 - libretro)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Transcribe! 8.70 (HKLM-x32\...\com.seventhstring.Transcribe_is1) (Version: 8.70 - Seventh String Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    USB2.0 Audio Capture (HKLM\...\VID_1F4D&PID_0102&MI_00) (Version: 1.0.0.0 - Conexant Systems)
    USB2.0 Video Capture (HKLM\...\VID_1F4D&PID_0102&MI_01) (Version: 1.0.0.0 - Conexant Systems)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000_Classes\CLSID\{aa420d0f-9f35-449d-90da-58a65cf09e21}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-10-23] (Power Software Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {107C236C-B535-497D-9B01-2486418EF815} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
    Task: {20210802-D386-428D-BD07-9EFC7BB35636} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
    Task: {3ABEE73B-39CE-499D-A904-39DB2B1F64BC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
    Task: {5E61646E-9C96-45CA-B793-75E88655400D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
    Task: {8D173677-D7C5-4174-95C1-F41B7E6FEA62} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
    Task: {963DE68B-F76F-4459-8A26-21CB72971447} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
    Task: {97E25A7A-A4AC-409E-AD27-33FEF65DCE1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
    Task: {9C13EA45-2B77-4AF8-8494-F1AAB279CB3C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {9DB86DD4-E2A4-46CC-A3B4-833C71DB9CE2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
    Task: {9DC91F2D-DDAB-4C35-AC57-FD6FBE9B4F80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
    Task: {A232EA5B-49B1-4AFA-B921-7A4D8CD81B43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {BD1E37B9-4A77-4BCF-B5F7-A39075F0CB65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
    Task: {C44C4582-0B85-4E55-9837-760991956A54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
    Task: {DD16F220-3869-4117-ABC8-17338A235B55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {EA34435A-9245-41BA-9115-DFA21E9B0971} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {EA650FD0-7215-4E8E-8BF4-E00CB53B8289} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
    Task: {FABEEDB5-B9BC-4B76-8D16-548B5F89B034} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

    ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
    ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
    ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
    ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
    ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo

    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-18 14:57 - 2017-03-18 14:57 - 000377344 _____ () c:\windows\system32\SSDM.dll
    2017-01-28 13:56 - 2017-10-10 19:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-05-28 18:02 - 2014-04-14 17:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2017-12-14 20:55 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-06-29 21:00 - 2017-10-27 10:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-11-15 22:38 - 2017-10-10 19:05 - 000018880 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
    2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-06 20:32 - 2017-12-05 22:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
    2017-12-06 20:32 - 2017-12-05 22:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
    2017-09-28 23:45 - 2017-05-12 10:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-09-28 23:45 - 2016-09-13 13:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-09-28 23:45 - 2016-09-13 13:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-09-28 23:45 - 2016-09-13 13:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-01-28 13:56 - 2017-10-10 19:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-01-28 13:56 - 2017-10-10 19:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.

    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-04-18 20:59 - 2017-10-23 22:19 - 000456621 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15670 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
    DNS Servers: 192.168.11.1 - 208.73.63.114
