Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Difficult to remove Adware. (Wonderads.com)


  • This topic is locked This topic is locked
19 replies to this topic

#1 CFGCM

CFGCM

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 13 March 2017 - 04:42 PM

Hello,
i downloaded a file i probably shouldn't have and indeed was infected with the wonderads adware, I am unable to stop it from opening in my chrome browser, Things i have tried:
1. Malwarebytes free trial - scanned and removed items.
2. adwcleaner - Again, scanned and removed items.
3. avast browser cleanup - reset chrome ie and firefox settings and removed dodgy extensions.
4. uninstalled similar programs that aren't as embedded as this wonderads adware.
Notes: I have repeated these scans over and over, they don't show any recursive files/adware.
the link i keep getting spammed with is: hxxx://blogcreative.org/lropsm]Mod Edit:  Deactivated link - Hamlluis.
 
Thanks for helping!
Colya,


Edited by hamluis, 13 March 2017 - 05:05 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 13 March 2017 - 06:39 PM

Hello CFGCM and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programmes unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download zoek.exe to your Desktop.

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8/10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Logs to include with next post:

zoek-results.log
RKreport.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 14 March 2017 - 02:47 AM

Ok il give this a try, il try to respond in the next 12 hrs... thanks for the help.

Colya,



#4 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 14 March 2017 - 02:53 AM

:thumbup2:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 14 March 2017 - 12:36 PM

zoek report:

"

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by DESKTOP-CFGCM on 14/03/2017 at 16:48:38.01.
Microsoft Windows 10 Pro 10.0.14393  x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
14/03/2017 16:49:26 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\NetworkTiles deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\PeerDistRepub deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Skyrim Special Edition deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\DESKTOP-CFGCM\AppData\Roaming\7DaysToDie deleted
C:\Users\DESKTOP-CFGCM\AppData\Roaming\Curse Client deleted
C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DESKTOP-CFGCM\AppData\Local\Unity deleted
C:\Users\DESKTOP-CFGCM\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\DESKTO~1\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu0hi6.default
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 26.0.1410.40
 
 
ZenMate Firewall - DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc
Enhanced Steam - DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg
Chrome Media Router - DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ciuvo.com_0.localstorage deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ciuvo.com_0.localstorage-journal deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\DESKTOP-CFGCM\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\DESKTOP-CFGCM\AppData\Local\Mozilla\Firefox\Profiles\8qxu0hi6.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1450 folders=295 1251689886 bytes)
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\DESKTO~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
 
==== EOF on 14/03/2017 at 17:02:35.55 ======================
"
 
RK report:
"
RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : DESKTOP-CFGCM [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/14/2017 17:08:07 (Duration : 00:24:08)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> Found
[Suspicious.Path|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> Found
[Suspicious.Path|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8C8143AF-CC77-4B06-8101-30BAE7E94E50}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2A8F7AFA-A9EF-4AE0-9B6F-6D10BC153022}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
[Suspicious.Path|PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E02B8C23-E79C-462F-B7CF-00F6619062BB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\DESKTOP-CFGCM\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Inbound rule for Amigo to allow mDNS traffic.|EmbedCtxt=Amigo| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD6SB1M128G1022I +++++
--- User ---
[MBR] 852c4530bf93ba9ff63605ba1f77349b
[BSP] 2dc6d92363c8e2814bfeec5b26465a62 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 121537 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 64649874bd78e185c61c62c2996258bd
[BSP] 02f359cc437fe78eb9e14bdd469a1a76 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 88e94d344376ec790e81a63c012a416f
[BSP] 4990f9efa57787d537042fd22ba6989e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
"
Hope this helps
Colya,


#6 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 14 March 2017 - 04:25 PM

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8/10 users, right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the ‘Registry’ tab
  • make sure the following entries there are checked:


    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Found
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> Found
    [Suspicious.Path|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> Found
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> Found
    [Suspicious.Path|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8C8143AF-CC77-4B06-8101-30BAE7E94E50}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2A8F7AFA-A9EF-4AE0-9B6F-6D10BC153022}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Found
    [Suspicious.Path|PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E02B8C23-E79C-462F-B7CF-00F6619062BB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\DESKTOP-CFGCM\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Inbound rule for Amigo to allow mDNS traffic.|EmbedCtxt=Amigo| [x] -> Found

     

  • click on the ‘Files’ tab make sure the following entries are checked:


    [Suspicious.Path][File] IMVU.lnk -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [LNK@] C:\Users\new\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" -> [Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found

     

  • then press the Delete button and post the log it produces.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

RogueKiller fix log
Frst.txt
Addition.txt


Can you tell me what changes there are and the remaining problems.

Thanks

Nina


Edited by satchfan, 14 March 2017 - 04:26 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 14 March 2017 - 05:31 PM

RogueKiller Fix Log:

"

RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : DESKTOP-CFGCM [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/14/2017 21:57:50 (Duration : 00:22:46)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\IM -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> Deleted
[Suspicious.Path|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ilhsoft : C:\Users\DESKTOP-CFGCM\AppData\Local\Ilhsoft\b9a4a330f4118a3374ffebb8d71e75af.exe [x] -> ERROR [2]
[Suspicious.Path|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3598720550-650973306-2224075286-1001\Software\Microsoft\Windows\CurrentVersion\Run | mailruhomesearch : "C:\Users\DESKTOP-CFGCM\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8C8143AF-CC77-4B06-8101-30BAE7E94E50}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2A8F7AFA-A9EF-4AE0-9B6F-6D10BC153022}C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User| [x] -> Deleted
[Suspicious.Path|PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E02B8C23-E79C-462F-B7CF-00F6619062BB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\DESKTOP-CFGCM\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Inbound rule for Amigo to allow mDNS traffic.|EmbedCtxt=Amigo| [x] -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD6SB1M128G1022I +++++
--- User ---
[MBR] 852c4530bf93ba9ff63605ba1f77349b
[BSP] 2dc6d92363c8e2814bfeec5b26465a62 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 121537 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 64649874bd78e185c61c62c2996258bd
[BSP] 02f359cc437fe78eb9e14bdd469a1a76 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 88e94d344376ec790e81a63c012a416f
[BSP] 4990f9efa57787d537042fd22ba6989e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
"
 
First Farbar Log:
"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
Ran by DESKTOP-CFGCM (administrator) on DESKTOP-CFGCM (14-03-2017 22:26:07)
Running from D:\Downloads
Loaded Profiles: DESKTOP-CFGCM (Available Profiles: defaultuser0 & DESKTOP-CFGCM)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Software, Inc) D:\Multiplicity2\MultiSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
() C:\Windows\SysWOW64\ASGT.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\x64\hamachi-2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Stardock Software, Inc) D:\Multiplicity2\Multipl2.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Control.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Drag.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) E:\Steam\Steam.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202008 2013-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [R.A.T.Pro S] => C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe [163840 2016-01-11] (Mad Catz Inc)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MSI)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Discord] => C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Steam] => E:\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [GoogleChromeAutoLaunch_92870429EEE61869F0498A4494B1CE4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-01-05]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Yeti Pro Control Panel Autostart.lnk [2017-01-05]
ShortcutTarget: Yeti Pro Control Panel Autostart.lnk -> C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe ()
Startup: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-01-06]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{bfb28e3b-604e-40c8-8600-a61af6264c38}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3598720550-650973306-2224075286-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-26] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-26] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 8qxu0hi6.default
FF ProfilePath: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu0hi6.default [2017-03-12]
FF Keyword.URL: Mozilla\Firefox\Profiles\8qxu0hi6.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B76662C63-7E41-4BDF-B565-4F4C38C73EF2%7D&gp=811041
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3598720550-650973306-2224075286-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DESKTOP-CFGCM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-08]
CHR Extension: (ZenMate Web Firewall (Free, Plus Ad Blocker)) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc [2017-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Enhanced Steam) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1489416 2017-03-03] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392480 2017-01-20] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 Multiplicity; D:\Multiplicity2\MultiSrv.exe [124080 2012-11-26] (Stardock Software, Inc)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 blueyetipro; C:\Windows\System32\drivers\blueyetipro_x64.sys [254464 2014-05-16] ()
R3 blueyetiproks; C:\Windows\system32\DRIVERS\blueyetiproks_x64.sys [46080 2014-05-16] ()
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-06] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-14] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-14] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [19504 2016-01-13] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 22:25 - 2017-03-14 22:26 - 00000000 ____D C:\FRST
2017-03-14 22:25 - 2017-03-14 22:25 - 00010118 _____ C:\Users\DESKTOP-CFGCM\Desktop\RogueKiller Fix Log.txt
2017-03-14 22:21 - 2017-03-14 22:21 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\PeerDistRepub
2017-03-14 20:33 - 2017-03-14 20:33 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\NetworkTiles
2017-03-14 17:34 - 2017-03-14 17:34 - 00010062 _____ C:\Users\DESKTOP-CFGCM\Desktop\RKreport.txt
2017-03-14 17:08 - 2017-03-14 21:56 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-14 17:07 - 2017-03-14 17:34 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-14 17:07 - 2017-03-14 17:07 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-14 17:07 - 2017-03-14 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-14 17:07 - 2017-03-14 17:07 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-14 17:06 - 2017-03-14 17:06 - 00007577 _____ C:\Users\DESKTOP-CFGCM\Desktop\zoek-results.txt
2017-03-14 17:02 - 2017-03-14 17:07 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord
2017-03-14 17:02 - 2017-03-14 17:02 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\VirtualStore
2017-03-14 17:01 - 2017-03-14 16:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-03-14 16:46 - 2017-03-14 16:59 - 00000000 ____D C:\zoek_backup
2017-03-13 16:20 - 2017-03-14 17:02 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 16:19 - 2017-03-14 17:02 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 16:19 - 2017-03-14 17:02 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 16:19 - 2017-03-14 16:47 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 16:19 - 2017-03-13 16:26 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-13 16:19 - 2017-03-13 16:19 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-13 16:19 - 2017-03-13 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-13 16:19 - 2017-03-13 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-13 16:19 - 2017-03-13 16:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-13 16:19 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-12 20:56 - 2017-03-13 16:23 - 00000000 ____D C:\AdwCleaner
2017-03-12 19:57 - 2017-03-12 19:57 - 00000000 _____ C:\autoexec.bat
2017-03-12 09:25 - 2017-03-12 09:25 - 00003762 _____ C:\Windows\System32\Tasks\blogcreativeorglropsm
2017-03-11 19:10 - 2017-03-11 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-03-11 18:59 - 2017-03-12 08:32 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\LocalLow\uTorrent
2017-03-10 18:25 - 2017-03-10 18:25 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Introversion
2017-03-05 13:47 - 2017-02-09 22:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-05 13:46 - 2017-03-05 13:46 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-05 13:46 - 2017-01-26 00:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-05 13:46 - 2017-01-26 00:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-05 13:46 - 2017-01-26 00:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-05 13:46 - 2017-01-26 00:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-05 13:44 - 2017-02-10 02:33 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 34979384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 19007016 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00991288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00573448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-05 13:44 - 2017-02-10 02:33 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-05 13:44 - 2017-02-10 02:33 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-05 13:42 - 2017-03-05 13:42 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-02-23 18:35 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-05 13:42 - 2017-02-23 18:35 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-05 13:42 - 2017-02-23 18:35 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-05 13:42 - 2017-02-23 14:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-01 21:21 - 2017-03-01 21:21 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Microsoft Help
2017-03-01 17:59 - 2017-03-01 17:59 - 00000000 ____D C:\Windows\SysWOW64\Visual Studio 2012Templates
2017-03-01 17:59 - 2017-03-01 17:59 - 00000000 ____D C:\Windows\SysWOW64\Visual Studio 2012
2017-03-01 17:59 - 2017-03-01 17:59 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-03-01 17:58 - 2017-03-05 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express
2017-03-01 17:58 - 2017-03-01 17:58 - 00001010 _____ C:\Users\DESKTOP-CFGCM\Desktop\VS Express for Desktop.lnk
2017-03-01 17:58 - 2017-03-01 17:58 - 00000000 ____D C:\Windows\symbols
2017-03-01 17:58 - 2017-03-01 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-03-01 17:58 - 2017-03-01 17:58 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-03-01 17:57 - 2017-03-01 17:59 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-03-01 17:57 - 2017-03-01 17:59 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-03-01 17:57 - 2017-03-01 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2017-03-01 17:57 - 2017-03-01 17:57 - 00000000 ____D C:\Windows\SysWOW64\1033
2017-03-01 17:57 - 2017-03-01 17:57 - 00000000 ____D C:\Windows\system32\1033
2017-03-01 17:57 - 2017-03-01 17:57 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-03-01 17:57 - 2017-03-01 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-03-01 17:57 - 2017-03-01 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-02-27 20:20 - 2017-02-27 20:20 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\SLAM
2017-02-27 17:39 - 2017-02-27 17:39 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-02-21 20:36 - 2017-02-21 20:36 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\Unity
2017-02-21 20:20 - 2017-03-12 09:27 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\LocalLow\Mozilla
2017-02-21 20:20 - 2017-02-21 20:26 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Mozilla
2017-02-21 20:20 - 2017-02-21 20:20 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\Mozilla
2017-02-21 20:19 - 2017-02-21 20:19 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-21 20:19 - 2017-02-21 20:19 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-21 20:19 - 2017-02-21 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-21 20:19 - 2017-02-21 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-15 14:37 - 2017-02-15 14:37 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\LocalLow\TotalMayhemGames
2017-02-15 07:47 - 2017-02-15 07:47 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2017-02-14 19:13 - 2017-02-14 19:13 - 00000780 _____ C:\Users\DESKTOP-CFGCM\Desktop\The Elder Scrolls Online.lnk
2017-02-14 19:13 - 2017-02-14 19:13 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2017-02-14 19:13 - 2017-02-14 19:13 - 00000000 ____D C:\Windows\jre
2017-02-14 19:13 - 2017-02-14 19:13 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-02-14 19:11 - 2017-02-14 19:11 - 00000000 ___HD C:\Users\DESKTOP-CFGCM\InstallAnywhere
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 22:21 - 2017-01-05 21:19 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-14 21:55 - 2017-01-20 15:55 - 00004178 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4953C056-4904-4518-B419-94BB61423E5A}
2017-03-14 19:46 - 2017-01-06 00:11 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 19:44 - 2017-01-06 00:11 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 19:44 - 2016-07-16 11:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-14 19:27 - 2017-01-20 16:36 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\LogMeIn Hamachi
2017-03-14 18:09 - 2017-01-13 18:04 - 00558120 _____ C:\Windows\system32\Drivers\EasyAntiCheat.sys
2017-03-14 18:09 - 2017-01-05 21:22 - 00000000 ____D C:\Users\DESKTOP-CFGCM
2017-03-14 17:30 - 2016-07-16 11:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-14 17:08 - 2017-01-05 21:26 - 01096902 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 17:03 - 2017-01-05 21:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-14 17:02 - 2017-01-05 21:19 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 17:02 - 2016-07-16 06:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-14 16:58 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-14 16:46 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-14 16:08 - 2017-01-05 21:23 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Packages
2017-03-14 15:42 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-14 07:33 - 2017-01-18 20:16 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Adobe
2017-03-13 16:02 - 2017-01-05 21:31 - 00002248 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-13 16:02 - 2017-01-05 21:31 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-12 20:58 - 2017-01-06 20:35 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\CrashDumps
2017-03-12 17:52 - 2017-01-05 22:07 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\Battle.net
2017-03-12 08:33 - 2017-01-20 16:37 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-03-12 08:33 - 2017-01-20 16:37 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-03-12 08:32 - 2017-01-06 08:23 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent
2017-03-11 19:10 - 2017-01-20 16:36 - 00000607 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2017-03-10 15:04 - 2017-01-18 20:19 - 00000034 _____ C:\Users\DESKTOP-CFGCM\AppData\Roaming\AdobeWLCMCache.dat
2017-03-10 05:17 - 2016-07-16 11:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-10 05:17 - 2016-07-16 11:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-08 14:41 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-05 13:47 - 2017-01-06 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-05 13:47 - 2017-01-05 21:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-05 13:47 - 2016-07-16 11:45 - 00000000 ____D C:\Windows\INF
2017-03-05 13:46 - 2017-01-05 21:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-05 13:42 - 2017-01-06 08:16 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-05 13:42 - 2017-01-06 08:15 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-06 08:15 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-06 08:15 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-06 08:15 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-06 08:15 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-06 08:15 - 00000000 ____D C:\Users\DESKTOP-CFGCM\AppData\Local\NVIDIA Corporation
2017-03-05 13:42 - 2017-01-06 08:14 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-05 13:42 - 2017-01-05 21:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-04 20:06 - 2017-01-05 21:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 07:50 - 2017-01-06 08:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-04 07:50 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-02 07:31 - 2017-01-05 21:25 - 00003302 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 07:31 - 2017-01-05 21:24 - 00002387 _____ C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 07:31 - 2017-01-05 21:24 - 00000000 ___RD C:\Users\DESKTOP-CFGCM\OneDrive
2017-03-01 17:59 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-01 17:57 - 2017-01-05 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-03-01 17:57 - 2017-01-05 21:56 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-01 07:49 - 2017-01-05 22:02 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-02-28 07:41 - 2017-01-06 00:19 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-26 12:07 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-23 18:35 - 2017-01-06 08:15 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-23 18:35 - 2017-01-06 08:15 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-23 18:35 - 2017-01-06 08:15 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-23 18:35 - 2017-01-06 08:15 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-23 18:35 - 2017-01-06 08:15 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-23 18:35 - 2017-01-06 08:12 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
 
==================== Files in the root of some directories =======
 
2017-01-18 20:19 - 2017-03-10 15:04 - 0000034 _____ () C:\Users\DESKTOP-CFGCM\AppData\Roaming\AdobeWLCMCache.dat
2017-01-06 20:39 - 2017-01-07 14:29 - 0007606 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-03-14 17:07 - 2016-11-11 10:13 - 1886344 _____ (Microsoft Corporation) C:\Users\DESKTOP-CFGCM\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-12 01:28
 
==================== End of FRST.txt ============================
"
 
Additional Farbar Log:
"
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by DESKTOP-CFGCM (14-03-2017 22:26:37)
Running from D:\Downloads
Windows 10 Pro Version 1607 (X64) (2017-01-05 21:22:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3598720550-650973306-2224075286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3598720550-650973306-2224075286-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3598720550-650973306-2224075286-1000 - Limited - Disabled) => C:\Users\defaultuser0
DESKTOP-CFGCM (S-1-5-21-3598720550-650973306-2224075286-1001 - Administrator - Enabled) => C:\Users\DESKTOP-CFGCM
Guest (S-1-5-21-3598720550-650973306-2224075286-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS Xonar DS Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Bitcoin Core (64-bit)) (Version: 0.13.2 - Bitcoin Core project)
Block N Load (HKLM\...\Steam App 299360) (Version:  - Jagex)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 Test (HKLM\...\Steam App 205790) (Version:  - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Hand of Fate (HKLM\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Line of Sight (HKLM\...\Steam App 436520) (Version:  - BlackSpot Entertainment)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{16e9d5fd-3acf-402c-8502-411db3385930}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
R.A.T.Pro S (HKLM\...\{9E36C430-87EA-40AE-95DB-769212662347}) (Version: 7.0.52.3 - Mad Catz Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.0.0 - Adlice Software)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Stardock Multiplicity 2 (HKLM-x32\...\Stardock Multiplicity 2) (Version: 2.01 - Stardock Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.022 - MSI)
The Culling (TEST SERVER) (HKLM\...\Steam App 468220) (Version:  - )
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Sims™ 3 (HKLM\...\Steam App 47890) (Version:  - The Sims Studio)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
We Were Here (HKLM\...\Steam App 582500) (Version:  - Total Mayham Games)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yeti Pro Driver v2.23.0 (HKLM-x32\...\Yeti Pro Driver v2.23.0) (Version: 2.23.0 - BLUE)
軟体レッスン~いいなり彼女とひみつの放課後~ (HKLM-x32\...\nantai_is1) (Version: 1.0 - アパタイト)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3598720550-650973306-2224075286-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12690767-2D38-41FC-A2C1-559805EAD384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {12CAF165-2D6D-41FA-BDAF-6B1A8F4309ED} - System32\Tasks\blogcreativeorglropsm => Chrome.exe blogcreative.org/lropsm <==== ATTENTION
Task: {23FF652B-905A-4696-9B70-2DB0B2BE4EA2} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-CFGCM-DESKTOP-CFGCM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {344D8A77-E8F9-4905-BD41-DCB3304327BC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {3D6A8C66-FB68-448C-90D4-CB7A8A43CD0D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {3DCA1ED1-9626-48DC-98A4-94BBF3FC6963} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {3EEE2C35-5EFD-4FEF-A581-D42CA5247C50} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {6C4F456A-B893-422D-A727-51CD99A69A78} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {75A50B77-04AB-4870-8ED4-2C70614BB3B7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {77FAC3E3-D008-46C9-8E82-4BBF1E59286C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {84864F63-0517-40B1-A4F8-A78A7E2B0BB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {888F916A-CD79-44EC-8BCC-8D752B39A225} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {993816C9-5342-4247-9710-DFD482E4ABA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {AE8F861D-239A-4710-A2AA-DBE49C954D4B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {B5CC1977-6AFD-403A-91B2-7D641A76CF5D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {CBCA0112-AADE-4094-970F-3E1A3F5E2665} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {D4F0485A-41B7-40D7-945C-209F72935AC8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {E0A2FCCC-AA59-40B7-8A4B-5484F16C677B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {E3E77CAB-41CC-4D92-8B15-12A039C69F39} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E776FA2F-387B-414C-A101-188B03AF1ABA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {F5FC58B3-5DA5-4479-831F-230BC624B984} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-01-06 00:06 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-05 21:25 - 2017-02-09 22:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-01-06 08:15 - 2017-02-23 18:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-13 16:19 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-06 00:06 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-01-06 08:50 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-06 00:05 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 15:55 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 15:47 - 2017-03-13 15:47 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-11 15:54 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-05 21:31 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2017-01-05 21:31 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-01-05 21:55 - 2008-07-11 07:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2017-01-05 21:55 - 2008-07-11 07:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2016-01-11 16:16 - 2016-01-11 16:16 - 12441600 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\Pr0fileEditor_Forms.dll
2016-01-11 16:16 - 2016-01-11 16:16 - 00007168 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\en\Pr0fileEditor_Forms.resources.dll
2016-01-11 16:19 - 2016-01-11 16:19 - 00011776 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\Saitek.Serialization.dll
2016-01-11 16:17 - 2016-01-11 16:17 - 00017920 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\ProfileDoc.dll
2017-02-06 20:59 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:59 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2013-08-08 14:35 - 2013-08-08 14:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2017-01-05 21:54 - 2014-05-16 07:35 - 00409600 _____ () C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
2016-10-01 07:08 - 2016-10-01 07:08 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-01-11 15:54 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 15:54 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 15:54 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 15:54 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 15:54 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-05 21:55 - 2012-06-06 01:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2017-01-06 08:15 - 2017-02-23 18:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-12 07:31 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-03-14 17:03 - 2017-03-14 17:03 - 01082880 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-03-14 17:03 - 2017-03-14 17:03 - 03750400 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-03-14 17:03 - 2017-03-14 17:03 - 00914432 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-03-14 17:03 - 2017-03-14 17:03 - 01127424 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-12 07:31 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 07:31 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-01-06 08:15 - 2017-02-23 14:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-06 08:15 - 2017-02-23 14:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-03-10 07:31 - 2017-02-03 01:42 - 00668960 _____ () E:\Steam\SDL2.dll
2017-01-05 22:00 - 2016-09-01 01:02 - 04969248 _____ () E:\Steam\v8.dll
2017-03-14 07:31 - 2017-03-13 22:04 - 02465056 _____ () E:\Steam\video.dll
2017-01-05 22:00 - 2016-01-27 07:49 - 02549760 _____ () E:\Steam\libavcodec-56.dll
2017-01-05 22:00 - 2016-01-27 07:49 - 00491008 _____ () E:\Steam\libavformat-56.dll
2017-01-05 22:00 - 2016-01-27 07:49 - 00332800 _____ () E:\Steam\libavresample-2.dll
2017-01-05 22:00 - 2016-01-27 07:49 - 00442880 _____ () E:\Steam\libavutil-54.dll
2017-01-05 22:00 - 2016-01-27 07:49 - 00485888 _____ () E:\Steam\libswscale-3.dll
2017-01-05 22:00 - 2016-09-01 01:02 - 01563936 _____ () E:\Steam\icui18n.dll
2017-01-05 22:00 - 2016-09-01 01:02 - 01195296 _____ () E:\Steam\icuuc.dll
2017-03-14 07:31 - 2017-03-13 22:04 - 00838944 _____ () E:\Steam\bin\chromehtml.DLL
2017-01-05 22:00 - 2016-07-04 22:17 - 00266560 _____ () E:\Steam\openvr_api.dll
2017-03-14 17:03 - 2017-03-14 17:03 - 00148992 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Local\Temp\B527.tmp.node
2017-03-14 17:03 - 2017-03-14 17:03 - 02658304 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-03-14 17:03 - 2017-03-14 17:03 - 02130432 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-01-05 21:54 - 2014-05-16 07:35 - 00192512 _____ () C:\Program Files\BLUE\Yeti_Pro_Driver\blueyetiproapi.dll
2017-01-06 08:45 - 2017-01-29 09:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-10-12 17:28 - 2016-10-12 17:28 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-03-10 07:31 - 2017-01-30 21:41 - 68875552 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll
2017-03-14 07:31 - 2017-03-13 22:04 - 00383776 _____ () E:\Steam\steam.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-12 20:11 - 2016-10-12 20:11 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-01-05 22:00 - 2015-09-24 23:52 - 00119208 _____ () E:\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\sharepoint.com -> hxxps://bacademy-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 11:47 - 2016-07-16 11:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "Ilhsoft"
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "mailruhomesearch"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E44A1D6E-23D1-4BA5-939E-5FF11AA21DD5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2A157BA1-D610-49A6-BA83-9B6C2DE0578D}] => (Allow) LPort=2869
FirewallRules: [{E8FE189E-2D88-4871-BC3D-5F1FB2907C4C}] => (Allow) LPort=1900
FirewallRules: [{CF766373-9BC3-4052-A36C-FB5BCAF44D7C}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6961BB87-20A5-40ED-A5A0-CCA69FC3C61D}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{D3B3809E-76E0-4706-B57F-131E5DC46197}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14E63BE1-A9D1-4496-9034-B4384631588F}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EB45238-1B0B-4B47-B75C-832A3D8810D2}] => (Allow) E:\Steam\steamapps\common\CityofSteam\Launcher.exe
FirewallRules: [{690C53EB-3C17-459B-884C-71787552BDF5}] => (Allow) E:\Steam\steamapps\common\CityofSteam\Launcher.exe
FirewallRules: [{CF0FC1A9-9B69-422D-9E5C-D8C9C4013D59}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{178EAA46-D4DF-46A7-83AD-5A652F007429}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{6E5E0008-FE39-4FC6-A203-399276184E83}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{93A984D5-5F7C-4C36-A84F-16FC039E54F5}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D86ED5FA-2355-4841-B8DA-665DF7689425}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F01D95D9-94AC-4A0C-AA9A-03A86E484F40}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F5B92D1A-EF9B-49A8-B253-C46F88A43E93}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{D6B0C2D3-8A27-4BE4-99A1-91313E748C6A}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{F8E80B69-B15B-4271-B6AF-D0911A98210A}] => (Allow) E:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{5B430F9B-B1FA-4D0B-85BD-183B31CBDE45}] => (Allow) E:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{B7D2FEA0-C6D9-4E04-A201-CFA17C58F535}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{11C36809-38A1-4CF8-A832-87C0D8094961}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2BAF75B5-028B-4959-A26A-5974BBECEDC0}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{EBD42DBB-6AD2-4592-8F81-5E465C237D95}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{FA52532A-5F22-49A4-B91C-1A90B38B9DFF}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{D9B97D99-9FC4-42AD-A536-E302992CB767}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{E97E9A34-4308-4606-8DA8-D9D7243BF1B9}] => (Allow) E:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{764C9FD0-34FB-42A3-A901-105060EF0125}] => (Allow) E:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F9A8EE4F-4DE9-4B73-B470-B17EFCB69743}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4C344574-8512-46BC-88C6-C0718B01511F}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{2B3B0231-1D22-444F-9C57-97D028BF49F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{B4774A20-0432-4EB9-A106-24E29A1329E4}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{294A71CC-855C-4A80-93DE-ABC7AAE656CA}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{7E973378-22B2-4BBD-9159-FCAC429604AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{23A1B416-84E1-4A34-B885-A2346A36784B}] => (Allow) E:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{603C1681-A117-4883-881D-CB049CC4AABF}] => (Allow) E:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{C9AF50EC-8D1A-4030-943C-741EBAECBEBB}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{742335DE-26F1-40DC-886B-CAC817C6BFD8}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{4B90B102-739F-4BAF-B007-4E968C1BEF22}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{2FE871F0-11DB-4BF4-A4BA-95132FF298C0}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{C25F5F77-ABEC-436D-AAC7-323F843B4DC8}] => (Allow) E:\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{A30E9CAE-EC9C-4F6A-A071-282684C8148B}] => (Allow) E:\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{C6D9B53C-0A75-4F4D-9C7F-D793C4469A13}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{42F7ADEF-9D74-4569-9DCB-7302F973F32C}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{E3A01ECB-D8CA-4996-99E3-0E7B93F0F935}] => (Allow) E:\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{EA80057A-A992-423F-9FDC-CEDF0D6A56B7}] => (Allow) E:\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{84CB3734-0CEC-48FE-80B0-E35809B8F2CD}] => (Allow) E:\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{CA007DD7-65BF-41C7-A530-76CD295BD0C7}] => (Allow) E:\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{852A2DE8-4824-4D68-B0BD-D87C9F2B9B87}] => (Allow) E:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3F1CCA27-A9C5-4F50-BF39-19423F06342F}] => (Allow) E:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F79285D5-51A5-402A-88E3-1D82050B2AB6}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{28154443-7FDA-4A6D-8CAF-21253751708E}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{9C485BB0-70FB-4318-B692-1EE18553CE7C}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{3E402516-CE30-452D-BAFA-E49541221AAE}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{CEE208FA-5E4F-40E5-A7EE-5436FF35239B}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{9884B5E6-80A1-4C15-91D9-76D4EA245DC6}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{1E2EF8BD-7C23-4534-9B67-0E0A322D27D6}] => (Allow) E:\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{74D2CE76-2F2E-4B33-B1AE-E8E646920E91}] => (Allow) E:\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{CF9C5246-2741-43F5-87BE-10A70FA6D9DC}] => (Allow) E:\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0DF2618C-12C5-4B65-8845-A1AB8B4D3D42}] => (Allow) E:\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{50B8D422-6944-446C-BEF5-EC0F59BA4053}] => (Allow) E:\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{59E4032C-B0E5-4871-B456-4E09BA9B6CA9}] => (Allow) E:\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{35D445D6-AEC5-4DFC-9157-9E075580C3D3}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{BE8C58CA-3EB9-40C2-85CF-1B8211C01C6A}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{7D7E36BE-94DD-4B78-8198-22EBDE50E257}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5EF4E82B-CCB3-4BC9-A5E7-6BBFA0CF1B10}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7C6ED540-B4F1-4CC2-AC76-EB40B58B77FA}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{C35751E3-AA75-4410-8386-8CE20F385558}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{ED306C69-37C6-4378-B42F-2290D5F0EE10}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{F278ED5B-3826-4C61-A84D-D81F1B4BEBD6}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{00D1E555-E739-47E1-8443-9F77C9AAE003}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{9F05603C-A333-4F72-AF0C-DC6166D113F3}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{0C05E5D0-98B5-412C-8C3F-4970F7CC6FA2}] => (Allow) E:\Steam\steamapps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{1DA501AA-392B-47BE-BAF4-9A279640C52D}] => (Allow) E:\Steam\steamapps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{A292B2AA-8360-4491-A0C8-FE3D403EC0FB}