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "WarThunderLauncher"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "BlueStacks Agent"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Overwolf"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1DC2C497258DC181EE7CEA8580F59E00"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Innkeeper"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Hearthstone Deck Tracker"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Wowhead_Client"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "TSMApplication"
    HKU\S-1-5-21-3889070278-3414657367-3443163699-1000\...\StartupApproved\Run: => "Haste"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{1E293B84-AD73-446C-9E4C-86F3019D42CE}E:\blizzard\hearthstone\hearthstone.exe] => (Allow) E:\blizzard\hearthstone\hearthstone.exe
    FirewallRules: [TCP Query User{7B5364A0-0AB5-4E60-A8E3-9739B1BD03FC}E:\blizzard\hearthstone\hearthstone.exe] => (Allow) E:\blizzard\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{4614884D-BD65-4E4F-ACD1-2723E0F9672C}C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe
    FirewallRules: [TCP Query User{27023CF3-C8D6-44C2-AFD0-52C7EE185AC6}C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8966\battle.net.exe
    FirewallRules: [{16C110B5-7698-438C-A2A1-6B2358884234}] => (Allow) E:\SteamLibrary\steamapps\common\Just Deserts\JustDeserts.exe
    FirewallRules: [{BA346340-115A-47D2-ADC5-5D70E2C525C2}] => (Allow) E:\SteamLibrary\steamapps\common\Just Deserts\JustDeserts.exe
    FirewallRules: [{A61FB616-2829-4455-BB65-0A0CEC2EC13E}] => (Allow) E:\SteamLibrary\steamapps\common\Love, Money, Rock-n-Roll Demo\Love, Money, Rock'n'Roll.exe
    FirewallRules: [{53D398F0-D5F9-4635-A96B-722F6BF69228}] => (Allow) E:\SteamLibrary\steamapps\common\Love, Money, Rock-n-Roll Demo\Love, Money, Rock'n'Roll.exe
    FirewallRules: [{70485754-85DF-4117-AD6B-B078D2E3CB87}] => (Allow) E:\SteamLibrary\steamapps\common\Mystic Destinies Serendipity of Aeons\Mystic Destinies.exe
    FirewallRules: [{E7B748F8-BBCE-4051-8B9B-FD90945FF599}] => (Allow) E:\SteamLibrary\steamapps\common\Mystic Destinies Serendipity of Aeons\Mystic Destinies.exe
    FirewallRules: [UDP Query User{4F56DC19-6A44-4F46-B202-C39CC319F67A}C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe
    FirewallRules: [TCP Query User{BEFCBEB2-15C7-4D63-BBC4-1F0442055085}C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8942\battle.net.exe
    FirewallRules: [UDP Query User{667BFDE5-D113-4B41-8F9D-7B5D2EDC1641}C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe
    FirewallRules: [TCP Query User{C693AF37-338F-4A8D-ABF7-236CB0425894}C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.8933\battle.net.exe
    FirewallRules: [{A13FBBE1-FFF0-4378-A82E-D7AE050BFC1D}] => (Allow) E:\SteamLibrary\steamapps\common\Trick and Treat\Trick and Treat.exe
    FirewallRules: [{8DA0579A-DE4E-4EBA-9564-0C9E546E05AC}] => (Allow) E:\SteamLibrary\steamapps\common\Trick and Treat\Trick and Treat.exe
    FirewallRules: [UDP Query User{FB664C13-4FAD-4388-A860-FFC1B94043F1}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [TCP Query User{F7A5E909-0DD6-4571-9C6B-8A036ADEA2A6}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [{397A1F48-FDBC-48DE-92B2-3D31C9AC3297}] => (Allow) E:\SteamLibrary\steamapps\common\Highway Blossoms\HighwayBlossoms.exe
    FirewallRules: [{93F7A951-A23D-4E00-AB6E-1A663C52A512}] => (Allow) E:\SteamLibrary\steamapps\common\Highway Blossoms\HighwayBlossoms.exe
    FirewallRules: [UDP Query User{05678027-9267-4EB4-A2A8-648B79151A0A}C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe
    FirewallRules: [TCP Query User{BC8B14DC-705E-4BE3-8CF3-5418DE4A6C0B}C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_lord_of_destruction_enus.exe
    FirewallRules: [UDP Query User{5D562D75-6497-435F-985B-8591389DF1C2}C:\users\jay\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_enus.exe
    FirewallRules: [TCP Query User{587534FD-4640-4964-8970-0E8B48EEF8CE}C:\users\jay\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\jay\downloads\downloader_diablo2_enus.exe
    FirewallRules: [{9F80FEBB-A1BC-43C1-AB00-070ED8519485}] => (Allow) E:\SteamLibrary\steamapps\common\Dragon Knight\game.exe
    FirewallRules: [{6AE61C3B-275A-4090-9BFF-C584239B1E4E}] => (Allow) E:\SteamLibrary\steamapps\common\Dragon Knight\game.exe
    FirewallRules: [UDP Query User{AF732291-9AFC-4EBE-9080-C7D639FEE1BF}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
    FirewallRules: [TCP Query User{599A70EB-F89E-4CC8-8337-FDEE3B0CA54C}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
    FirewallRules: [UDP Query User{CC0A3DD3-AE14-4477-B18F-6CBFE0DF09EF}E:\blizzard\diablo iii public test\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii public test\x64\diablo iii64.exe
    FirewallRules: [TCP Query User{C9FEFCF6-85C0-4A5A-9716-1955F5DD71C8}E:\blizzard\diablo iii public test\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii public test\x64\diablo iii64.exe
    FirewallRules: [UDP Query User{1D5D1AB1-CFAE-4B3C-80E0-C38CB045CB3B}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
    FirewallRules: [TCP Query User{1CE24D24-C8CE-492E-AFF4-30EE73322716}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
    FirewallRules: [{25FC9955-0328-4029-8C0B-0771F82D4E5E}] => (Allow) E:\SteamLibrary\steamapps\common\Cuit\Cuit.exe
    FirewallRules: [{3216FD4B-9354-433D-B781-FBA89E612A29}] => (Allow) E:\SteamLibrary\steamapps\common\Cuit\Cuit.exe
    FirewallRules: [{A91BF61A-1D31-44F4-98AC-2CE69A832C55}] => (Allow) E:\SteamLibrary\steamapps\common\Animal Lover\Animal_Lover.exe
    FirewallRules: [{43C0962D-EABF-4138-A3B9-548A434CC3B2}] => (Allow) E:\SteamLibrary\steamapps\common\Animal Lover\Animal_Lover.exe
    FirewallRules: [{558B2AF2-65BA-4012-A99A-4B4A1E9F8B00}] => (Allow) E:\SteamLibrary\steamapps\common\BackstagePass\backstagepass.exe
    FirewallRules: [{6178D810-6C74-4372-A0EC-40267BD22C99}] => (Allow) E:\SteamLibrary\steamapps\common\BackstagePass\backstagepass.exe
    FirewallRules: [{41E2924A-843D-4572-BD01-2CDDAEF52036}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{839D89F7-DB5D-4748-B87C-EA66E42E05F3}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{B999890A-6E30-47C5-8814-E15DF936FA3B}] => (Allow) E:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
    FirewallRules: [{6A83B102-9F9B-4542-B152-5B36A95B1807}] => (Allow) E:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
    FirewallRules: [UDP Query User{B514B26C-D5E4-4E5E-8A8A-17453E23FBE8}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [TCP Query User{3C427EEB-7069-4BCB-B472-9BBD8020120C}E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [{D8D496E9-0151-4943-85AE-AB122CA5A735}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
    FirewallRules: [{C0B94C76-46AF-487A-87B5-418D0C86230E}] => (Allow) E:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
    FirewallRules: [UDP Query User{509BB8B4-8CBB-4215-8A63-27BDC1564F31}E:\blizzard\diablo iii\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii\x64\diablo iii64.exe
    FirewallRules: [TCP Query User{7948856B-4716-4767-8EFE-0E1E2EDFB38D}E:\blizzard\diablo iii\x64\diablo iii64.exe] => (Allow) E:\blizzard\diablo iii\x64\diablo iii64.exe
    FirewallRules: [{BE1139FB-4D6E-4A58-A2F9-1CB51DF022C7}] => (Allow) E:\SteamLibrary\steamapps\common\Montaro\nw.exe
    FirewallRules: [{73F68D09-007D-42A8-8032-4C489FA13D7B}] => (Allow) E:\SteamLibrary\steamapps\common\Montaro\nw.exe
    FirewallRules: [{9410F98B-6A65-445D-8F0D-3D7C9BA5F6AA}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{9C234CB0-95D7-46C7-A211-DB7238D7CE8F}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{8ED9A1D0-2382-45AB-95F8-598E567B17B0}] => (Allow) E:\SteamLibrary\steamapps\common\Out of the Park Baseball 17\ootp17.exe
    FirewallRules: [{2800507C-337A-4DD5-975D-E7890AAE97B8}] => (Allow) E:\SteamLibrary\steamapps\common\Out of the Park Baseball 17\ootp17.exe
    FirewallRules: [{3F111557-BE1F-48A5-A5F2-DACF78FEFB48}] => (Allow) E:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
    FirewallRules: [{747A20A2-2E65-41DD-B4D8-F51DD8D3609A}] => (Allow) E:\SteamLibrary\steamapps\common\Shovel Knight\ShovelKnight.exe
    FirewallRules: [{283088D4-30E3-461A-BC0B-0DAC70CC5040}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{FDC54168-5A22-4B17-BA98-9DF9C45C82FA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{5283A2F2-D450-4319-BE0E-28579D3BDBA5}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
    FirewallRules: [{7122563B-DD64-465C-9834-5D6F5BD8212C}] => (Allow) E:\SteamLibrary\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
    FirewallRules: [{024968D9-2438-47DE-92D4-28C432C54EA2}] => (Allow) E:\SteamLibrary\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
    FirewallRules: [{EE59BB20-E6FE-43F3-A294-A54ED6CE43FE}] => (Allow) E:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [{F9C6CBD0-2427-43A6-A004-CD875DD2B1E9}] => (Allow) E:\SteamLibrary\steamapps\common\Rocksmith2014\Rocksmith2014.exe
    FirewallRules: [UDP Query User{6DE37FBB-0047-4540-81C3-9F8F27253153}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