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{1012DEE5-9D76-42ED-AA32-73197832B851}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{EFE16FAF-5B07-4107-ADB9-26D2891A3802}] => (Allow) E:\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{FCB49842-7004-4E9D-8AF8-9BA4618C6E37}] => (Allow) E:\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{2BD92DEF-2657-47A1-8896-041EEB5D9E7B}] => (Allow) E:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{104747D8-0AD9-471E-A80D-E1E805932DE5}] => (Allow) E:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{81E589A7-9A27-414A-9AD3-393FF5628A5F}] => (Allow) E:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{DA27275B-A8D6-4705-BC9D-CE1F18BD0BB5}] => (Allow) E:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{1C114EDC-8569-4070-9EF6-241BB89EFB3B}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{65EB5A6E-E80E-494B-9DCB-83EE42A92AB7}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{2B6573A2-64FC-4068-A9F4-F14335E77A6C}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{2C35A4CE-0CD2-4E82-A791-7083036740C4}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{F09AF5C8-0CD7-4383-94B6-2E012C165665}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EB13A828-2C62-44C3-80D6-B55DDF6A6CD8}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EDD51C9C-4361-4BB6-9655-AB4B51829CAB}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D24C0DCD-91D1-4863-A31D-0667A5432077}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{0D14BC12-C04F-4489-AA10-746863CDB389}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E9D3CA89-9FED-4F29-9B14-3DC27616F7E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4A341141-7F49-45FC-92F1-3EF9BACDD4F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{83B9D21D-72B5-499B-8980-2AA1EB0E8B64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1C6C743-3314-4AD9-86CE-14F583B8DA8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAF3F85F-4F6F-47F0-830B-A801D052C0B9}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{400DCDD3-3CB9-4752-91A2-A4BA427ECC2A}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE4C47B0-B59E-4B37-AAC8-AB170DE2EEF8}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7655B197-806A-4E75-8543-99469DF6B8CA}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7302611D-B9B0-4A9A-B7D7-5F4FDEA3F7A9}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C3AA626-D02C-4CAA-BFAE-1BC90AF262E7}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{904D62A0-3C95-440E-A8EE-A0D76E35E0C3}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{9AD1E7D0-C475-4DB5-91F8-E112DC55E11F}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{BE7B573F-7C11-468D-8882-22D4B0DAC4DC}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{5DCC72F3-4577-4F24-9FEF-150C11F82652}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{81CA380C-8610-43BB-BF73-C28425675997}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0E99E4EE-28F3-41B2-A8EB-CA2171144942}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4C7F0AB4-ED04-4F8A-8556-3006A27BC661}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8963490F-2FE6-474D-B910-3558D7BBEAE9}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{50EAD4DB-4A41-4927-A7AB-F051519A92FC}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{E49A4576-F79C-4DE1-9831-33A6BDA05C55}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{242DE765-2723-493A-8157-79ED8A22B7F0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{244E7CEF-4DC3-4464-951A-880041DBF59D}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{C353173D-BA99-4849-9E7B-E8C58E1410D7}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{B0EF21EF-4D86-468B-98F9-39F2B505DFE9}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{59717C60-C5B3-445A-9A25-A912318020DF}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{B661A022-8504-4018-AE6B-F56DB69E9A3C}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{A831D0E1-00A6-4ACD-93C5-2DB96BE61098}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{EBD37AF7-A3AB-48A4-8F1E-3EFB94EBFA40}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5A2BF9E8-557E-4A2A-9D98-3E9F546140DC}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A6BC236F-1C00-4AE8-B03D-B8D4D6A77D81}] => (Allow) E:\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{47FCAD7D-B69E-45A7-A63C-798FAD1779A6}] => (Allow) E:\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{726E6BA7-6EFA-4171-88C5-2C71D336E2EF}] => (Allow) E:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{652F194B-FEF3-45F5-9CA2-303A3C5DDACD}] => (Allow) E:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{7D8D7BD6-E279-4C82-A44D-86208B0247A9}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{AA5D12FF-03F9-4229-A334-512C7DB0E642}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{0CE664D6-53F7-4365-B3A4-6F1530EACF22}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A04293E4-2EBF-46DD-8212-D2CC12428ECD}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{659E54E7-A600-4581-BFCD-518863254658}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{F2C2D9B3-D232-49E9-84DB-FA2A24D50A11}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{3B2E71A1-8900-4D02-AAF7-49512AEAB1B5}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{1CAF6560-9740-476A-BC3D-57CAD9BE2003}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{291A814F-0706-4C8F-B86B-02FC1176E8CD}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{45ABCF60-7341-4795-9E48-FEBA41020D87}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3F0521D7-15F9-4E26-9AC8-95C955A12A00}] => (Allow) E:\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{06C20E68-9737-4F0E-B839-96571E95BBDD}] => (Allow) E:\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{D4C089FD-6EA9-4479-AEA6-7E68DA491B90}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{8A89EFC2-83FC-44E5-996D-3148E6FA7A6E}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{4D307F8C-26C6-4A27-A36D-1E9CFED6625B}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{734437D3-D4F4-4D73-89B0-94C13882174B}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{B59AA6C9-F89C-4D62-A440-2F6F4045860D}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{F9BA96DB-A0E6-48A3-8B3B-26933341B087}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{48546E13-151C-45C1-819D-A3DE50117704}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{70029C4B-E69E-46C2-942F-6223E75ED3C5}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{CF5A4589-2263-4D95-8465-A29C08FC8ABB}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{50245698-3294-43E5-9C6B-D74EC004610D}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{DDCDEA81-2BB9-4F74-A326-30AA8D2CBEAE}] => (Allow) E:\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{19A3063D-0236-413A-8B76-DF6D3B38469A}] => (Allow) E:\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{CE2CA259-D5AF-4628-ACE3-C946F6C3932B}] => (Allow) E:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{0763943F-1021-45AF-A911-59F830650515}] => (Allow) E:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{E8A63C1A-3F68-4415-A545-9F83A79FD07D}] => (Allow) E:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{FEAC1249-1ECA-493D-8451-655C90632462}] => (Allow) E:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{D9AB2C9C-FEEB-4625-A199-51D3D3DFB19E}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{159FBCA5-245C-4798-BCBE-5A400565A928}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{64EFF0B3-547D-47A6-8382-EADE99C11BC0}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{A487BE54-8E25-4C32-B248-C397851F1A0B}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{93D30D3E-7A02-4425-96CB-D6CCB6B2B8E1}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C40A8853-AA24-4FDB-ACD2-FB672F653712}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C7D4D3E7-0707-42E5-8521-6611C7621C85}] => (Allow) E:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{2B52CE4C-6B68-4E0B-8168-5E2D3B814F9D}] => (Allow) E:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{D9A1AE14-CCB3-44B3-9504-86C71C86C28F}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3AD143A7-0ADD-4506-9C83-EF35F20EEC5E}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3F9CAE3C-8D39-487C-8483-1457F8705682}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{18CA5B68-D03B-4521-9EA0-0ABD6FD032F4}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{41421C09-D542-4C06-9DB9-540E26CB1C77}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{F7813140-0D34-40B4-A283-D37F95F01E14}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{A0768156-B32D-4932-BCC4-8D1BDD267561}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{6325B1CC-2411-40D5-87F9-6AB9EEE34C45}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{25413462-81B3-4222-A347-B9A5AD7A2EC7}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{4CB2D38D-DEF8-4851-817E-98BB6A717AF6}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{3A3287CA-BB02-4242-8D78-E80410B6AB84}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{50C3EA62-66FA-4CDA-AF67-4DD8DCB7DEE2}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8AC54E0F-5329-41ED-9E36-17E7FBF149D7}] => (Allow) E:\Steam\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{DEFC9D91-5AA3-48C6-9021-440FAC0BF239}] => (Allow) E:\Steam\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{ADAC9AD1-DDF0-4B87-A235-441D64FF16A9}] => (Allow) E:\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{C894A6EC-C9D5-4656-9ABD-49A88785B958}] => (Allow) E:\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{872C501E-219A-4D31-8D7F-29FAC59ED67C}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{5A118D18-8DEE-470C-BF89-557AD5E38037}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{A2CB190A-DB0E-4218-A153-FCD9CC67B79B}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{D8488931-4299-4157-B7B0-BD68B99C56DB}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{7FB888DE-18AE-4199-BAF0-B9F2C6520E32}] => (Allow) E:\Steam\steamapps\common\The War Z\WarZlauncher.exe
FirewallRules: [{530FFED0-6832-43AF-A691-3EF2BEDC7F43}] => (Allow) E:\Steam\steamapps\common\The War Z\WarZlauncher.exe
FirewallRules: [{0436908A-9C1C-42A1-A70C-7A7DB263BB2D}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BBE28B85-4FFF-470E-ABCA-32AC1148D2C4}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6A1BF918-510A-435B-B631-F3D0C2D088C9}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{7335859C-EB9E-4DAF-971F-B115BC389430}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{9EB8C36C-54BB-4618-ADB0-1CE0E60E5C80}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{88DDA27F-06D5-46CE-BE35-6EB4DF417D06}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{DE5EDA71-BF1F-469D-AD5C-1769FFC6FDF7}] => (Allow) E:\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{18F2C309-917C-4FD4-AD30-33EFCEBA5083}] => (Allow) E:\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{EBB390FF-A910-4DD2-87F6-A92C4C2C496A}] => (Allow) E:\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{CEEE8C47-514A-41C3-AC31-008BDC6F4C40}] => (Allow) E:\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{779BECF6-A775-46C1-8CAE-6D4E65FD7526}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{622C89A4-0779-46E2-BD5A-834791D6B9AF}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{8DC02428-FACB-4E4B-8022-3AEBAD5036DC}] => (Allow) E:\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6E0001B3-93FC-4599-AD3E-0F7515807A38}] => (Allow) E:\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{337E93FD-AF8F-446D-9EB3-59A72CBAA66D}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{7474E7A4-4A14-4046-9C53-263B52136709}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{D50D184B-007F-4B72-9415-38EFF3F0CA9C}] => (Allow) E:\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{B61065EF-FB41-48A9-8F4B-555C1C5A3CD0}] => (Allow) E:\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{D72165EE-D960-471E-B901-A47718A083F4}] => (Allow) E:\Steam\steamapps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{B8F57E69-A478-489E-856F-98E7FC227F1E}] => (Allow) E:\Steam\steamapps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{3C044E93-F364-414B-99DF-7FFED71CBF40}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{24E9BDA8-3103-4817-9FA1-1170E489BC2D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{C1969601-C0C8-4372-80FF-64E7774DEC27}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{AABDAB56-BEA0-46CC-9C33-4A62A24E7539}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{2508377F-73E2-4D1A-82CB-8A4F6B9D610B}] => (Allow) E:\Steam\steamapps\common\Loadout Beta\Loadout.exe
FirewallRules: [{22A37145-3747-4F81-9275-05CB11C8DE3E}] => (Allow) E:\Steam\steamapps\common\Loadout Beta\Loadout.exe
FirewallRules: [{63361FB8-2062-4DEE-8CA5-3B33B6C522A4}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{41D916C2-7247-4044-BA66-4A93E8875360}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3A0E907D-0792-4498-B98C-F584A3E66ABA}] => (Allow) E:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C8123428-600F-48F1-A318-1E1D58202889}] => (Allow) E:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C8D2C1CB-7658-431F-9331-EBCB5CD3F8C4}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{56B7C1AA-5BC7-4BDF-828D-1C5396A9D311}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{3E2C4D83-EAED-431B-A1AC-FF463E7915CF}] => (Allow) E:\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{303C1419-4969-420F-81ED-7B964346FAB9}] => (Allow) E:\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{312037C8-800E-48C3-A620-69CC0FCA3A2D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BFD81DE4-7F5D-40C6-AD52-818B46908A22}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BC8E69BC-D929-4BE2-993C-9D1DEF0BE46D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{D41B5937-455C-41C5-B45E-D942A6F1DE27}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{E710F250-431B-4917-ADCA-A79EA2E58A31}] => (Allow) E:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{F1C1ECCC-A930-4F02-AB52-A9018377A52E}] => (Allow) E:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{13BA07A1-412A-43DD-BFFC-E1707799C60B}] => (Allow) E:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{9C69AE65-D66B-4688-B4CC-192683DA9BA4}] => (Allow) E:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{D3298338-0A95-4870-8FF8-862B5139BC50}] => (Allow) E:\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{0B09B687-F768-4F7B-AB10-AFCEEA29240A}] => (Allow) E:\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{51D8A5DF-BB5A-447A-BB1E-005681C18E24}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D9F562C3-E893-4589-961A-7388FFFD7F8E}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{9E5D2170-7BFC-4E7C-BAD5-AEA439D835C2}] => (Allow) E:\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{19CB7DD2-0D22-4F59-8F5D-804BD884217C}] => (Allow) E:\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{1579B1CC-6ACD-45C3-B823-0A3EB493BCFE}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{FF904C7D-0508-434F-AE3E-8FAAC23EC96A}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4F629E54-7BDB-4ABE-9088-FD2A6EB94FAB}] => (Allow) E:\Steam\steamapps\common\sZone-Online\game\SZoneOnline.exe
FirewallRules: [{6E44EEBF-258A-4A65-8275-DF34304426AF}] => (Allow) E:\Steam\steamapps\common\sZone-Online\game\SZoneOnline.exe
FirewallRules: [{C0CD20D4-B576-44D9-B8EF-71EF8FE1520A}] => (Allow) E:\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{0BE899F0-EE10-4A41-82B8-62F358C0F76E}] => (Allow) E:\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{BFF4A410-DAB5-4747-AE59-B6F0F797975F}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{7ECF827D-72DE-47E8-A150-C7EDC2C2CB9C}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{B8618431-5114-483B-A5E7-2900E22CC7DB}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{1CF5527A-118D-4162-93B7-40138DC2BAE2}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{17377B69-3D89-4247-B461-E8395A75CDB6}] => (Allow) E:\Steam\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{B564A255-458C-4847-B46A-881C0F696FEE}] => (Allow) E:\Steam\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{B9A9F8F6-D15A-44D3-92AB-B5CFA7F5C7A1}] => (Allow) E:\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{AA901809-9FA9-4860-9999-2B3D26AA3F64}] => (Allow) E:\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{B8D6F641-A7BE-4EBA-AFC8-25F24CFA2D01}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{593D0A98-9F1F-425E-A6C0-8967E3E2AEDF}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{34F757E1-0C80-42F1-AC71-C21F7EF77DE2}] => (Allow) E:\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{CFA81572-E7D6-4314-A3D6-1AE1625CA695}] => (Allow) E:\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{5485F7D7-8A3D-495F-A03C-88AB2EE73CF5}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{B7437305-A270-45BE-B62F-309CEA9921C8}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{2B6F7C73-3CA6-4F8B-87B8-3DBDD98AF58E}] => (Allow) E:\Steam\steamapps\common\ArcheAge\GlyphClient.exe
FirewallRules: [{B0AAA52F-07B5-4168-AA37-AD6A1064D85B}] => (Allow) E:\Steam\steamapps\common\ArcheAge\GlyphClient.exe
FirewallRules: [{CD8B4D55-6188-4322-B7A7-17510785895F}] => (Allow) E:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{548E42F0-AD39-4B22-906E-330612377507}] => (Allow) E:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{371B2779-9B89-4E60-A690-AE3205797048}] => (Allow) E:\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{4F1DEDC6-75D1-47BA-BCFC-D8CE3CC3CE43}] => (Allow) E:\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{5E77C787-721C-4729-8A18-F69DF2C21A80}] => (Allow) E:\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{4F1F6EDC-4438-4534-A63C-757091924376}] => (Allow) E:\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{E02C3B5A-1796-4A45-AF7E-83202F91606B}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{AB110EA4-12F7-4BB9-8E32-17E9C6C48153}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [TCP Query User{B75C9745-956F-4A51-9FBC-992A83378CB6}E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FF46C1A1-AB4F-4DBE-A726-D97925E8F907}E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{76AB2C27-B086-4D30-B11D-FD82CDDDD09E}] => (Allow) E:\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{80042E94-9EBE-4252-A4F9-28C1BB36764C}] => (Allow) E:\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{BA27BFC0-313E-4BC1-A6B9-92B7279F5710}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6142613D-8FBD-4D80-998F-FCE73EA88B54}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{40551513-2148-4C4C-BD56-C488CAA3738E}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A8834467-BB41-4A71-8061-D71E6910A17F}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [{0EEE103F-6031-4EB1-B2DC-F20F412E866D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DDDBAFA7-987B-46FE-B371-ED99FED8EB70}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F2D56DA5-98FC-41AF-A35D-DB8AFFA605AD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{7E737D3D-8C69-44B4-9DF9-10428D6F6E54}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E4F0B40E-1B45-4A92-BD76-DB431E332D24}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{071B9C85-D2DD-46F0-BDF6-216F6C082FB7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AC25259-5A94-455C-8F2A-E99975F36EAD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EAFD477-F3C8-4EB6-849A-4039E9B2BFF1}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D14AB686-4B0F-4459-9AE0-E097D09A1F3E}] => (Allow) LPort=30564
FirewallRules: [{4F0A9991-06E8-4642-9EFF-AB64794B5248}] => (Allow) LPort=30565
FirewallRules: [{11DE89F2-D2A7-45FB-BAE2-6DF5BE6F0364}] => (Allow) LPort=30567
FirewallRules: [{61BAF19F-9F52-4C44-84AF-D9E38DC50E1C}] => (Allow) D:\Multiplicity\Multipl2.EXE
FirewallRules: [{B853C5D7-480D-4FC3-AE6F-97CAAEBF1BF4}] => (Allow) LPort=30569
FirewallRules: [{715C63C3-1A09-438E-978B-914ADE02A36B}] => (Allow) D:\Multiplicity\MultiPLV64.EXE
FirewallRules: [{A0F0F0B7-BF9A-4A03-9D56-7C183B7C8B00}] => (Allow) D:\Multiplicity\MPRDP64.EXE
FirewallRules: [TCP Query User{ABF6AAF7-D391-45C8-B71E-CAC251EED059}D:\multiplicity\multipl2.exe] => (Allow) D:\multiplicity\multipl2.exe
FirewallRules: [UDP Query User{9E2D7767-F550-443D-AE63-92AEF3566B59}D:\multiplicity\multipl2.exe] => (Allow) D:\multiplicity\multipl2.exe
FirewallRules: [TCP Query User{B1E1694B-A4C8-4D45-8DD0-5A56E85EF33F}D:\multiplicity2\multipl2.exe] => (Allow) D:\multiplicity2\multipl2.exe
FirewallRules: [UDP Query User{B6B7A3C4-72ED-4AEC-AB15-1B689EA9824D}D:\multiplicity2\multipl2.exe] => (Allow) D:\multiplicity2\multipl2.exe
FirewallRules: [{0A7FB1CE-B074-4E1A-A8C1-0BE9B9579B58}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA13250D-C593-4441-9700-BDE4DA23538A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA51ACCB-6E99-4FFE-99B5-ECA0B69B2A75}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3EE97F56-41EF-42A4-9F9A-862F61DB0E2B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{37BCBBDB-0C7D-4D25-ACBB-DAC9E10CC5B2}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A454DB68-7FDE-4301-AACC-369F94905FD4}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{7A3CD187-0F12-4D16-982F-570897F99E28}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC3B5D4B-183A-4271-B69C-5F370523974D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D5BA6F8-2CD6-49F4-87EB-5ECF80CFCA2C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B5E7E53E-BACE-4B6F-9453-06FDA2F62E75}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{14D00F20-669E-4FDE-85AF-7C47025EC414}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{91DA34E9-9CD0-496C-91AD-FE4B9C94F6D2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{0747A666-80AA-4CD5-85F1-24353BF91F5C}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{961EBF62-7A92-4170-86E4-0B2C07A8DC23}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{22BBAC98-452A-4EF3-8903-C69902673BCB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FB983CB-973D-4FE0-AB86-248E20E1DB7B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{776A5D3C-B88F-4422-9657-269FC2AF56BB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB93D95F-1507-438A-A4CD-6F4D14C82E3A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF266234-2C27-4DCA-AC7C-EC7B4B839E74}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E49D7DB-1E13-4CB0-99B0-FCD04BC8F61F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9FAFE8F8-AC3D-40C6-BE20-C7F713BC335B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DEC40D8E-EB97-4CA1-A661-5471A3E79F26}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1045F6FC-165F-469D-A3D5-90124F405A49}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D269829A-24CF-43FD-990C-B50F76BAD8AF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8622DD2D-5FB0-41C2-ABBF-E2D07C0310FD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{436BA5B2-E570-47E5-BADA-3C7803757DCC}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB4EA9AB-6FB0-4AE8-A264-D10B544DC116}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{26483BE5-396D-460A-B0D3-BB734680801B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA792503-17A7-492D-A161-D2B95980ABA6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{912040F1-7A7A-43F4-BC06-69CFA6F2AD05}] => (Allow) E:\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{8A5EE1E8-358D-47D2-8474-94AAECE93B33}] => (Allow) E:\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{93F1F203-2143-4C0F-A1BF-791A2CAB0D61}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06CF9006-E3B9-41A4-A2DE-F2997974DB43}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3536C32E-8F72-4889-91C3-641C4B3B8661}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62CB94C6-6E76-431E-94A0-157785EA466C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{721ECEE9-A71E-4999-8044-FDC7F39F742A}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{50E3DDB4-D2E2-4EF7-A8AF-11EA2F0D46CE}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{151FD1E6-7A07-488B-AA68-8D93C359BCEA}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA10C7C7-B12D-401E-AB61-A73B946E9383}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65D2F658-355F-46E1-9968-8D0A810FD7A8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{861F6CF3-6DF7-46C5-AB45-39CC31B3D15B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{49C664B4-9C26-49C1-A083-51D50E0A63A6}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{652B6A2D-5266-4A30-817B-E17680AA5305}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{1F69F4DD-FAF1-404F-A20C-DD7240CB9DFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CAF1A1AE-20CE-46DC-B226-B52F6CAA8C85}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23A9599C-CEC1-4EFC-893A-BA6C660B9A0D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06D12F25-A3D6-4872-970F-EBEA69F1C8F6}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6692A9C0-9FFA-4674-ACAB-6C9349D07438}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{05293E3F-4752-4136-9D20-D3EDD9F0ED35}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC533520-F236-42F6-87FC-06A6E17E53A0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27B47A79-F18A-4490-9E04-861E60DFD012}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F817DB5-1D02-4BEC-BD50-D81BDDE9B989}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7CEECFB3-39FF-4CAC-9B98-44E7A2DE2093}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{01F52B1E-0503-413D-9747-E0976F4A11FC}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{90A0F0EA-BFEA-44F3-AE34-54FD09581BB6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8C496A0-D948-4EF1-B44F-B6B5FC767B01}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF3397C4-A772-439A-8408-B0524B1AAC9F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60A72B0F-E92F-45ED-A9BD-2E05E6BE69F9}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07D2B200-671A-43F0-B889-98FCF6BE1354}] => (Allow) E:\Steam\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{356D91D3-4A46-4428-91F9-F295F40D90F6}] => (Allow) E:\Steam\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{6CBA96A2-7B5F-4DAC-9B10-021467ECC1B1}] => (Block) C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe
FirewallRules: [{2F988877-4F9F-44DF-BD10-2EB54DC0B474}] => (Block) C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe
FirewallRules: [{92542070-48F8-4659-ABE0-7E215686BD14}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D2CFFCB-9452-4463-A901-E9B93740D55F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{64F0AE8B-A6CD-4AC7-A2A2-843D3E8CEE6D}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{A7136C4E-8261-42C1-9BD1-928362530C32}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{97C62390-486A-4262-8AC7-D5D29C5BC00F}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{C4A8ABF6-E4EA-4993-A262-E057762D67E7}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{6A63F722-52BA-49E6-9FD7-3B2ACCFE8AF4}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{264FED56-6016-40AD-9B66-C9BCA2654029}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{832B82DE-0C74-4ED2-B203-826BF244CEBF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{669214D4-BE8A-4F47-9D31-D3DEBF7B3FC6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79646C29-3266-41E9-9B10-F9653C47D03A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5B62BBD-58EA-4C80-BB9D-F74D80610C66}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{541D8446-3779-4BA7-AD1C-261C8D89847D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA75C84D-371F-4AD2-941E-E5AA1D0294F7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{413DA376-1D5D-4C5A-920E-39DD9A8246BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6BD0691F-17D4-4DED-BAD3-BD7784E674A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45FDFDEB-321E-4CEB-B53A-4EBCAA0D8174}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C884AED-EC7F-41EB-86AE-12945DBC0EC8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E12FDC3-A37D-4FD6-AD55-B3F5FAE7E4A9}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2946EEE7-26DF-491B-B456-40272CE2ED93}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CABE7F9-08D7-4A7F-885E-13DB96929D73}] => (Allow) E:\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3B8669B5-96B6-45DA-90B3-166F56872056}] => (Allow) E:\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{03F47868-CD92-4FCE-96C4-52B6D7C93B05}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB9606B3-8721-4782-958F-9D4A2247AF9D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6998768E-AD3B-41F3-96E0-373A87728F09}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B3D08751-63A3-4745-BC17-951BFA06D8B8}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5A7D6354-3E2F-440B-AF59-83CA4481A544}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF0887FD-78A2-4E24-B162-A2450470198B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{22010915-3CB1-49AD-B8A4-5B7B0E9C4D24}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{7CB2A4E4-20FB-41F3-B66D-C296C872D397}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [{65819441-2143-4994-B316-0100BCA7C39D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB7DDCE1-E073-4F9E-BEBC-E2F224671A3A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26F2C71D-F146-4E9E-B309-92EB4A6FE5EB}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C5A6778A-0F5C-4744-8E62-5DA669C3DC3E}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6533B023-6C22-4B74-92AD-C024D73554C0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BBBC39E-B3BE-4951-8D62-A8412DBE2067}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94FFBE59-A931-4446-9446-8A5CC1CA6C38}] => (Allow) D:\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{D0FA4311-9E64-4369-890E-44EB991E3698}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B5B26A9-BB6C-4C5E-8A37-2F8FB97EBBD8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{A3A0F191-F7C7-487B-887D-8565F0CD4273}E:\battle.net\overwatch test\overwatch.exe] => (Allow) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{952E3CB4-C853-4AAC-9F2C-D1FC67236F75}E:\battle.net\overwatch test\overwatch.exe] => (Allow) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{18CBAA6F-A9A2-4CDA-9D72-827D6C8E9EF2}] => (Block) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{B2EDC2FD-6790-4BB9-9378-1C01F6D01749}] => (Block) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{A55BF103-F1BF-47D4-B328-A8755E78598B}] => (Allow) E:\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{F2CC6C75-FEA2-4A43-9A79-861243C37485}] => (Allow) E:\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{EC785DFA-FFC9-494D-B5A8-DA71B2DF853C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF434951-DBB3-499B-8CE4-D9884481A244}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA789665-F5C7-4B45-8278-FE13AB445259}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10C4F5BB-819A-4D87-B850-CF3EAB96C945}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2393ADB7-E94F-4371-8BF0-7885C216359F}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{55C05807-D963-4FE7-B093-64CB30B53FD3}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{42DBE3A9-97AD-4E5A-B94F-0937C6AABF3F}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{61A03441-F9A5-4B65-BB74-82414B7567A3}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{8F62D0A8-92F5-4C4B-AD27-8FD7A4BEB191}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{D8B9338C-B88B-4FAC-9EE3-53812653A295}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E092F6F0-8A41-4A6F-AE13-CF078849F2A0}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{AE89963B-1ED2-4E00-95F1-8F20FDA80806}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{1662CE85-1376-4665-A688-543EDED4EB4A}] => (Allow) E:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{18290207-D4CD-4546-BC15-F9F82A66ADB5}] => (Allow) E:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{AC68ABEE-F565-4383-A224-A94D4EF83814}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{87719472-E310-4954-8892-8B2BE791F397}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{8342BB5D-17B1-4597-B9F8-2A1C53CE133A}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{E51B4135-F172-4957-AA5A-40897A1153AD}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{09896922-FAA4-4EA3-A361-98B85F1E2BAC}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{6D879672-A67D-4BE4-8BE2-DDBA57C8BF25}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{03A52F65-8D66-43C2-B820-DEAA8B575895}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{3104A597-6C46-4719-8D6E-140D880C8F8D}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{B861438B-5706-4309-9944-B0381168E039}] => (Allow) E:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{524496C9-F3DD-40D4-8583-CF964E763AD5}] => (Allow) E:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{767DA008-C837-4970-920B-E94E761F2B26}] => (Allow) E:\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{C58C77FC-DCCC-4A7A-B8F5-4C6247FF2D8F}] => (Allow) E:\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{EBC2BA6B-73E6-4248-ABDF-44BC26C7D008}] => (Allow) E:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{AF15683B-78EC-4446-90AE-FC89F5752699}] => (Allow) E:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{D54E604F-D160-491C-9878-D623D87E78F7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D48770AB-30A6-4ABE-8029-9F4867D492FE}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66085248-4E28-4FD8-833D-BF0BE5B1CDA8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD63B894-EF0F-4366-AD30-E3D10CEC47CF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7DC7C80F-479E-4A5D-B533-84BB7F534F92}] => (Allow) E:\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{2DED0EDA-53DC-4041-A2F3-11A071C2DA0B}] => (Allow) E:\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{A6ADC0A4-1FC5-4A5B-8B0B-79B0EE209186}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{844E7129-D21B-40E7-8079-E7F089B2FC6A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
14-03-2017 16:49:16 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2017 10:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: msvcrt.dll, version: 7.0.14393.0, time stamp: 0x57899b47
Exception code: 0xc0000005
Fault offset: 0x000000000005b1bd
Faulting process ID: 0x2c7c
Faulting application start time: 0x01d29d10fe184527
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\System32\msvcrt.dll
Report ID: 36c83243-18dd-43da-bd4d-e1211d761766
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/14/2017 07:46:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/14/2017 05:32:01 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
 