    FirewallRules: [TCP Query User{9108711A-42EB-4CB8-AA38-C093AD3EE313}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
    FirewallRules: [{DC5CFB49-AFC1-472D-BB43-B2C8908D2CFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6CB5F059-8D36-4550-83A5-6B5D701280D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{85ED8251-7159-4768-ACEF-20D5AFDB8DBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{2A3C1B1D-D896-4207-9FDC-8A774A328BAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{DB4BC014-A1EE-4EF5-8A8A-DAC8E55A368E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{1578AAB0-EC31-4969-ABD5-C95490B9F8EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1FE1EB29-B8DC-4BFC-9DD3-A43A81CA60DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{D94A57AC-FBB7-41C9-BA45-DB15E30A5F2E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{60D85E0B-11CF-4FA7-9299-87CB4D6A922E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{E233AE71-A1E4-4DD8-B5EB-2A2A50E6B2CE}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{3FE794B9-C390-4B2D-AD5B-AE214B8FF195}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{244D955F-E59C-485A-B55A-F639A197385F}] => (Allow) E:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
    FirewallRules: [{14DE62FD-28DA-4C7E-A249-51AADA375B73}] => (Allow) E:\SteamLibrary\steamapps\common\The Last Remnant\Binaries\TLR.exe
    FirewallRules: [{0F2FC2B5-79D2-4700-9200-54F969531F29}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
    FirewallRules: [{E25031E9-32A4-48CF-BF6B-9D730F65AD21}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
    FirewallRules: [{ED9189F5-E980-4ABC-8ED9-71531EB430F5}] => (Allow) E:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{F0E53FAE-0307-4F40-9DEC-214621AEF09D}] => (Allow) E:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{CFDFD0CC-F4C1-4769-A8A6-884983BF5AD8}] => (Allow) E:\SteamLibrary\steamapps\common\Dust An Elysian Tail\DustAET.exe
    FirewallRules: [{8D14CEC2-7953-4310-950D-44F04CB88770}] => (Allow) E:\SteamLibrary\steamapps\common\Dust An Elysian Tail\DustAET.exe
    FirewallRules: [{427A1EB4-6709-4EBA-8362-ABE3E9042FE3}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy III\FF3_Launcher.exe
    FirewallRules: [{03EC04A8-A50D-43DF-B69F-BB4FF20406BE}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy III\FF3_Launcher.exe
    FirewallRules: [{38C2724F-9548-4FB4-8B55-C8A57314DDDB}] => (Allow) E:\SteamLibrary\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
    FirewallRules: [{8AABE138-087B-4CE3-A45A-287916B68BC0}] => (Allow) E:\SteamLibrary\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
    FirewallRules: [{15764486-09DA-4C61-86C8-A79589FECCE5}] => (Allow) E:\SteamLibrary\steamapps\common\Offworld Trading Company\Offworld.exe
    FirewallRules: [{51A32CEA-F4E5-4E7D-9BBE-B1AE9899C07A}] => (Allow) E:\SteamLibrary\steamapps\common\Offworld Trading Company\Offworld.exe
    FirewallRules: [{98AD9DC2-38BA-4A11-A4AE-6D05FEE801B3}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
    FirewallRules: [{62168692-A446-4748-94BB-EC3DBA010034}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
    FirewallRules: [{ECB16363-CA93-4D11-ACCE-17E92E111E80}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
    FirewallRules: [{0E053FCC-A07E-4754-B78A-370511D56D88}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
    FirewallRules: [{FD738A9B-F4DA-4216-AEF6-7B570DC267E1}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
    FirewallRules: [{F7C6D79B-CCC1-41A0-96B7-A83676C12E88}] => (Allow) E:\SteamLibrary\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
    FirewallRules: [{956C41B5-22F3-4B86-BD9D-4C26689018DB}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY IV THE AFTER YEARS\FF4A_Launcher.exe
    FirewallRules: [{38A3B7EC-37F2-40C8-9F00-E0282E88433D}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY IV THE AFTER YEARS\FF4A_Launcher.exe
    FirewallRules: [{CAA0F9DF-A776-4CFD-AC9D-666FEFFC6AED}] => (Allow) E:\SteamLibrary\steamapps\common\Divine Slice of Life\Divine Slice of Life.exe
    FirewallRules: [{0B3A47EA-383D-4A71-B785-C2551C2588B6}] => (Allow) E:\SteamLibrary\steamapps\common\Divine Slice of Life\Divine Slice of Life.exe
    FirewallRules: [{01FDB210-FEC2-47EC-AB3A-02ACE73F9377}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{E3E497C7-EAB6-4B46-A965-BE2BFC895545}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{8C903A95-4440-485F-B13A-A8E181C74B17}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