Error: (03/14/2017 05:32:01 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
 
Error: (03/14/2017 05:08:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/14/2017 05:08:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/14/2017 05:03:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/14/2017 05:02:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/14/2017 04:49:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/14/2017 03:39:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (03/14/2017 10:27:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CFGCM)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 10:26:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CFGCM)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 10:25:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CFGCM)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 10:25:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CFGCM)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 10:24:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CFGCM)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 09:02:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CFGCM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-CFGCM\DESKTOP-CFGCM SID (S-1-5-21-3598720550-650973306-2224075286-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2017 09:02:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CFGCM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-CFGCM\DESKTOP-CFGCM SID (S-1-5-21-3598720550-650973306-2224075286-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2017 09:02:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CFGCM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-CFGCM\DESKTOP-CFGCM SID (S-1-5-21-3598720550-650973306-2224075286-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2017 09:02:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CFGCM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-CFGCM\DESKTOP-CFGCM SID (S-1-5-21-3598720550-650973306-2224075286-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2017 09:02:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CFGCM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-CFGCM\DESKTOP-CFGCM SID (S-1-5-21-3598720550-650973306-2224075286-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-03 18:41:50.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-03-03 18:41:38.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:19:01.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:18:54.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:18:51.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-07 14:16:31.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-06 20:35:46.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 20:35:45.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 20:35:42.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 19:27:16.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 8135.95 MB
Available physical RAM: 2461.36 MB
Total Virtual: 14494.35 MB
Available Virtual: 9367.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.69 GB) (Free:56.17 GB) NTFS
Drive d: (General) (Fixed) (Total:931.51 GB) (Free:911.81 GB) NTFS
Drive e: (Game Storage) (Fixed) (Total:1863.01 GB) (Free:733.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: DDF7ACBD)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 112E03A8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9883B529)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
"
 
There has been no changes i can spot, the remaining problems are basic popups in chrome that redirect to ads.
You said "Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again"
does this apply after this step?
 


#8 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 14 March 2017 - 05:52 PM

RogueKiller ran fine.

 

I’ll look at your logs in the morning, (GMT), but meanwhile, please run the following scan:

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 March 2017 - 02:48 AM

CKFiles:
"
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.JEAPIZ
 ----- EOF ----- 
"
 
Thanks for the help once again.
Colya,


#10 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 15 March 2017 - 07:27 AM

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Uninstall programs

Please uninstall this program:

軟体レッスン~いいなり彼女とひみつの放課後~

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
FF Keyword.URL: Mozilla\Firefox\Profiles\8qxu0hi6.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B76662C63-7E41-4BDF-B565-4F4C38C73EF2%7D&gp=811041
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]
2017-03-12 19:57 - 2017-03-12 19:57 - 00000000 _____ C:\autoexec.bat
2017-03-12 09:25 - 2017-03-12 09:25 - 00003762 _____ C:\Windows\System32\Tasks\blogcreativeorglropsm
Task: {12CAF165-2D6D-41FA-BDAF-6B1A8F4309ED} - System32\Tasks\blogcreativeorglropsm => Chrome.exe blogcreative.org/lropsm <==== ATTENTION
Task: {E0A2FCCC-AA59-40B7-8A4B-5484F16C677B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "Ilhsoft"
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "mailruhomesearch"
FirewallRules: [TCP Query User{14D00F20-669E-4FDE-85AF-7C47025EC414}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{91DA34E9-9CD0-496C-91AD-FE4B9C94F6D2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{0747A666-80AA-4CD5-85F1-24353BF91F5C}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{961EBF62-7A92-4170-86E4-0B2C07A8DC23}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 March 2017 - 10:47 AM

Fixlog:
"
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by DESKTOP-CFGCM (15-03-2017 15:38:22) Run:1
Running from C:\Users\DESKTOP-CFGCM\Desktop
Loaded Profiles: DESKTOP-CFGCM (Available Profiles: defaultuser0 & DESKTOP-CFGCM)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
FF Keyword.URL: Mozilla\Firefox\Profiles\8qxu0hi6.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B76662C63-7E41-4BDF-B565-4F4C38C73EF2%7D&gp=811041
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]
2017-03-12 19:57 - 2017-03-12 19:57 - 00000000 _____ C:\autoexec.bat
2017-03-12 09:25 - 2017-03-12 09:25 - 00003762 _____ C:\Windows\System32\Tasks\blogcreativeorglropsm
Task: {12CAF165-2D6D-41FA-BDAF-6B1A8F4309ED} - System32\Tasks\blogcreativeorglropsm => Chrome.exe blogcreative.org/lropsm <==== ATTENTION
Task: {E0A2FCCC-AA59-40B7-8A4B-5484F16C677B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "Ilhsoft"
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\StartupApproved\Run: => "mailruhomesearch"
FirewallRules: [TCP Query User{14D00F20-669E-4FDE-85AF-7C47025EC414}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{91DA34E9-9CD0-496C-91AD-FE4B9C94F6D2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{0747A666-80AA-4CD5-85F1-24353BF91F5C}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{961EBF62-7A92-4170-86E4-0B2C07A8DC23}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Processes closed successfully.
Firefox "Keyword.URL" removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => key removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => key removed successfully
NTIOLib_1_0_C => service removed successfully
C:\autoexec.bat => moved successfully
C:\Windows\System32\Tasks\blogcreativeorglropsm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12CAF165-2D6D-41FA-BDAF-6B1A8F4309ED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12CAF165-2D6D-41FA-BDAF-6B1A8F4309ED} => key removed successfully
C:\Windows\System32\Tasks\blogcreativeorglropsm => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\blogcreativeorglropsm => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0A2FCCC-AA59-40B7-8A4B-5484F16C677B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0A2FCCC-AA59-40B7-8A4B-5484F16C677B} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Ilhsoft => value removed successfully
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ilhsoft => value not found.
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\mailruhomesearch => value removed successfully
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mailruhomesearch => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{14D00F20-669E-4FDE-85AF-7C47025EC414}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{91DA34E9-9CD0-496C-91AD-FE4B9C94F6D2}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0747A666-80AA-4CD5-85F1-24353BF91F5C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{961EBF62-7A92-4170-86E4-0B2C07A8DC23} => value removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46693906 B
Java, Flash, Steam htmlcache => 385758218 B
Windows/system/drivers => 984228 B
Edge => 19452008 B
Chrome => 734430759 B
Firefox => 6554339 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 828698 B
NetworkService => 182998 B
defaultuser0 => 128 B
DESKTOP-CFGCM => 30834947 B
UpdatusUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:38:43 ====
"
 


#12 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 March 2017 - 11:22 AM

 
New Frst:
"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by DESKTOP-CFGCM (administrator) on DESKTOP-CFGCM (15-03-2017 15:41:45)
Running from C:\Users\DESKTOP-CFGCM\Desktop
Loaded Profiles: DESKTOP-CFGCM (Available Profiles: defaultuser0 & DESKTOP-CFGCM)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Software, Inc) D:\Multiplicity2\MultiSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Stardock Software, Inc) D:\Multiplicity2\Multipl2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Control.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Drag.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DTAgent.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202008 2013-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [R.A.T.Pro S] => C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe [163840 2016-01-11] (Mad Catz Inc)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MSI)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Discord] => C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Steam] => E:\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [GoogleChromeAutoLaunch_92870429EEE61869F0498A4494B1CE4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-01-05]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Yeti Pro Control Panel Autostart.lnk [2017-01-05]
ShortcutTarget: Yeti Pro Control Panel Autostart.lnk -> C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe ()
Startup: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-01-06]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{bfb28e3b-604e-40c8-8600-a61af6264c38}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3598720550-650973306-2224075286-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-26] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-26] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 8qxu0hi6.default
FF ProfilePath: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu0hi6.default [2017-03-15]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3598720550-650973306-2224075286-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DESKTOP-CFGCM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-08]
CHR Extension: (ZenMate Web Firewall (Free, Plus Ad Blocker)) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc [2017-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Enhanced Steam) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
New Frst:
"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by DESKTOP-CFGCM (administrator) on DESKTOP-CFGCM (15-03-2017 15:41:45)
Running from C:\Users\DESKTOP-CFGCM\Desktop
Loaded Profiles: DESKTOP-CFGCM (Available Profiles: defaultuser0 & DESKTOP-CFGCM)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Software, Inc) D:\Multiplicity2\MultiSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Stardock Software, Inc) D:\Multiplicity2\Multipl2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(LogMeIn Inc.) D:\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Control.exe
(Stardock Software, Inc) D:\Multiplicity2\MP2Drag.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DTAgent.exe
(Hammer & Chisel, Inc.) C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202008 2013-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [R.A.T.Pro S] => C:\Program Files\Mad Catz\R.A.T.Pro S\RATProS_Profiler.exe [163840 2016-01-11] (Mad Catz Inc)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MSI)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Discord] => C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [Steam] => E:\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Run: [GoogleChromeAutoLaunch_92870429EEE61869F0498A4494B1CE4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-01-05]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Yeti Pro Control Panel Autostart.lnk [2017-01-05]
ShortcutTarget: Yeti Pro Control Panel Autostart.lnk -> C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe ()
Startup: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2017-01-06]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{bfb28e3b-604e-40c8-8600-a61af6264c38}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3598720550-650973306-2224075286-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-26] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-26] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 8qxu0hi6.default
FF ProfilePath: C:\Users\DESKTOP-CFGCM\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu0hi6.default [2017-03-15]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3598720550-650973306-2224075286-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DESKTOP-CFGCM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-08]
CHR Extension: (ZenMate Web Firewall (Free, Plus Ad Blocker)) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphffohcfcaeoekbkfibilcmmoakhmfc [2017-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Enhanced Steam) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\DESKTOP-CFGCM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]


#13 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 March 2017 - 11:29 AM

==================== Files in the root of some directories =======
 
2017-01-18 20:19 - 2017-03-10 15:04 - 0000034 _____ () C:\Users\DESKTOP-CFGCM\AppData\Roaming\AdobeWLCMCache.dat
2017-01-06 20:39 - 2017-01-07 14:29 - 0007606 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-12 01:28
 
==================== End of FRST.txt ============================
"
 