    FirewallRules: [{95957658-CE05-409D-AB70-CB182B734407}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY V\FFV_Launcher.exe
    FirewallRules: [{09819EF2-652A-4CB4-BD25-7B779DD2055F}] => (Allow) E:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
    FirewallRules: [{E00ABBD9-3FC8-4D59-A63C-6FD310A31AA6}] => (Allow) E:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
    FirewallRules: [TCP Query User{F6E9CE83-E56B-4D5F-AFA6-BA587FDB29EB}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{FAD6955B-0E04-448B-A49A-88544F5BF7A8}E:\blizzard\overwatch\overwatch.exe] => (Allow) E:\blizzard\overwatch\overwatch.exe
    FirewallRules: [TCP Query User{C5B66CB0-5823-4DFA-8955-E61A0F301988}E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{3993AF4E-F2D3-4C2A-92C1-18DAB7C7F663}E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\steamlibrary\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe
    FirewallRules: [TCP Query User{22017523-80A8-4409-9D06-4E1BBB26AA09}E:\blizzard\diablo iii\diablo iii.exe] => (Allow) E:\blizzard\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{6C68789D-9BAE-4867-909A-A088DD976097}E:\blizzard\diablo iii\diablo iii.exe] => (Allow) E:\blizzard\diablo iii\diablo iii.exe
    FirewallRules: [{9ED32E22-6555-4374-852B-3CA9ECC53C44}] => (Allow) E:\SteamLibrary\steamapps\common\Panzermadels\Panzermadels.exe
    FirewallRules: [{68247DB3-9A94-4D4B-A4D6-B88E3E6B2E5A}] => (Allow) E:\SteamLibrary\steamapps\common\Panzermadels\Panzermadels.exe
    FirewallRules: [{0F7E9D98-14E1-464E-97DA-61B4F956AB69}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
    FirewallRules: [{661962B9-BF34-49CA-8DAD-BECB761DE132}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Spirit\Sakura Spirit.exe
    FirewallRules: [{A4A7A6E6-CD92-43E6-8005-44FBC782AA6B}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Angels\Sakura Angels.exe
    FirewallRules: [{A71E63EF-D61A-4BC7-BA50-029FF9BF75A7}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Angels\Sakura Angels.exe
    FirewallRules: [{528FCE77-11C8-4812-B8FB-7B8AB88CA53D}] => (Allow) E:\SteamLibrary\steamapps\common\Tokyo School Life\TSL.exe
    FirewallRules: [{CB24FB48-862E-4B17-83C4-6824113BE885}] => (Allow) E:\SteamLibrary\steamapps\common\Tokyo School Life\TSL.exe
    FirewallRules: [{3F5201A5-24EE-4DE0-9EE2-5E09CEA158B8}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
    FirewallRules: [{B2B79E05-FB5B-4237-B9C3-5677BF8084D3}] => (Allow) E:\SteamLibrary\steamapps\common\Sakura Fantasy\Sakura Fantasy.exe
    FirewallRules: [{671AF55F-A671-419A-A0F8-6F2C3C95BAC4}] => (Allow) E:\SteamLibrary\steamapps\common\Sins Of The Demon\Game.exe
    FirewallRules: [{1010D2D2-4ABC-416B-8B30-4463013128B0}] => (Allow) E:\SteamLibrary\steamapps\common\Sins Of The Demon\Game.exe
    FirewallRules: [{9D19AC90-B12D-4F9E-9027-2D7409887903}] => (Allow) E:\SteamLibrary\steamapps\common\Legend of Mysteria\EQLauncher.exe
    FirewallRules: [{3A8AE379-415F-479C-BC5E-C3F0ECBD7914}] => (Allow) E:\SteamLibrary\steamapps\common\Legend of Mysteria\EQLauncher.exe
    FirewallRules: [{FEFBBC67-D8D0-4466-B232-E8A374EC8A9C}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia RPG 2\Game.exe
    FirewallRules: [{61522CB0-1730-45C1-BC12-8EEFD0B1B192}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia RPG 2\Game.exe
    FirewallRules: [{3229A866-089B-4481-BD5B-A5E9C8FB60D2}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia\Game.exe
    FirewallRules: [{56AC2BE3-7F51-4DFE-9021-272680C0AF7D}] => (Allow) E:\SteamLibrary\steamapps\common\Labyronia\Game.exe
    FirewallRules: [{13CD2C9C-E34D-426E-83BA-C5C362C776E1}] => (Allow) E:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
    FirewallRules: [{E2FBDDF2-0B17-4D68-8C8C-721C1DD96F44}] => (Allow) E:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
    FirewallRules: [{CF2575FD-DB7C-46BF-8F3B-E42683D6B424}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F0395C2E-C3BE-4F50-BD88-BEBB6479754E}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C8E21D9A-5BC9-4A9D-AE04-38BC77FA4A51}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{6436E477-DE7C-4839-8AE5-697687723612}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A7BC34E7-2EE3-4A05-A51D-A1553F0D5086}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F1D8DF29-DE42-4E05-819E-C20E9346437E}] => (Allow) C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0F753FE9-6E82-4DC4-B3C8-6EE0D0637FF5}] => (Allow) E:\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
    FirewallRules: [{BA77F7FB-3561-4446-B244-C529D58D5AC4}] => (Allow) E:\SteamLibrary\steamapps\common\Punch Club\Punch Club.exe
    FirewallRules: [{FE1CCF82-71B7-485B-B2BF-46810504A681}] => (Allow) E:\SteamLibrary\steamapps\common\Sepia Tears\sepiatears.exe
    FirewallRules: [{78F79D48-8EDE-4E8F-A985-166D7060601F}] => (Allow) E:\SteamLibrary\steamapps\common\Sepia Tears\sepiatears.exe
    FirewallRules: [{434CF268-F55B-40FC-83BB-3B2D8770A025}] => (Allow) E:\SteamLibrary\steamapps\common\ChuSingura46+1\ChuSinGura46+1.exe
    FirewallRules: [{916A795B-6E8A-4621-A64B-D991E50FFE39}] => (Allow) E:\SteamLibrary\steamapps\common\ChuSingura46+1\ChuSinGura46+1.exe
    FirewallRules: [{22B80331-037C-4242-85DB-7AB5CA9E9AD6}] => (Allow) E:\SteamLibrary\steamapps\common\One Thousand Lies\One Thousand Lies.exe
    FirewallRules: [{0F8402BB-0184-47CD-BE17-9E09164D7509}] => (Allow) E:\SteamLibrary\steamapps\common\One Thousand Lies\One Thousand Lies.exe
    FirewallRules: [{01715534-7CAD-4825-84E5-249409930AF0}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{88F48756-EA17-4848-B992-B5B6ACF68748}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
    FirewallRules: [{B9A96F18-AED1-4E74-AC98-7C929D893B0C}] => (Allow) E:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
    FirewallRules: [{1F6D64D2-3670-4E85-8F7F-2190359C7AE0}] => (Allow) E:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
    FirewallRules: [TCP Query User{7100DE16-2F14-4BDB-919C-6227F6BCAA86}E:\blizzard\overwatch test\overwatch.exe] => (Allow) E:\blizzard\overwatch test\overwatch.exe
    FirewallRules: [UDP Query User{DEFBC4B4-813D-4335-8AB8-04C07B099A3F}E:\blizzard\overwatch test\overwatch.exe] => (Allow) E:\blizzard\overwatch test\overwatch.exe
    FirewallRules: [{E02072DF-511D-4BA6-9E55-E1EEDA5E5A0B}] => (Allow) E:\SteamLibrary\steamapps\common\Tangledeep\Tangledeep.exe
    FirewallRules: [{0B8118D9-9D42-4757-A0B2-0F57EFD6D740}] => (Allow) E:\SteamLibrary\steamapps\common\Tangledeep\Tangledeep.exe
    FirewallRules: [{D31DE898-CFDE-4027-9006-00C4FEBCA199}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
    FirewallRules: [{4DC438E0-A349-4CC5-AD0A-FB45338A5971}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
    FirewallRules: [{4B5E8BBC-DD5F-45C3-95DE-4A51E678D1A4}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
    FirewallRules: [{E3D74D36-816A-4535-9871-848E8AB294B1}] => (Allow) E:\SteamLibrary\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
    FirewallRules: [TCP Query User{E8203AB6-88C8-46E9-A0C6-E4B6D9F95009}C:\program files (x86)\battle.net\battle.net.beta.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.exe
    FirewallRules: [UDP Query User{884C17DD-35A2-42EF-8961-1DC11D4DFA11}C:\program files (x86)\battle.net\battle.net.beta.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.beta.exe
    FirewallRules: [{E5FA101E-73FF-405A-B135-AE0190E8640F}] => (Allow) E:\SteamLibrary\steamapps\common\Dysfunctional Systems Orientation\Dysfunctional Systems - Episode 0.exe
    FirewallRules: [{214035C1-8147-442B-A085-103D68E60EE3}] => (Allow) E:\SteamLibrary\steamapps\common\Dysfunctional Systems Orientation\Dysfunctional Systems - Episode 0.exe
    FirewallRules: [TCP Query User{C29A120D-7B76-4D52-AB7C-D628DBB7487E}C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe] => (Allow) C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe
    FirewallRules: [UDP Query User{A174C144-9373-4878-88BA-142E32374CF7}C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe] => (Allow) C:\program files (x86)\lbry\resources\app\dist\lbrynet-daemon.exe
    FirewallRules: [TCP Query User{8D7246E6-8185-49B4-AC22-9B3F8078AD6B}C:\blizzard\overwatch\overwatch.exe] => (Allow) C:\blizzard\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{4612BFD0-C27D-4376-A4EC-85CCF13783DA}C:\blizzard\overwatch\overwatch.exe] => (Allow) C:\blizzard\overwatch\overwatch.exe
    FirewallRules: [{60788383-7947-41DD-AE98-0C050F683D33}] => (Allow) E:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{D082614A-F61E-454A-A734-31E90D1CAA01}] => (Allow) E:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{180AA278-2BF3-4517-A4B7-EE0224C6EB28}] => (Allow) C:\Users\Jay\Downloads\LiquidSkyClient0.2.9.exe