New Addition:
"
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by DESKTOP-CFGCM (15-03-2017 15:42:17)
Running from C:\Users\DESKTOP-CFGCM\Desktop
Windows 10 Pro Version 1607 (X64) (2017-01-05 21:22:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3598720550-650973306-2224075286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3598720550-650973306-2224075286-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3598720550-650973306-2224075286-1000 - Limited - Disabled) => C:\Users\defaultuser0
DESKTOP-CFGCM (S-1-5-21-3598720550-650973306-2224075286-1001 - Administrator - Enabled) => C:\Users\DESKTOP-CFGCM
Guest (S-1-5-21-3598720550-650973306-2224075286-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS Xonar DS Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Bitcoin Core (64-bit)) (Version: 0.13.2 - Bitcoin Core project)
Block N Load (HKLM\...\Steam App 299360) (Version:  - Jagex)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 Test (HKLM\...\Steam App 205790) (Version:  - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Hand of Fate (HKLM\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Line of Sight (HKLM\...\Steam App 436520) (Version:  - BlackSpot Entertainment)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{16e9d5fd-3acf-402c-8502-411db3385930}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
R.A.T.Pro S (HKLM\...\{9E36C430-87EA-40AE-95DB-769212662347}) (Version: 7.0.52.3 - Mad Catz Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.0.0 - Adlice Software)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Stardock Multiplicity 2 (HKLM-x32\...\Stardock Multiplicity 2) (Version: 2.01 - Stardock Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.022 - MSI)
The Culling (TEST SERVER) (HKLM\...\Steam App 468220) (Version:  - )
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Sims™ 3 (HKLM\...\Steam App 47890) (Version:  - The Sims Studio)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
We Were Here (HKLM\...\Steam App 582500) (Version:  - Total Mayham Games)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yeti Pro Driver v2.23.0 (HKLM-x32\...\Yeti Pro Driver v2.23.0) (Version: 2.23.0 - BLUE)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3598720550-650973306-2224075286-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12690767-2D38-41FC-A2C1-559805EAD384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {23FF652B-905A-4696-9B70-2DB0B2BE4EA2} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-CFGCM-DESKTOP-CFGCM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {344D8A77-E8F9-4905-BD41-DCB3304327BC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {3D6A8C66-FB68-448C-90D4-CB7A8A43CD0D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {3DCA1ED1-9626-48DC-98A4-94BBF3FC6963} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {3EEE2C35-5EFD-4FEF-A581-D42CA5247C50} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {6C4F456A-B893-422D-A727-51CD99A69A78} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {75A50B77-04AB-4870-8ED4-2C70614BB3B7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {77FAC3E3-D008-46C9-8E82-4BBF1E59286C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {84864F63-0517-40B1-A4F8-A78A7E2B0BB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {888F916A-CD79-44EC-8BCC-8D752B39A225} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {993816C9-5342-4247-9710-DFD482E4ABA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {AE8F861D-239A-4710-A2AA-DBE49C954D4B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {B5CC1977-6AFD-403A-91B2-7D641A76CF5D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {CBCA0112-AADE-4094-970F-3E1A3F5E2665} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {D4F0485A-41B7-40D7-945C-209F72935AC8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {E3E77CAB-41CC-4D92-8B15-12A039C69F39} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E776FA2F-387B-414C-A101-188B03AF1ABA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {F5FC58B3-5DA5-4479-831F-230BC624B984} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-03-14 17:33 - 2017-03-04 07:19 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-05 21:25 - 2017-02-09 22:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-01-06 08:15 - 2017-02-23 18:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-03-13 16:19 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-14 17:33 - 2017-03-04 07:19 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-01-06 08:50 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-06 00:05 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 17:32 - 2017-03-04 06:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 17:33 - 2017-03-04 06:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 17:33 - 2017-03-04 06:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 17:33 - 2017-03-04 06:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-14 17:33 - 2017-03-04 06:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-14 17:33 - 2017-03-04 06:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-14 17:33 - 2017-03-04 06:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 15:47 - 2017-03-13 15:47 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 15:47 - 2017-03-13 15:47 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-06 20:59 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:59 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-05 21:31 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2017-01-05 21:31 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-01-05 21:55 - 2008-07-11 07:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2017-01-05 21:55 - 2008-07-11 07:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2016-01-11 16:16 - 2016-01-11 16:16 - 12441600 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\Pr0fileEditor_Forms.dll
2016-01-11 16:16 - 2016-01-11 16:16 - 00007168 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\en\Pr0fileEditor_Forms.resources.dll
2016-01-11 16:19 - 2016-01-11 16:19 - 00011776 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\Saitek.Serialization.dll
2016-01-11 16:17 - 2016-01-11 16:17 - 00017920 _____ () C:\Program Files\Mad Catz\R.A.T.Pro S\ProfileDoc.dll
2013-08-08 14:35 - 2013-08-08 14:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2017-01-05 21:54 - 2014-05-16 07:35 - 00409600 _____ () C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
2016-10-01 07:08 - 2016-10-01 07:08 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-07-16 11:42 - 2016-07-16 11:42 - 01872384 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2017-03-14 17:33 - 2017-03-04 06:06 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2017-03-14 17:33 - 2017-03-04 06:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-03-14 17:33 - 2017-03-04 06:04 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-03-14 17:33 - 2017-03-04 06:04 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 11:43 - 2016-07-16 22:54 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 11:43 - 2016-07-16 22:53 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 11:43 - 2016-07-16 22:54 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 11:43 - 2016-07-16 22:53 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 11:43 - 2016-07-16 22:53 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 11:43 - 2016-07-16 22:54 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 11:43 - 2016-07-16 22:53 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 11:43 - 2016-07-16 22:53 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2017-03-14 17:33 - 2017-03-04 06:05 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2017-03-09 20:00 - 2017-03-09 20:01 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-06 08:15 - 2017-02-23 18:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-05 21:55 - 2012-06-06 01:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2017-01-19 05:46 - 2017-01-19 05:46 - 40524400 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-01-06 08:15 - 2017-02-23 18:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-12 07:31 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-03-14 17:03 - 2017-03-14 17:03 - 01082880 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-03-14 17:03 - 2017-03-14 17:03 - 03750400 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-03-14 17:03 - 2017-03-14 17:03 - 00914432 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-03-14 17:03 - 2017-03-14 17:03 - 01127424 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-12 07:31 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 07:31 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\DESKTOP-CFGCM\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-01-06 08:15 - 2017-02-23 14:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-06 08:15 - 2017-02-23 14:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-06 08:15 - 2017-02-23 14:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-03-15 15:40 - 2017-03-15 15:40 - 00148992 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Local\Temp\B555.tmp.node
2017-03-14 17:03 - 2017-03-14 17:03 - 02658304 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-03-14 17:03 - 2017-03-14 17:03 - 02130432 _____ () \\?\C:\Users\DESKTOP-CFGCM\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-01-05 21:54 - 2014-05-16 07:35 - 00192512 _____ () C:\Program Files\BLUE\Yeti_Pro_Driver\blueyetiproapi.dll
2017-01-06 08:45 - 2017-01-29 09:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-10-12 17:28 - 2016-10-12 17:28 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-12 20:11 - 2016-10-12 20:11 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3598720550-650973306-2224075286-1001\...\sharepoint.com -> hxxps://bacademy-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 11:47 - 2016-07-16 11:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3598720550-650973306-2224075286-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E44A1D6E-23D1-4BA5-939E-5FF11AA21DD5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2A157BA1-D610-49A6-BA83-9B6C2DE0578D}] => (Allow) LPort=2869
FirewallRules: [{E8FE189E-2D88-4871-BC3D-5F1FB2907C4C}] => (Allow) LPort=1900
FirewallRules: [{CF766373-9BC3-4052-A36C-FB5BCAF44D7C}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6961BB87-20A5-40ED-A5A0-CCA69FC3C61D}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{D3B3809E-76E0-4706-B57F-131E5DC46197}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14E63BE1-A9D1-4496-9034-B4384631588F}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EB45238-1B0B-4B47-B75C-832A3D8810D2}] => (Allow) E:\Steam\steamapps\common\CityofSteam\Launcher.exe
FirewallRules: [{690C53EB-3C17-459B-884C-71787552BDF5}] => (Allow) E:\Steam\steamapps\common\CityofSteam\Launcher.exe
FirewallRules: [{CF0FC1A9-9B69-422D-9E5C-D8C9C4013D59}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{178EAA46-D4DF-46A7-83AD-5A652F007429}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{6E5E0008-FE39-4FC6-A203-399276184E83}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{93A984D5-5F7C-4C36-A84F-16FC039E54F5}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D86ED5FA-2355-4841-B8DA-665DF7689425}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F01D95D9-94AC-4A0C-AA9A-03A86E484F40}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F5B92D1A-EF9B-49A8-B253-C46F88A43E93}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{D6B0C2D3-8A27-4BE4-99A1-91313E748C6A}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{F8E80B69-B15B-4271-B6AF-D0911A98210A}] => (Allow) E:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{5B430F9B-B1FA-4D0B-85BD-183B31CBDE45}] => (Allow) E:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{B7D2FEA0-C6D9-4E04-A201-CFA17C58F535}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{11C36809-38A1-4CF8-A832-87C0D8094961}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2BAF75B5-028B-4959-A26A-5974BBECEDC0}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{EBD42DBB-6AD2-4592-8F81-5E465C237D95}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{FA52532A-5F22-49A4-B91C-1A90B38B9DFF}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{D9B97D99-9FC4-42AD-A536-E302992CB767}] => (Allow) E:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{E97E9A34-4308-4606-8DA8-D9D7243BF1B9}] => (Allow) E:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{764C9FD0-34FB-42A3-A901-105060EF0125}] => (Allow) E:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F9A8EE4F-4DE9-4B73-B470-B17EFCB69743}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4C344574-8512-46BC-88C6-C0718B01511F}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{2B3B0231-1D22-444F-9C57-97D028BF49F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{B4774A20-0432-4EB9-A106-24E29A1329E4}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{294A71CC-855C-4A80-93DE-ABC7AAE656CA}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{7E973378-22B2-4BBD-9159-FCAC429604AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{23A1B416-84E1-4A34-B885-A2346A36784B}] => (Allow) E:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{603C1681-A117-4883-881D-CB049CC4AABF}] => (Allow) E:\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{C9AF50EC-8D1A-4030-943C-741EBAECBEBB}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{742335DE-26F1-40DC-886B-CAC817C6BFD8}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{4B90B102-739F-4BAF-B007-4E968C1BEF22}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{2FE871F0-11DB-4BF4-A4BA-95132FF298C0}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{C25F5F77-ABEC-436D-AAC7-323F843B4DC8}] => (Allow) E:\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{A30E9CAE-EC9C-4F6A-A071-282684C8148B}] => (Allow) E:\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{C6D9B53C-0A75-4F4D-9C7F-D793C4469A13}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{42F7ADEF-9D74-4569-9DCB-7302F973F32C}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{E3A01ECB-D8CA-4996-99E3-0E7B93F0F935}] => (Allow) E:\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{EA80057A-A992-423F-9FDC-CEDF0D6A56B7}] => (Allow) E:\Steam\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{84CB3734-0CEC-48FE-80B0-E35809B8F2CD}] => (Allow) E:\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{CA007DD7-65BF-41C7-A530-76CD295BD0C7}] => (Allow) E:\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{852A2DE8-4824-4D68-B0BD-D87C9F2B9B87}] => (Allow) E:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3F1CCA27-A9C5-4F50-BF39-19423F06342F}] => (Allow) E:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F79285D5-51A5-402A-88E3-1D82050B2AB6}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{28154443-7FDA-4A6D-8CAF-21253751708E}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{9C485BB0-70FB-4318-B692-1EE18553CE7C}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{3E402516-CE30-452D-BAFA-E49541221AAE}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{CEE208FA-5E4F-40E5-A7EE-5436FF35239B}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{9884B5E6-80A1-4C15-91D9-76D4EA245DC6}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{1E2EF8BD-7C23-4534-9B67-0E0A322D27D6}] => (Allow) E:\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{74D2CE76-2F2E-4B33-B1AE-E8E646920E91}] => (Allow) E:\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{CF9C5246-2741-43F5-87BE-10A70FA6D9DC}] => (Allow) E:\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0DF2618C-12C5-4B65-8845-A1AB8B4D3D42}] => (Allow) E:\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{50B8D422-6944-446C-BEF5-EC0F59BA4053}] => (Allow) E:\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{59E4032C-B0E5-4871-B456-4E09BA9B6CA9}] => (Allow) E:\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{35D445D6-AEC5-4DFC-9157-9E075580C3D3}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{BE8C58CA-3EB9-40C2-85CF-1B8211C01C6A}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{7D7E36BE-94DD-4B78-8198-22EBDE50E257}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5EF4E82B-CCB3-4BC9-A5E7-6BBFA0CF1B10}] => (Allow) E:\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7C6ED540-B4F1-4CC2-AC76-EB40B58B77FA}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{C35751E3-AA75-4410-8386-8CE20F385558}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{ED306C69-37C6-4378-B42F-2290D5F0EE10}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{F278ED5B-3826-4C61-A84D-D81F1B4BEBD6}] => (Allow) E:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{00D1E555-E739-47E1-8443-9F77C9AAE003}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{9F05603C-A333-4F72-AF0C-DC6166D113F3}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{0C05E5D0-98B5-412C-8C3F-4970F7CC6FA2}] => (Allow) E:\Steam\steamapps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{1DA501AA-392B-47BE-BAF4-9A279640C52D}] => (Allow) E:\Steam\steamapps\common\Infested Planet\InfestedPlanet.exe
FirewallRules: [{A292B2AA-8360-4491-A0C8-FE3D403EC0FB}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{1012DEE5-9D76-42ED-AA32-73197832B851}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{EFE16FAF-5B07-4107-ADB9-26D2891A3802}] => (Allow) E:\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{FCB49842-7004-4E9D-8AF8-9BA4618C6E37}] => (Allow) E:\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{2BD92DEF-2657-47A1-8896-041EEB5D9E7B}] => (Allow) E:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{104747D8-0AD9-471E-A80D-E1E805932DE5}] => (Allow) E:\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{81E589A7-9A27-414A-9AD3-393FF5628A5F}] => (Allow) E:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{DA27275B-A8D6-4705-BC9D-CE1F18BD0BB5}] => (Allow) E:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{1C114EDC-8569-4070-9EF6-241BB89EFB3B}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{65EB5A6E-E80E-494B-9DCB-83EE42A92AB7}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{2B6573A2-64FC-4068-A9F4-F14335E77A6C}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{2C35A4CE-0CD2-4E82-A791-7083036740C4}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{F09AF5C8-0CD7-4383-94B6-2E012C165665}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EB13A828-2C62-44C3-80D6-B55DDF6A6CD8}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EDD51C9C-4361-4BB6-9655-AB4B51829CAB}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D24C0DCD-91D1-4863-A31D-0667A5432077}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{0D14BC12-C04F-4489-AA10-746863CDB389}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E9D3CA89-9FED-4F29-9B14-3DC27616F7E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4A341141-7F49-45FC-92F1-3EF9BACDD4F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{83B9D21D-72B5-499B-8980-2AA1EB0E8B64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1C6C743-3314-4AD9-86CE-14F583B8DA8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAF3F85F-4F6F-47F0-830B-A801D052C0B9}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{400DCDD3-3CB9-4752-91A2-A4BA427ECC2A}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE4C47B0-B59E-4B37-AAC8-AB170DE2EEF8}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7655B197-806A-4E75-8543-99469DF6B8CA}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7302611D-B9B0-4A9A-B7D7-5F4FDEA3F7A9}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C3AA626-D02C-4CAA-BFAE-1BC90AF262E7}] => (Allow) C:\Users\DESKTOP-CFGCM\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{904D62A0-3C95-440E-A8EE-A0D76E35E0C3}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{9AD1E7D0-C475-4DB5-91F8-E112DC55E11F}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{BE7B573F-7C11-468D-8882-22D4B0DAC4DC}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{5DCC72F3-4577-4F24-9FEF-150C11F82652}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{81CA380C-8610-43BB-BF73-C28425675997}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0E99E4EE-28F3-41B2-A8EB-CA2171144942}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4C7F0AB4-ED04-4F8A-8556-3006A27BC661}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8963490F-2FE6-474D-B910-3558D7BBEAE9}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{50EAD4DB-4A41-4927-A7AB-F051519A92FC}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{E49A4576-F79C-4DE1-9831-33A6BDA05C55}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{242DE765-2723-493A-8157-79ED8A22B7F0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{244E7CEF-4DC3-4464-951A-880041DBF59D}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{C353173D-BA99-4849-9E7B-E8C58E1410D7}] => (Allow) E:\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{B0EF21EF-4D86-468B-98F9-39F2B505DFE9}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{59717C60-C5B3-445A-9A25-A912318020DF}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{B661A022-8504-4018-AE6B-F56DB69E9A3C}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{A831D0E1-00A6-4ACD-93C5-2DB96BE61098}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{EBD37AF7-A3AB-48A4-8F1E-3EFB94EBFA40}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5A2BF9E8-557E-4A2A-9D98-3E9F546140DC}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A6BC236F-1C00-4AE8-B03D-B8D4D6A77D81}] => (Allow) E:\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{47FCAD7D-B69E-45A7-A63C-798FAD1779A6}] => (Allow) E:\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{726E6BA7-6EFA-4171-88C5-2C71D336E2EF}] => (Allow) E:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{652F194B-FEF3-45F5-9CA2-303A3C5DDACD}] => (Allow) E:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{7D8D7BD6-E279-4C82-A44D-86208B0247A9}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{AA5D12FF-03F9-4229-A334-512C7DB0E642}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{0CE664D6-53F7-4365-B3A4-6F1530EACF22}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A04293E4-2EBF-46DD-8212-D2CC12428ECD}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{659E54E7-A600-4581-BFCD-518863254658}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{F2C2D9B3-D232-49E9-84DB-FA2A24D50A11}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{3B2E71A1-8900-4D02-AAF7-49512AEAB1B5}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{1CAF6560-9740-476A-BC3D-57CAD9BE2003}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{291A814F-0706-4C8F-B86B-02FC1176E8CD}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{45ABCF60-7341-4795-9E48-FEBA41020D87}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3F0521D7-15F9-4E26-9AC8-95C955A12A00}] => (Allow) E:\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{06C20E68-9737-4F0E-B839-96571E95BBDD}] => (Allow) E:\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{D4C089FD-6EA9-4479-AEA6-7E68DA491B90}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{8A89EFC2-83FC-44E5-996D-3148E6FA7A6E}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{4D307F8C-26C6-4A27-A36D-1E9CFED6625B}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{734437D3-D4F4-4D73-89B0-94C13882174B}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{B59AA6C9-F89C-4D62-A440-2F6F4045860D}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{F9BA96DB-A0E6-48A3-8B3B-26933341B087}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{48546E13-151C-45C1-819D-A3DE50117704}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{70029C4B-E69E-46C2-942F-6223E75ED3C5}] => (Allow) E:\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{CF5A4589-2263-4D95-8465-A29C08FC8ABB}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{50245698-3294-43E5-9C6B-D74EC004610D}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{DDCDEA81-2BB9-4F74-A326-30AA8D2CBEAE}] => (Allow) E:\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{19A3063D-0236-413A-8B76-DF6D3B38469A}] => (Allow) E:\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{CE2CA259-D5AF-4628-ACE3-C946F6C3932B}] => (Allow) E:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{0763943F-1021-45AF-A911-59F830650515}] => (Allow) E:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{E8A63C1A-3F68-4415-A545-9F83A79FD07D}] => (Allow) E:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{FEAC1249-1ECA-493D-8451-655C90632462}] => (Allow) E:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{D9AB2C9C-FEEB-4625-A199-51D3D3DFB19E}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{159FBCA5-245C-4798-BCBE-5A400565A928}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{64EFF0B3-547D-47A6-8382-EADE99C11BC0}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{A487BE54-8E25-4C32-B248-C397851F1A0B}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{93D30D3E-7A02-4425-96CB-D6CCB6B2B8E1}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C40A8853-AA24-4FDB-ACD2-FB672F653712}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C7D4D3E7-0707-42E5-8521-6611C7621C85}] => (Allow) E:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{2B52CE4C-6B68-4E0B-8168-5E2D3B814F9D}] => (Allow) E:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{D9A1AE14-CCB3-44B3-9504-86C71C86C28F}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3AD143A7-0ADD-4506-9C83-EF35F20EEC5E}] => (Allow) E:\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{3F9CAE3C-8D39-487C-8483-1457F8705682}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{18CA5B68-D03B-4521-9EA0-0ABD6FD032F4}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{41421C09-D542-4C06-9DB9-540E26CB1C77}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{F7813140-0D34-40B4-A283-D37F95F01E14}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{A0768156-B32D-4932-BCC4-8D1BDD267561}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{6325B1CC-2411-40D5-87F9-6AB9EEE34C45}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{25413462-81B3-4222-A347-B9A5AD7A2EC7}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{4CB2D38D-DEF8-4851-817E-98BB6A717AF6}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{3A3287CA-BB02-4242-8D78-E80410B6AB84}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{50C3EA62-66FA-4CDA-AF67-4DD8DCB7DEE2}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8AC54E0F-5329-41ED-9E36-17E7FBF149D7}] => (Allow) E:\Steam\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{DEFC9D91-5AA3-48C6-9021-440FAC0BF239}] => (Allow) E:\Steam\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{ADAC9AD1-DDF0-4B87-A235-441D64FF16A9}] => (Allow) E:\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{C894A6EC-C9D5-4656-9ABD-49A88785B958}] => (Allow) E:\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{872C501E-219A-4D31-8D7F-29FAC59ED67C}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{5A118D18-8DEE-470C-BF89-557AD5E38037}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{A2CB190A-DB0E-4218-A153-FCD9CC67B79B}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{D8488931-4299-4157-B7B0-BD68B99C56DB}] => (Allow) E:\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{7FB888DE-18AE-4199-BAF0-B9F2C6520E32}] => (Allow) E:\Steam\steamapps\common\The War Z\WarZlauncher.exe
FirewallRules: [{530FFED0-6832-43AF-A691-3EF2BEDC7F43}] => (Allow) E:\Steam\steamapps\common\The War Z\WarZlauncher.exe
FirewallRules: [{0436908A-9C1C-42A1-A70C-7A7DB263BB2D}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BBE28B85-4FFF-470E-ABCA-32AC1148D2C4}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6A1BF918-510A-435B-B631-F3D0C2D088C9}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{7335859C-EB9E-4DAF-971F-B115BC389430}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{9EB8C36C-54BB-4618-ADB0-1CE0E60E5C80}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{88DDA27F-06D5-46CE-BE35-6EB4DF417D06}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{DE5EDA71-BF1F-469D-AD5C-1769FFC6FDF7}] => (Allow) E:\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{18F2C309-917C-4FD4-AD30-33EFCEBA5083}] => (Allow) E:\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{EBB390FF-A910-4DD2-87F6-A92C4C2C496A}] => (Allow) E:\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{CEEE8C47-514A-41C3-AC31-008BDC6F4C40}] => (Allow) E:\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{779BECF6-A775-46C1-8CAE-6D4E65FD7526}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{622C89A4-0779-46E2-BD5A-834791D6B9AF}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{8DC02428-FACB-4E4B-8022-3AEBAD5036DC}] => (Allow) E:\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{6E0001B3-93FC-4599-AD3E-0F7515807A38}] => (Allow) E:\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{337E93FD-AF8F-446D-9EB3-59A72CBAA66D}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{7474E7A4-4A14-4046-9C53-263B52136709}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{D50D184B-007F-4B72-9415-38EFF3F0CA9C}] => (Allow) E:\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{B61065EF-FB41-48A9-8F4B-555C1C5A3CD0}] => (Allow) E:\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{D72165EE-D960-471E-B901-A47718A083F4}] => (Allow) E:\Steam\steamapps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{B8F57E69-A478-489E-856F-98E7FC227F1E}] => (Allow) E:\Steam\steamapps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{3C044E93-F364-414B-99DF-7FFED71CBF40}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{24E9BDA8-3103-4817-9FA1-1170E489BC2D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{C1969601-C0C8-4372-80FF-64E7774DEC27}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{AABDAB56-BEA0-46CC-9C33-4A62A24E7539}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{2508377F-73E2-4D1A-82CB-8A4F6B9D610B}] => (Allow) E:\Steam\steamapps\common\Loadout Beta\Loadout.exe
FirewallRules: [{22A37145-3747-4F81-9275-05CB11C8DE3E}] => (Allow) E:\Steam\steamapps\common\Loadout Beta\Loadout.exe
FirewallRules: [{63361FB8-2062-4DEE-8CA5-3B33B6C522A4}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{41D916C2-7247-4044-BA66-4A93E8875360}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3A0E907D-0792-4498-B98C-F584A3E66ABA}] => (Allow) E:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C8123428-600F-48F1-A318-1E1D58202889}] => (Allow) E:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C8D2C1CB-7658-431F-9331-EBCB5CD3F8C4}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{56B7C1AA-5BC7-4BDF-828D-1C5396A9D311}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{3E2C4D83-EAED-431B-A1AC-FF463E7915CF}] => (Allow) E:\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{303C1419-4969-420F-81ED-7B964346FAB9}] => (Allow) E:\Steam\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{312037C8-800E-48C3-A620-69CC0FCA3A2D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BFD81DE4-7F5D-40C6-AD52-818B46908A22}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BC8E69BC-D929-4BE2-993C-9D1DEF0BE46D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{D41B5937-455C-41C5-B45E-D942A6F1DE27}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{E710F250-431B-4917-ADCA-A79EA2E58A31}] => (Allow) E:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{F1C1ECCC-A930-4F02-AB52-A9018377A52E}] => (Allow) E:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{13BA07A1-412A-43DD-BFFC-E1707799C60B}] => (Allow) E:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{9C69AE65-D66B-4688-B4CC-192683DA9BA4}] => (Allow) E:\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{D3298338-0A95-4870-8FF8-862B5139BC50}] => (Allow) E:\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{0B09B687-F768-4F7B-AB10-AFCEEA29240A}] => (Allow) E:\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{51D8A5DF-BB5A-447A-BB1E-005681C18E24}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D9F562C3-E893-4589-961A-7388FFFD7F8E}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{9E5D2170-7BFC-4E7C-BAD5-AEA439D835C2}] => (Allow) E:\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{19CB7DD2-0D22-4F59-8F5D-804BD884217C}] => (Allow) E:\Steam\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{1579B1CC-6ACD-45C3-B823-0A3EB493BCFE}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{FF904C7D-0508-434F-AE3E-8FAAC23EC96A}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4F629E54-7BDB-4ABE-9088-FD2A6EB94FAB}] => (Allow) E:\Steam\steamapps\common\sZone-Online\game\SZoneOnline.exe
FirewallRules: [{6E44EEBF-258A-4A65-8275-DF34304426AF}] => (Allow) E:\Steam\steamapps\common\sZone-Online\game\SZoneOnline.exe
FirewallRules: [{C0CD20D4-B576-44D9-B8EF-71EF8FE1520A}] => (Allow) E:\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{0BE899F0-EE10-4A41-82B8-62F358C0F76E}] => (Allow) E:\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{BFF4A410-DAB5-4747-AE59-B6F0F797975F}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{7ECF827D-72DE-47E8-A150-C7EDC2C2CB9C}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{B8618431-5114-483B-A5E7-2900E22CC7DB}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{1CF5527A-118D-4162-93B7-40138DC2BAE2}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{17377B69-3D89-4247-B461-E8395A75CDB6}] => (Allow) E:\Steam\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{B564A255-458C-4847-B46A-881C0F696FEE}] => (Allow) E:\Steam\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{B9A9F8F6-D15A-44D3-92AB-B5CFA7F5C7A1}] => (Allow) E:\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{AA901809-9FA9-4860-9999-2B3D26AA3F64}] => (Allow) E:\Steam\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{B8D6F641-A7BE-4EBA-AFC8-25F24CFA2D01}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{593D0A98-9F1F-425E-A6C0-8967E3E2AEDF}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill Test Server\LaunchPad.exe
FirewallRules: [{34F757E1-0C80-42F1-AC71-C21F7EF77DE2}] => (Allow) E:\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{CFA81572-E7D6-4314-A3D6-1AE1625CA695}] => (Allow) E:\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{5485F7D7-8A3D-495F-A03C-88AB2EE73CF5}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{B7437305-A270-45BE-B62F-309CEA9921C8}] => (Allow) E:\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{2B6F7C73-3CA6-4F8B-87B8-3DBDD98AF58E}] => (Allow) E:\Steam\steamapps\common\ArcheAge\GlyphClient.exe
FirewallRules: [{B0AAA52F-07B5-4168-AA37-AD6A1064D85B}] => (Allow) E:\Steam\steamapps\common\ArcheAge\GlyphClient.exe
FirewallRules: [{CD8B4D55-6188-4322-B7A7-17510785895F}] => (Allow) E:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{548E42F0-AD39-4B22-906E-330612377507}] => (Allow) E:\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{371B2779-9B89-4E60-A690-AE3205797048}] => (Allow) E:\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{4F1DEDC6-75D1-47BA-BCFC-D8CE3CC3CE43}] => (Allow) E:\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{5E77C787-721C-4729-8A18-F69DF2C21A80}] => (Allow) E:\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{4F1F6EDC-4438-4534-A63C-757091924376}] => (Allow) E:\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{E02C3B5A-1796-4A45-AF7E-83202F91606B}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{AB110EA4-12F7-4BB9-8E32-17E9C6C48153}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [TCP Query User{B75C9745-956F-4A51-9FBC-992A83378CB6}E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FF46C1A1-AB4F-4DBE-A726-D97925E8F907}E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{76AB2C27-B086-4D30-B11D-FD82CDDDD09E}] => (Allow) E:\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{80042E94-9EBE-4252-A4F9-28C1BB36764C}] => (Allow) E:\Steam\steamapps\common\AION\NCLauncher.exe
FirewallRules: [{BA27BFC0-313E-4BC1-A6B9-92B7279F5710}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6142613D-8FBD-4D80-998F-FCE73EA88B54}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{40551513-2148-4C4C-BD56-C488CAA3738E}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A8834467-BB41-4A71-8061-D71E6910A17F}E:\battle.net\overwatch\overwatch.exe] => (Allow) E:\battle.net\overwatch\overwatch.exe
FirewallRules: [{0EEE103F-6031-4EB1-B2DC-F20F412E866D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DDDBAFA7-987B-46FE-B371-ED99FED8EB70}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F2D56DA5-98FC-41AF-A35D-DB8AFFA605AD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{7E737D3D-8C69-44B4-9DF9-10428D6F6E54}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E4F0B40E-1B45-4A92-BD76-DB431E332D24}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{071B9C85-D2DD-46F0-BDF6-216F6C082FB7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AC25259-5A94-455C-8F2A-E99975F36EAD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EAFD477-F3C8-4EB6-849A-4039E9B2BFF1}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D14AB686-4B0F-4459-9AE0-E097D09A1F3E}] => (Allow) LPort=30564
FirewallRules: [{4F0A9991-06E8-4642-9EFF-AB64794B5248}] => (Allow) LPort=30565
FirewallRules: [{11DE89F2-D2A7-45FB-BAE2-6DF5BE6F0364}] => (Allow) LPort=30567
FirewallRules: [{61BAF19F-9F52-4C44-84AF-D9E38DC50E1C}] => (Allow) D:\Multiplicity\Multipl2.EXE
FirewallRules: [{B853C5D7-480D-4FC3-AE6F-97CAAEBF1BF4}] => (Allow) LPort=30569
FirewallRules: [{715C63C3-1A09-438E-978B-914ADE02A36B}] => (Allow) D:\Multiplicity\MultiPLV64.EXE
FirewallRules: [{A0F0F0B7-BF9A-4A03-9D56-7C183B7C8B00}] => (Allow) D:\Multiplicity\MPRDP64.EXE
FirewallRules: [TCP Query User{ABF6AAF7-D391-45C8-B71E-CAC251EED059}D:\multiplicity\multipl2.exe] => (Allow) D:\multiplicity\multipl2.exe
FirewallRules: [UDP Query User{9E2D7767-F550-443D-AE63-92AEF3566B59}D:\multiplicity\multipl2.exe] => (Allow) D:\multiplicity\multipl2.exe
FirewallRules: [TCP Query User{B1E1694B-A4C8-4D45-8DD0-5A56E85EF33F}D:\multiplicity2\multipl2.exe] => (Allow) D:\multiplicity2\multipl2.exe
FirewallRules: [UDP Query User{B6B7A3C4-72ED-4AEC-AB15-1B689EA9824D}D:\multiplicity2\multipl2.exe] => (Allow) D:\multiplicity2\multipl2.exe
FirewallRules: [{0A7FB1CE-B074-4E1A-A8C1-0BE9B9579B58}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA13250D-C593-4441-9700-BDE4DA23538A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA51ACCB-6E99-4FFE-99B5-ECA0B69B2A75}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3EE97F56-41EF-42A4-9F9A-862F61DB0E2B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{37BCBBDB-0C7D-4D25-ACBB-DAC9E10CC5B2}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A454DB68-7FDE-4301-AACC-369F94905FD4}E:\battle.net\hearthstone\hearthstone.exe] => (Allow) E:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{7A3CD187-0F12-4D16-982F-570897F99E28}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC3B5D4B-183A-4271-B69C-5F370523974D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D5BA6F8-2CD6-49F4-87EB-5ECF80CFCA2C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B5E7E53E-BACE-4B6F-9453-06FDA2F62E75}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22BBAC98-452A-4EF3-8903-C69902673BCB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FB983CB-973D-4FE0-AB86-248E20E1DB7B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{776A5D3C-B88F-4422-9657-269FC2AF56BB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB93D95F-1507-438A-A4CD-6F4D14C82E3A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF266234-2C27-4DCA-AC7C-EC7B4B839E74}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E49D7DB-1E13-4CB0-99B0-FCD04BC8F61F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9FAFE8F8-AC3D-40C6-BE20-C7F713BC335B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DEC40D8E-EB97-4CA1-A661-5471A3E79F26}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1045F6FC-165F-469D-A3D5-90124F405A49}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D269829A-24CF-43FD-990C-B50F76BAD8AF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8622DD2D-5FB0-41C2-ABBF-E2D07C0310FD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{436BA5B2-E570-47E5-BADA-3C7803757DCC}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB4EA9AB-6FB0-4AE8-A264-D10B544DC116}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{26483BE5-396D-460A-B0D3-BB734680801B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA792503-17A7-492D-A161-D2B95980ABA6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{912040F1-7A7A-43F4-BC06-69CFA6F2AD05}] => (Allow) E:\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{8A5EE1E8-358D-47D2-8474-94AAECE93B33}] => (Allow) E:\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{93F1F203-2143-4C0F-A1BF-791A2CAB0D61}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06CF9006-E3B9-41A4-A2DE-F2997974DB43}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3536C32E-8F72-4889-91C3-641C4B3B8661}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{62CB94C6-6E76-431E-94A0-157785EA466C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{721ECEE9-A71E-4999-8044-FDC7F39F742A}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{50E3DDB4-D2E2-4EF7-A8AF-11EA2F0D46CE}] => (Allow) E:\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{151FD1E6-7A07-488B-AA68-8D93C359BCEA}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA10C7C7-B12D-401E-AB61-A73B946E9383}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65D2F658-355F-46E1-9968-8D0A810FD7A8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{861F6CF3-6DF7-46C5-AB45-39CC31B3D15B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{49C664B4-9C26-49C1-A083-51D50E0A63A6}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{652B6A2D-5266-4A30-817B-E17680AA5305}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{1F69F4DD-FAF1-404F-A20C-DD7240CB9DFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CAF1A1AE-20CE-46DC-B226-B52F6CAA8C85}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23A9599C-CEC1-4EFC-893A-BA6C660B9A0D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06D12F25-A3D6-4872-970F-EBEA69F1C8F6}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{6692A9C0-9FFA-4674-ACAB-6C9349D07438}] => (Allow) E:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{05293E3F-4752-4136-9D20-D3EDD9F0ED35}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC533520-F236-42F6-87FC-06A6E17E53A0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27B47A79-F18A-4490-9E04-861E60DFD012}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F817DB5-1D02-4BEC-BD50-D81BDDE9B989}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7CEECFB3-39FF-4CAC-9B98-44E7A2DE2093}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{01F52B1E-0503-413D-9747-E0976F4A11FC}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{90A0F0EA-BFEA-44F3-AE34-54FD09581BB6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8C496A0-D948-4EF1-B44F-B6B5FC767B01}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF3397C4-A772-439A-8408-B0524B1AAC9F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60A72B0F-E92F-45ED-A9BD-2E05E6BE69F9}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{07D2B200-671A-43F0-B889-98FCF6BE1354}] => (Allow) E:\Steam\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{356D91D3-4A46-4428-91F9-F295F40D90F6}] => (Allow) E:\Steam\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{6CBA96A2-7B5F-4DAC-9B10-021467ECC1B1}] => (Block) C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe
FirewallRules: [{2F988877-4F9F-44DF-BD10-2EB54DC0B474}] => (Block) C:\users\desktop-cfgcm\appdata\local\temp\i1487099493\windows\resource\jre\bin\javaw.exe
FirewallRules: [{92542070-48F8-4659-ABE0-7E215686BD14}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D2CFFCB-9452-4463-A901-E9B93740D55F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{64F0AE8B-A6CD-4AC7-A2A2-843D3E8CEE6D}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{A7136C4E-8261-42C1-9BD1-928362530C32}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{97C62390-486A-4262-8AC7-D5D29C5BC00F}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{C4A8ABF6-E4EA-4993-A262-E057762D67E7}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{6A63F722-52BA-49E6-9FD7-3B2ACCFE8AF4}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{264FED56-6016-40AD-9B66-C9BCA2654029}] => (Allow) E:\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{832B82DE-0C74-4ED2-B203-826BF244CEBF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{669214D4-BE8A-4F47-9D31-D3DEBF7B3FC6}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{79646C29-3266-41E9-9B10-F9653C47D03A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5B62BBD-58EA-4C80-BB9D-F74D80610C66}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{541D8446-3779-4BA7-AD1C-261C8D89847D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA75C84D-371F-4AD2-941E-E5AA1D0294F7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{413DA376-1D5D-4C5A-920E-39DD9A8246BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6BD0691F-17D4-4DED-BAD3-BD7784E674A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45FDFDEB-321E-4CEB-B53A-4EBCAA0D8174}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C884AED-EC7F-41EB-86AE-12945DBC0EC8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E12FDC3-A37D-4FD6-AD55-B3F5FAE7E4A9}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2946EEE7-26DF-491B-B456-40272CE2ED93}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CABE7F9-08D7-4A7F-885E-13DB96929D73}] => (Allow) E:\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3B8669B5-96B6-45DA-90B3-166F56872056}] => (Allow) E:\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{03F47868-CD92-4FCE-96C4-52B6D7C93B05}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB9606B3-8721-4782-958F-9D4A2247AF9D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6998768E-AD3B-41F3-96E0-373A87728F09}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B3D08751-63A3-4745-BC17-951BFA06D8B8}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5A7D6354-3E2F-440B-AF59-83CA4481A544}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF0887FD-78A2-4E24-B162-A2450470198B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{22010915-3CB1-49AD-B8A4-5B7B0E9C4D24}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{7CB2A4E4-20FB-41F3-B66D-C296C872D397}D:\bitcoin\bitcoin-qt.exe] => (Allow) D:\bitcoin\bitcoin-qt.exe
FirewallRules: [{65819441-2143-4994-B316-0100BCA7C39D}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB7DDCE1-E073-4F9E-BEBC-E2F224671A3A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26F2C71D-F146-4E9E-B309-92EB4A6FE5EB}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C5A6778A-0F5C-4744-8E62-5DA669C3DC3E}] => (Allow) E:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6533B023-6C22-4B74-92AD-C024D73554C0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BBBC39E-B3BE-4951-8D62-A8412DBE2067}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{94FFBE59-A931-4446-9446-8A5CC1CA6C38}] => (Allow) D:\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{D0FA4311-9E64-4369-890E-44EB991E3698}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B5B26A9-BB6C-4C5E-8A37-2F8FB97EBBD8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{A3A0F191-F7C7-487B-887D-8565F0CD4273}E:\battle.net\overwatch test\overwatch.exe] => (Allow) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{952E3CB4-C853-4AAC-9F2C-D1FC67236F75}E:\battle.net\overwatch test\overwatch.exe] => (Allow) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{18CBAA6F-A9A2-4CDA-9D72-827D6C8E9EF2}] => (Block) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{B2EDC2FD-6790-4BB9-9378-1C01F6D01749}] => (Block) E:\battle.net\overwatch test\overwatch.exe
FirewallRules: [{A55BF103-F1BF-47D4-B328-A8755E78598B}] => (Allow) E:\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{F2CC6C75-FEA2-4A43-9A79-861243C37485}] => (Allow) E:\Steam\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{EC785DFA-FFC9-494D-B5A8-DA71B2DF853C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF434951-DBB3-499B-8CE4-D9884481A244}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA789665-F5C7-4B45-8278-FE13AB445259}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10C4F5BB-819A-4D87-B850-CF3EAB96C945}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2393ADB7-E94F-4371-8BF0-7885C216359F}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{55C05807-D963-4FE7-B093-64CB30B53FD3}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{42DBE3A9-97AD-4E5A-B94F-0937C6AABF3F}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{61A03441-F9A5-4B65-BB74-82414B7567A3}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{8F62D0A8-92F5-4C4B-AD27-8FD7A4BEB191}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{D8B9338C-B88B-4FAC-9EE3-53812653A295}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E092F6F0-8A41-4A6F-AE13-CF078849F2A0}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{AE89963B-1ED2-4E00-95F1-8F20FDA80806}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{1662CE85-1376-4665-A688-543EDED4EB4A}] => (Allow) E:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{18290207-D4CD-4546-BC15-F9F82A66ADB5}] => (Allow) E:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{AC68ABEE-F565-4383-A224-A94D4EF83814}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{87719472-E310-4954-8892-8B2BE791F397}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{8342BB5D-17B1-4597-B9F8-2A1C53CE133A}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{E51B4135-F172-4957-AA5A-40897A1153AD}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{09896922-FAA4-4EA3-A361-98B85F1E2BAC}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{6D879672-A67D-4BE4-8BE2-DDBA57C8BF25}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{03A52F65-8D66-43C2-B820-DEAA8B575895}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{3104A597-6C46-4719-8D6E-140D880C8F8D}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{B861438B-5706-4309-9944-B0381168E039}] => (Allow) E:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{524496C9-F3DD-40D4-8583-CF964E763AD5}] => (Allow) E:\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{767DA008-C837-4970-920B-E94E761F2B26}] => (Allow) E:\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{C58C77FC-DCCC-4A7A-B8F5-4C6247FF2D8F}] => (Allow) E:\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{EBC2BA6B-73E6-4248-ABDF-44BC26C7D008}] => (Allow) E:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{AF15683B-78EC-4446-90AE-FC89F5752699}] => (Allow) E:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{D54E604F-D160-491C-9878-D623D87E78F7}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D48770AB-30A6-4ABE-8029-9F4867D492FE}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66085248-4E28-4FD8-833D-BF0BE5B1CDA8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD63B894-EF0F-4366-AD30-E3D10CEC47CF}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7DC7C80F-479E-4A5D-B533-84BB7F534F92}] => (Allow) E:\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{2DED0EDA-53DC-4041-A2F3-11A071C2DA0B}] => (Allow) E:\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{A6ADC0A4-1FC5-4A5B-8B0B-79B0EE209186}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{844E7129-D21B-40E7-8079-E7F089B2FC6A}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69A7A5FB-85C0-4EB3-9C8F-0CBB963D2A6C}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{469CFC64-F6E7-4574-8D1E-0BD0B849F5A0}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe


#14 CFGCM

CFGCM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 March 2017 - 11:30 AM

==================== Restore Points =========================
 
14-03-2017 16:49:16 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2017 03:41:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 03:40:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/15/2017 03:40:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/15/2017 03:26:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/15/2017 03:26:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/15/2017 03:25:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (03/15/2017 07:54:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-CFGCM)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/14/2017 11:06:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/14/2017 11:04:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/14/2017 11:04:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (03/15/2017 03:39:26 PM) (Source: blueyetipro) (EventID: 3) (User: )
Description: Unsupported bInterval on feedback endpoint (max 4)
 
Error: (03/15/2017 03:38:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (03/15/2017 03:38:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/15/2017 03:38:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/15/2017 03:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Qualcomm Atheros Killer Service V2 service terminated unexpectedly. It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-03-03 18:41:50.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-03-03 18:41:38.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:19:01.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:18:54.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-21 20:18:51.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-07 14:16:31.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-06 20:35:46.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 20:35:45.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 20:35:42.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-06 19:27:16.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8135.95 MB
Available physical RAM: 4822.98 MB
Total Virtual: 9415.95 MB
Available Virtual: 5720.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.69 GB) (Free:61.92 GB) NTFS
Drive d: (General) (Fixed) (Total:931.51 GB) (Free:911.81 GB) NTFS
Drive e: (Game Storage) (Fixed) (Total:1863.01 GB) (Free:732.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: DDF7ACBD)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 112E03A8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9883B529)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
"
 
Thanks for the hard work
Colya,


#15 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:35 AM

Posted 15 March 2017 - 12:25 PM

Thanks for the logs.

 

How is the PC now?

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users