    FirewallRules: [{B5ACBAB6-059F-4786-92DF-119F94BC455A}] => (Allow) C:\Users\Jay\Downloads\LiquidSkyClient0.2.9.exe
    FirewallRules: [TCP Query User{AC48CEBC-44EA-4A0C-9F84-302928F87712}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [UDP Query User{770B2E98-3491-4901-89E4-27A2B6607057}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [{AD40BDD8-3C77-46DB-BB79-4F04D4D47099}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
    FirewallRules: [{92865F4C-8B23-4639-AF9B-725A192E66E8}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
    FirewallRules: [{E9315E20-EDE6-4EF5-BF5B-835EC8EAFDC7}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
    FirewallRules: [{81209488-E014-4687-AABB-2A79D99610A9}] => (Allow) C:\Users\Jay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
    FirewallRules: [{F6BED7A5-34F4-4104-9583-A77D529B25D6}] => (Allow) E:\SteamLibrary\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
    FirewallRules: [{2C142BC5-A84B-43D5-BA36-69735710C1D1}] => (Allow) E:\SteamLibrary\steamapps\common\CUPID - A free to play Visual Novel\CupidVN.exe
    FirewallRules: [{A6DEBB21-FCF7-4FA9-B232-9E9F12DD52F7}] => (Allow) E:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
    FirewallRules: [{69FE865C-1A2D-40C7-B0B5-500441A17CEC}] => (Allow) E:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
    FirewallRules: [{E0A120CC-A323-4A04-9A86-8C21EAABA759}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe
    FirewallRules: [{52421609-9A35-4C19-93D2-28DF641A1BCF}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGameRoom.exe
    FirewallRules: [{E6C14AD6-EBAF-4BFA-9A62-D4739B0E5EE2}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
    FirewallRules: [{6D66D033-EF1B-4AEC-962F-57497AC6CE7A}] => (Allow) E:\SteamLibrary\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
    FirewallRules: [{079FA334-A844-4D58-A0AC-EEC5219F24D6}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\nw.exe
    FirewallRules: [{6A3F9C99-8FDF-4F6C-8852-58496B7D9A1F}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\nw.exe
    FirewallRules: [{7585706F-6087-4069-8676-A1ACEB692198}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{45C70CAF-24BB-485F-B6B3-EF71B0224CA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{A117E5D2-1283-46CD-90C4-794E1F5880ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{202E9D41-E7FB-4CF9-A7E4-ED471D808784}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9358989C-C6F1-4714-BB19-AD3403E30606}] => (Allow) E:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
    FirewallRules: [{0AC017B1-92E5-4599-B595-661D903D5B32}] => (Allow) E:\SteamLibrary\steamapps\common\Sonic Mania\SonicMania.exe
    FirewallRules: [{A9480DBA-D50C-4233-990C-A45E16F2BD4C}] => (Allow) E:\SteamLibrary\steamapps\common\Material Girl\Game.exe
    FirewallRules: [{A775324D-74FF-4D89-A150-178BD7FD79AC}] => (Allow) E:\SteamLibrary\steamapps\common\Material Girl\Game.exe
    FirewallRules: [{4370BD42-876F-4FEB-A1FF-4C49D55A7F64}] => (Allow) E:\SteamLibrary\steamapps\common\Orion Trail\Orion Trail.exe
    FirewallRules: [{5BCC914F-473B-4795-A387-65E586F08DCF}] => (Allow) E:\SteamLibrary\steamapps\common\Orion Trail\Orion Trail.exe
    FirewallRules: [{61A22BBD-6713-4B67-895A-D44F2C002826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [{FE20FC5B-D190-4328-81E6-6207EC9F2B3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [{C822B3F2-04F7-4ADD-9B7C-4993D5A335D9}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮攮數
    FirewallRules: [{05BB9863-7264-418E-B6C3-66542DCDD69C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜浮汥整杤敲湯屹湕敭瑬摥牧潥祮⹟硥e
    FirewallRules: [{56E50A92-FE8E-447B-BEE5-FE51F7D231D9}] => (Allow) E:\SteamLibrary\steamapps\common\Strawberry Vinegar\Strawberry Vinegar.exe
    FirewallRules: [{0D64784A-E61D-485E-90BE-A438BA7AFB77}] => (Allow) E:\SteamLibrary\steamapps\common\Strawberry Vinegar\Strawberry Vinegar.exe
    FirewallRules: [{A0188E5E-2657-44BA-A04B-DF8EBB67004D}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\windsdemo\Game.exe
    FirewallRules: [{76AE0FB8-F382-4F71-89EB-E0D693BE1C40}] => (Allow) E:\SteamLibrary\steamapps\common\MajorMinorDefinitive\windsdemo\Game.exe
    FirewallRules: [TCP Query User{D2E635FE-C5AE-4B1A-B21D-5D9C3A2DE32E}E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E53A641A-E218-474F-977E-6EB71B516F7C}E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) E:\blizzard\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [{65B4CEEE-39E0-4076-8814-A1EE3219D612}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{85564162-1323-44B0-B028-B3EF19E48D4A}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
    FirewallRules: [{C41D6724-5DB3-4940-ABAC-F2B5FFE2D395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{FFE68601-3C03-4158-8AC5-F06342F3FEDB}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{9C087293-AD63-4D4C-A018-9EE5F45095EE}] => (Allow) E:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
    FirewallRules: [{569678E8-B6D9-4AEF-9614-BBCE69D092C0}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
    FirewallRules: [{B57047F9-8422-49FD-BEA8-7B5843C9FDE0}] => (Allow) E:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
    FirewallRules: [{5EEBC69C-D91A-4955-BAB3-3EE0260FC2B1}] => (Allow) E:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe
    FirewallRules: [{9161E69F-CD22-455D-86A3-743FC2B660C8}] => (Allow) E:\SteamLibrary\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe
    FirewallRules: [{BEE5B9D2-9277-4EEA-9A70-B3CCDCC3961A}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
    FirewallRules: [{59CA21D8-F5FE-4E03-80D8-1A08BA8B86D3}] => (Allow) E:\SteamLibrary\steamapps\common\FINAL FANTASY FFX&FFX-2 HD Remaster\FFX&X-2_LAUNCHER.exe
    FirewallRules: [{9B811EAE-24E8-4CEF-9B93-1E7E8E347B05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4FBA13F3-5E0C-4B56-BBD4-00C6343B51F7}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{11F9DB29-B90E-4254-89D5-B75BCA1CC05E}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{BA3318F8-CF1C-4461-B951-A55EA8FBC239}] => (Allow) E:\SteamLibrary\steamapps\common\Idol Magical Girl Chiruchiru Michiru Part 1\MichiruPt1Launcher.exe
    FirewallRules: [{8325C52D-624B-4F63-8555-7F7FFF940A7D}] => (Allow) E:\SteamLibrary\steamapps\common\Idol Magical Girl Chiruchiru Michiru Part 1\MichiruPt1Launcher.exe
    FirewallRules: [{46B65C2F-AAF6-4349-B3B8-A6B9EFF46261}] => (Allow) E:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe
    FirewallRules: [{C915F0D0-86DA-4450-996F-9C4775DCDA15}] => (Allow) E:\SteamLibrary\steamapps\common\DB Xenoverse 2\START.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1110

    Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1110

    Error: (12/19/2017 10:50:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (12/20/2017 09:38:53 AM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
    Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

    Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (12/19/2017 10:49:59 PM) (Source: DCOM) (EventID: 10010) (User: JAY-PC)
    Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================
    Date: 2017-12-20 09:38:53.248
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.243
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.238
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.233
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.228
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.223
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.218
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.213
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.208
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-12-20 09:38:53.202
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
    Percentage of memory in use: 39%
    Total physical RAM: 8109.11 MB
    Available physical RAM: 4918.4 MB
    Total Virtual: 12973.11 MB
    Available Virtual: 9124.08 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.25 GB) (Free:8.15 GB) NTFS
    Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: () (Fixed) (Total:698.54 GB) (Free:158.34 GB) NTFS
    Drive f: () (Removable) (Total:0.06 GB) (Free:0.03 GB) NTFS
    Drive h: (DRAGON BALL XENOVERSE 2) (CDROM) (Total:11.2 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D6D916F4)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7E77F7DD)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 60 MB) (Disk ID: 73736572)
    Partition 1: (Not Active) - (Size=866 GB) - (Type=72)
    Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
    Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
    Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

    ==================== End of Addition.txt ============================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •