Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Smart Service Trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 MolboCheeze

MolboCheeze

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 27 April 2017 - 06:29 PM

Accidentally ran into this bugger when I was downloading some software. It pops up with "the respected resource is in use" whenever I try to run a .exe program. I have tried malwarebytes' chameleon and tried to use mbar while on safemode and once the computer restarted after isolating the files nothing happened and the trojan was still running wild.

 

 

Here are my Farbar results. 

Thanks for Any help!

_________________________________________________________________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Ryan (administrator) on CHUCKNORRIS2 (27-04-2017 19:19:00)
Running from E:\
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8781568 2015-11-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454656 2016-01-21] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2016-01-21] (Saitek)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2b31f189-4d15-49fd-89e1-6d3f119cea96}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4439edbd-95e2-4871-a645-0975c40862c4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{4be17f97-4153-4916-adfe-3fcee4ffb1f6}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{bad84544-791b-4574-bc6a-9f511ffb1274}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> {55DDF4D7-F502-458E-89C7-DEF9ABB16CC2} URL = 
SearchScopes: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-10-08] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-10-08] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: cltzas9g.default
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cltzas9g.default [2017-04-24]
FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cltzas9g.default\user.js [2016-07-13]
FF NewTab: Mozilla\Firefox\Profiles\cltzas9g.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cltzas9g.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cltzas9g.default -> Yahoo! Powered
FF Keyword.URL: Mozilla\Firefox\Profiles\cltzas9g.default -> user_pref("keyword.URL", true);
FF Extension: (Fast search) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cltzas9g.default\Extensions\amcontextmenu@loucypher [2017-04-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-2188781663-3024592286-4055510666-1001: @my.com/Games -> C:\Users\Ryan\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-10] (My.com, Inc)
FF Plugin HKU\S-1-5-21-2188781663-3024592286-4055510666-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2188781663-3024592286-4055510666-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2188781663-3024592286-4055510666-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-23] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-27]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tampermonkey) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-09]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2017-02-08]
CHR Extension: (Gyazo) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14]
CHR Extension: (Prepd Article Catcher) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbbdnbmnajohepbahjbnkopgeflgmpok [2016-08-13]
CHR Extension: (SpaceX - Elon Musk) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklckhmncejbimgkcngocfcakmhfhbib [2017-02-08]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-15]
CHR Extension: (DubX) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oceofndagjnpebjmknefoelcpcnpcedm [2016-09-08]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-07-27]
CHR Extension: (Shortcuts for ) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-07-27]
CHR HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-27 18:53 - 2017-04-27 18:53 - 00000660 _____ C:\Users\Ryan\Desktop\iExplore - Shortcut.lnk
2017-04-27 18:47 - 2017-04-27 18:47 - 00000000 _____ C:\Users\Ryan\Downloads\Unconfirmed 441048.crdownload
2017-04-27 17:35 - 2017-04-27 15:16 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.09.3.1001.exe
2017-04-27 16:33 - 2017-04-27 19:15 - 3690995712 _____ C:\avenger.txt
2017-04-27 16:33 - 2017-04-27 16:33 - 00000000 ____D C:\Avenger
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-27 19:18 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
 
==================== Files in the root of some directories =======
 
2015-03-15 17:57 - 2015-03-15 17:57 - 0000093 _____ () C:\Users\Ryan\AppData\Roaming\ARCompanion.log
2014-04-03 18:10 - 2014-07-26 14:43 - 0000306 _____ () C:\Users\Ryan\AppData\Roaming\BreakingPoint_Login.ini
2016-07-13 05:50 - 2016-07-14 00:50 - 0000071 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG
2015-10-08 02:28 - 2015-10-08 02:28 - 0003584 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-31 22:41 - 2014-01-31 22:53 - 0002763 _____ () C:\ProgramData\connector.swf
2016-09-26 01:05 - 2016-09-26 01:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-12 01:44 - 2013-12-12 01:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-12 01:41 - 2013-12-12 01:41 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-12 01:42 - 2013-12-12 01:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-12-12 01:41 - 2013-12-12 01:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-12-12 01:43 - 2013-12-12 01:44 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Files to move or delete:
====================
C:\Windows\Tasks\{4807B219-899F-EE19-9D0A-448806FF6C90}.job
 
 
Some files in TEMP:
====================
2017-04-24 18:15 - 2017-04-24 18:15 - 29130696 _____ (AppTrailers) C:\Users\Ryan\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-04-24 18:14 - 2017-04-24 18:14 - 1242624 _____ () C:\Users\Ryan\AppData\Local\Temp\CodecFixDivx.exe
2017-04-24 18:15 - 2017-04-24 18:15 - 1213480 _____ () C:\Users\Ryan\AppData\Local\Temp\component.exe
2017-04-24 18:25 - 2017-04-24 18:25 - 0763904 _____ () C:\Users\Ryan\AppData\Local\Temp\DMDD__11426_il6.exe
2017-04-24 18:14 - 2017-04-24 18:14 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Ryan\AppData\Local\Temp\fox.exe
2017-04-24 18:16 - 2017-04-24 18:16 - 0000000 _____ () C:\Users\Ryan\AppData\Local\Temp\hcp5estw.dll
2016-10-21 10:54 - 2016-10-21 10:54 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-20 11:54 - 2017-01-20 11:54 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-24 18:14 - 2017-04-24 18:14 - 0016384 _____ (DoxX) C:\Users\Ryan\AppData\Local\Temp\kube.exe
2017-04-24 19:43 - 2017-04-24 19:45 - 18309328 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Local\Temp\MediaCreationTool.exe
2017-04-04 17:36 - 2017-04-04 17:36 - 6441176 _____ (Black Tree Gaming                                           ) C:\Users\Ryan\AppData\Local\Temp\Nexus Mod Manager-0.63.13.exe
2017-04-24 18:15 - 2017-04-24 18:15 - 0765355 _____ (                                                            ) C:\Users\Ryan\AppData\Local\Temp\Setup (1).exe
2017-04-24 18:15 - 2017-04-24 18:15 - 0488448 _____ () C:\Users\Ryan\AppData\Local\Temp\setup.exe
2016-11-29 10:55 - 2016-11-29 10:56 - 43886552 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-27 17:30
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Ryan (27-04-2017 19:21:21)
Running from E:\
Windows 10 Home Version 1607 (X64) (2016-09-26 05:50:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2188781663-3024592286-4055510666-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2188781663-3024592286-4055510666-503 - Limited - Disabled)
Guest (S-1-5-21-2188781663-3024592286-4055510666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2188781663-3024592286-4055510666-1004 - Limited - Enabled)
Ryan (S-1-5-21-2188781663-3024592286-4055510666-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.48 - Broadcom Corporation)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 1.2.8 - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0322FEF2-DA77-43EF-93F8-8027A0293BFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Ryan.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2188781663-3024592286-4055510666-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2188781663-3024592286-4055510666-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ryan.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\{4807B219-899F-EE19-9D0A-448806FF6C90}.job => C:\Users\Ryan\AppData\Local\{4FDD7~1\UNINST~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Ryan:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2017-04-24 18:15 - 00000918 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 clients2.google.com 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\Pictures\4520929325_4fffac0f09_o (1).jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Alienware Survey"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "dnsshield"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "EverioService"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\StartupApproved\StartupFolder: => "GameRanger.lnk"
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2188781663-3024592286-4055510666-1001\...\StartupApproved\Run: => "Clownfish"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2C3DA372-54D2-40B0-BFAD-E6E5ED36930C}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{59BE3F50-5194-4D5B-8CB4-623AE296CFEF}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{136B430D-CD60-4F35-B69C-FCC864672CFE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{4600ADA5-D9F7-4080-AEFD-A7EDE6BC0640}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{D747F17B-7A0B-43D9-BE48-611E49937BE1}] => (Allow) C:\Program Files (x86)\Stra Software\Tacview\Tacview64.exe
FirewallRules: [{42E727F5-5DB2-498A-9724-EC8977C9ABE7}] => (Allow) C:\Program Files (x86)\Stra Software\Tacview\Tacview64.exe
FirewallRules: [{97D8BA77-027A-4850-B9C7-5DDE5DCDB498}] => (Block) D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{44EAA1EA-14E0-449A-AE05-6C25D916B480}] => (Block) D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{42EC4C20-851B-4D43-9EAC-4AC7E1557A8F}D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [TCP Query User{6AD47ADF-0BE2-44F6-9C5E-FC0750010DD7}D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) D:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{98AC0D4F-E5A3-4B5A-90CC-03D0ED47BF16}] => (Block) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{05C115F4-B8DB-420E-9215-243FF70D8233}] => (Block) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{9E3B6E8C-DF06-4047-AF04-76E1C3766D59}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{D2F2C839-0ABE-49D0-92DB-A1DE0CF13DFF}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{2662DF4E-FFD2-4693-8268-86C6EB7B30BB}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{3AADD40B-AADA-45A7-9F14-B523EDEE7482}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{ACDB5643-8330-4009-9C34-5CE79528110B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{25A0CDAC-7036-4FE8-AC6B-4A45C248E0A3}] => (Allow) D:\SteamLibrary\steamapps\common\Portal\hl2.exe
FirewallRules: [{2D48B5C6-D135-44C0-8444-982BCF74C276}] => (Allow) D:\SteamLibrary\steamapps\common\Portal\hl2.exe
FirewallRules: [{5B8C15BE-C544-4D11-B3F3-F6E6CF2D7630}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{FC14568D-24C7-474E-BA03-3B7A6D308461}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{B5A3E8B0-7C59-4A50-A857-B25EB0D1A443}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{DDA73F6C-D72E-4C4C-980A-29895FCA5BE8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{A40D1A65-5784-4EB8-9FFB-2E52EF86F080}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F6E50AD-DACE-4D35-AEC0-60C0E8FFE1C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7812E952-FF45-45D9-B422-7614565A385C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B04B4EC0-F781-49A3-B44D-8166208FB786}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B78F913-EA5C-4E51-A93D-BD58570F9F03}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C0C0181-4D47-46F2-89D1-EB8DE2200FC2}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB2C81C8-9B8D-490C-B292-21C7ECB64BDA}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26970327-6972-406B-A806-68ABFD22CB0F}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F5D8091-E5FF-40B8-B640-131384D02F85}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACB035D4-C7AD-404C-9331-D75D4F820266}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C73EB0EB-E1A1-4E91-B8F3-37E34B353B19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [{EED0D9B6-437C-4D58-A243-A3F806A91F44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [{ED0BBC8F-F760-4113-A5E5-5452C9EB3C5E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{2CC0CA95-652A-468C-B851-DE34E91246FD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FEF005CB-74ED-4113-999D-C75FCB3DCB5F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B0521DCF-9196-4188-B01C-C5011B631102}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8DAA01ED-564E-4EA9-9406-1160BD04CCBD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{63A38824-1642-43C8-8506-6F76B47BA00D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A1DB1974-F436-4FA1-8C88-CAE35AB2E23C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{5B9BCB7F-8B08-42B8-89DD-736D0347F8EC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{821FA16A-365D-4984-9A23-258ED1F17E7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{36E15BF2-0813-4481-B199-230C1B134C44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{D46AB9DE-8DF4-4A69-AE4A-92F881DDE0CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{EC8F56D3-65AC-4EDD-978F-9C2726D2DE4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RollerCoaster Tycoon Deluxe\RCT.EXE
FirewallRules: [{B9FDEE3F-BDBC-44BE-9D1A-F255532594F8}] => (Block) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{51DBFC71-FB7C-4AB2-910B-F1229CAEDD8E}] => (Block) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{FFD2A822-27E6-410A-8C6F-4BBB32B142EE}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{F15FC6ED-DE6C-481C-BACB-5984FA4CE65A}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{3DD90058-4800-4A95-8F69-4C96480CDC1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
FirewallRules: [{1EE84CBB-E5B6-4937-B22D-DA327EC83F9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Squad\squad_launcher.exe
FirewallRules: [{A4A9D4BC-CA7F-4D88-BAAE-DAA5D3E1AC0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{7CEC36D7-957C-4709-91F7-AE09823B2C5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{994146C4-AEA7-4187-AB32-F58FC692B3BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{26D4E5BD-54E9-4D37-A04D-EEAC55817862}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{83D6D3D3-1649-4F32-8F34-97EE28F7F6D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{C5AF7D7C-BDC8-4E2E-A89F-DEDB91276D53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{81A2C9EF-F3B1-496C-9FC2-5FC287A05DFD}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EA9AB5DF-3D17-4497-8144-E760C6E21AEB}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{82DB93D2-4433-4418-973D-68D0D3138A85}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{84DC6DAC-F6B6-4041-AF93-EF7752629726}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0F914AFC-5F91-41A8-A492-CC2A82FE9648}] => (Block) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{0E5868FC-4D9F-4F43-8E26-016E825C4846}] => (Block) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{403B41B5-6EEE-47B7-B34D-22CA2DAE49BC}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [TCP Query User{02575917-1CE0-46BB-8C87-D926C26B5935}C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{65033F80-0CDD-4E45-8210-2809386541CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Squad\Squad.exe
FirewallRules: [{2BF465B0-694C-468F-ACAE-BAD3634D691C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Squad\Squad.exe
FirewallRules: [{8F1E3E4F-ACED-42E2-920C-D7A65FAF612D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{6917BAFD-3114-40E0-B3A9-B7F09E395185}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [UDP Query User{008A5DCA-8253-43DB-9E93-54F2D63E7367}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{80DBD45D-1142-41D0-9E7E-03118A1A8812}C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) C:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{7C9A23E7-EC25-4ED2-ACB4-57B5770ECFB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{7CD60631-E020-4ADB-A126-D9C50AF949AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{69A76302-AAD3-452A-8C8A-5D4AD1BA7BAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DCSWorld\Run.exe
FirewallRules: [{E1962C98-95B3-450B-B011-142AA61C27A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DCSWorld\Run.exe
FirewallRules: [{3E113CC6-52EE-41D4-9B51-5D5F6EB9958F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{E0A1E4A4-018F-4283-8AC3-4CD021DE3E09}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{3C5F070E-E82F-4E21-92C9-FAB970F57D48}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{B14EDA5E-2816-4B99-A20A-2366E69BFDFC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9B754774-7699-4E23-96EC-396DB42AA321}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{D203A540-F293-406B-9BDB-32CB959558E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{8B77E029-E363-4BCC-A749-2280715B29B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{BC39A189-EDA5-4E19-B11F-15C370B13C37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{3BA1B59A-7E13-4D0C-8160-109896355718}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{24C20B11-A425-45C0-AE18-6CEC62D3C3ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{84ACF2B5-2511-4176-B2F0-16250716D622}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{751F2B45-7FAD-4DCF-AFDD-385A41709EE4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{378B38CF-9163-47C8-B75A-0360E227F66E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{2AE35BF7-6922-40F5-B642-F5EC11727C8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{270988A1-910E-4F6A-A533-5E1604AF5573}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{E8E33255-9E74-432E-A015-6B44A9FF0E65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{FB702917-8276-4833-AE48-52DF1540853A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{54064F30-175C-41B0-9FFB-5F9C4B6F701E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [UDP Query User{9C5D5C19-7FC1-494F-BE35-D565065DFEDE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{E56E3E21-30C0-41B3-92A1-9FD76AEA3204}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{92A236C9-C8D5-47E3-AEB7-E076ED7153B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{2FA60FAE-5B1A-4A8E-9EF2-299D017ABA51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{49E6724F-24E4-4127-AA9C-99C6E548AEFA}] => (Block) C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{3E6AB93D-AD39-47C1-9F45-87A0E2B85289}] => (Block) C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{284ECCF9-AE53-48D3-B066-B701BCA9083F}C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{5D256768-AF96-4414-86A3-85DB87AAB8B4}C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ryan\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{AC533F28-4B3E-472D-84AA-344DDA4EF63E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{501C4C9E-3E55-45A6-A0A7-643FF3AA5F41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{0AFB5A03-292F-4D34-8E19-A7D456BA83B7}] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{B583A44E-0EEF-45D4-93BE-65A60F202BDF}] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{AF355EDD-8AF5-4FCA-83D2-2E7B53C23A8C}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{A15A3834-EDD6-44D8-8C3B-3BDA899FFA5A}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{1AD73C5F-7CAB-41CE-8BD5-0B26A19A53C4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A81EA8FE-4CF3-42C2-970A-57867A0B3CB8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A4B7B072-B8B6-493E-9769-B391C38FF37B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{A2C58735-D02C-4D38-8CC7-528A2380A5B3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{96575E3D-30C5-4E03-8BA8-11D26D31C371}] => (Block) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [{E407CD7A-5F26-41E1-B9B9-75383D583AEF}] => (Block) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [UDP Query User{8AD151A7-C0E7-4840-85E0-6B0C58A5ECB7}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [TCP Query User{374FDDDF-C2B5-4633-996B-73883E2488A0}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [{436606B5-B6BB-4C92-BA28-F9D37A10A96D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5B816E4-E9C0-4962-8172-D0C23A3524A3}] => (Block) C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{01CFA7C6-4C2F-47C6-ABAD-BCD10CBD816D}] => (Block) C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{61242754-5CC3-4686-BF19-F4C3DE68B5A9}C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{6E00C891-A021-4784-87F5-1F25ED89CDEC}C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\users\ryan\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{E472420A-9450-4E86-901C-1537E6BB8C83}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
FirewallRules: [{59BA0F40-32AA-4E5C-9FF4-345D087D3924}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FSX\fsx.exe
FirewallRules: [{FF7BC719-903D-4282-9AD9-E93C2304B063}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{685968EA-0833-4E60-BE93-A216A1F097B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{B87AE9AD-22AB-4779-B599-428F340E4920}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{6CA1FDF4-D99D-4985-9A03-026AD2BFE078}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{44F4A6B0-A0FF-404E-A4CB-0D967EDD2680}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{DC6C4345-C725-4636-82D3-45D8DFE9AC37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{19A9D15B-1C2A-4854-89CB-804CB770E285}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8FF0A42-F449-4482-911B-3F9F0DF1DABB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB382EF4-1EE0-47D7-9784-D1FD3EAC4F6B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{33D093B9-D657-42D7-85E6-2099604D3F2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{0BADC7B2-C7AF-4918-810A-8FD07B314182}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{F4D98D8A-F21E-49C5-A9CC-43B8DCB6E167}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{45F3CC36-A4CD-4A26-AFA2-DCA6DC2D6E61}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{D94CDD3F-7AE4-4037-BA09-A6CBE91F7749}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A6DAF42D-E0AF-4D13-AAB0-6C0E78950591}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{F37C2FFF-AB32-42F9-9263-40D5F6E70DA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{2088DCA0-F0DB-4394-BC9C-3E87331E1A85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{E2AFB088-0C84-4197-AB85-746223359A06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{464735FC-F4E3-4500-9FBE-55AA034DFA77}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ACAAEB6B-575A-4035-A344-F8924D65E175}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DF261FDA-D019-4446-9B51-1F0BDBA289B7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{54F88759-EE9B-46D1-A7CF-44BF8DBB77B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{81E9D573-33E5-4A16-A8F0-E02A2692CE66}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{001B73D9-833B-40B6-8C82-7DDE9E429CE6}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe
FirewallRules: [{EC74D8D0-DE2A-45B3-B3FA-6C692677C1D9}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{11026F65-E03B-407D-B4F0-7EC733566AA1}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [TCP Query User{056D7370-54E4-4AB6-8FF5-0BE51E4539A3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{ECB615E1-6D38-4E0B-8562-4B379FEE57B0}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{AE645C4B-A464-4B41-AEE1-784817EE2A1C}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{2D71B1CF-C1B1-463C-AF69-E199215B90CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{FDBCE0E8-1A98-4870-8D47-5B49164F723F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{05A76EE5-8FDF-4BA5-AC89-632B660A1E4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{581883C5-9AD7-4959-9B4A-1247046B602C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{B6F7CB1D-5B43-4CAD-9F98-23960AEADA09}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe
FirewallRules: [{A1E80BB4-199B-4353-9C70-353DA7BB1A55}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe
FirewallRules: [{531D03CB-EE6F-4366-8278-1699F2B1F9FD}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe
FirewallRules: [{AADA4701-3433-4088-BFB2-67C561CB1D6A}] => (Allow) C:\Program Files (x86)\Origin\Origin.exe
FirewallRules: [{6F37FEA4-B58F-4C82-AA6C-10F5CE720387}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{8B3294FF-A2BD-4983-B280-39C81CC0479A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{FE2740E7-D418-4AB6-923E-A8F8AA5E2586}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{8B361FE7-6101-49D0-97F2-11D7D053509F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{5E66996E-FE88-4813-8EBD-ECCD089D8D68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{88F69BEA-5FC0-4671-AD4E-4184AEAADFB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{C205AE77-B158-4300-B8D4-A8E10027CC5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C216AA9-3B8F-433E-AA69-8424ECB2047B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25D18E62-45CC-4FC3-AF94-BAA9C0C3B651}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28AF0BC8-08D9-49FA-8150-86ED35E417F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{212358C0-0AC0-478B-81DD-9CD7CB3F4E8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{57B6493C-618C-4006-A8F0-A71A92A77BE0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{DE7154C5-04D5-4F9A-88AA-A19E519CD74A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{06594E31-6217-4F72-8654-18E1240B2397}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{B0D6C213-B5CE-4651-9FC1-8E53E2C6351A}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{AB9DC89D-8E4D-4916-A1BD-120FB7AD0CC0}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{D3218347-8D43-4EA9-8B1C-0018EE4AF543}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{9212D834-FC17-4972-8A04-3887B2D0AFAC}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{2E2C4A46-C73B-48E9-9DDD-670A65AFB300}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{0D6006DC-3B50-4728-B115-D25CE0F5BA0D}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{B598A113-642D-445B-8348-9D5B8CE2ADAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{D1F34136-2B51-43AE-996D-3CDDD2FFB2CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{97FF3634-10A9-44F0-A61E-C16862AF9F7D}C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe] => (Allow) C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe
FirewallRules: [UDP Query User{05245547-B74C-42F2-BD4B-41F9A6B478D7}C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe] => (Allow) C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe
FirewallRules: [{07E37D1E-F492-4C57-96A3-2B07C18EE611}] => (Block) C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe
FirewallRules: [{D2FC14D2-56D1-4A46-AF6F-841D38696E41}] => (Block) C:\users\ryan\appdata\local\microsoft\windows\temporary internet files\content.ie5\0kiz8zyv\withsix-play.exe
FirewallRules: [{4B205BC2-CABF-4FD1-9619-EBA5D56438E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{3D9083CB-590F-4864-8A26-BD50841BA4AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{D4FCAB78-FEF9-4754-A014-D1550DADA809}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A81FDE3F-942C-4AAC-BAD1-DFCD32F09EB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{27552EE1-7929-4B65-92B5-77C2D997D14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{772AB85F-2171-42D5-BF4C-49244753D957}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0FB35950-F934-402B-B500-B13A5C7412C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{31F5FE5C-2354-4CB5-820C-65416EA31123}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ED3DE3DF-0CAD-453E-8748-35B62A640271}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{2E76BCD1-719B-4602-830E-38C0FE8C6090}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{F1B90442-B6A5-4960-8FFC-29F47030A865}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{B316CF5D-DAAA-46BC-AEF2-7B12A6879F64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{11E7E481-10D4-4A1E-8A83-5F52E4F3349E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{961455B7-943B-4AF3-A259-0DE74CF72F35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{95E3D3B0-A887-4132-BBBB-D3D72205843E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2DAAFF00-7CD9-4CA3-AA57-EABF2B93F259}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{10E28520-C1C5-4512-B272-C95AD7AEEC40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\TacticsLauncher.exe
FirewallRules: [{4C38DE5F-D424-4659-B572-7B049A6614FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\TacticsLauncher.exe
FirewallRules: [{9B016249-56CC-4A52-85F7-60E989A01413}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{3B5D4C78-822F-4217-A620-4B308E257948}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{102BC9DF-D294-4963-A886-D8EF3534ED17}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector Express\PDX.EXE
FirewallRules: [TCP Query User{73244B31-A587-470A-A317-EF15A0680AE1}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{023A4AF7-23BE-4236-8587-250708146CFC}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{60485349-2E62-4305-B8C6-125F70E2DA75}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{AC0F1965-2C12-4213-920B-F43A95007D82}] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{FF24DD09-46AE-4BA3-B8DC-AB12E9B23C61}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{DE67BE77-9C17-4AF6-A042-A33D54137A23}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{9B2EA69C-13AF-406A-A51C-EE29454CC034}] => (Block) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{3D21D5F4-CF47-4BE3-873B-701F36674DE0}] => (Block) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{8CC9D05A-8076-49D2-9F99-238F426F93D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2798240A-3F0C-48A0-9444-8BF1AE31BE62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{56B1122C-CACF-4249-BAE4-F18ADA11B5D3}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{375EBD7D-F901-4E22-80B4-A492DD9F68B1}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{EEA25B3A-A5C0-462E-8AF2-46B722EF0EDA}] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{C7E5BA7A-2827-4668-B6BB-03E5645D08B8}] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{89C71069-EA22-4FAE-8CB6-2D5892DED68A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{1F78DB4A-422D-4952-8228-DA9144BEF150}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{D7068F19-FF70-4475-B184-DFF43E712726}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{6B4BBFE8-FA51-49E9-98DE-AB338FC753E9}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{29BE4FDB-F2DF-4B09-AE99-2D06A6CCD181}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{990F126E-BC7E-4F42-9D69-E93FB5CBECA1}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{F20D254F-A251-4D33-BCE2-A3D18CD968F7}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A305B974-9034-4517-9A24-87644F37E49E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BBDF17D9-16AB-4032-8DF8-4E2FBFAF8A79}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{DF6E69E4-61A5-4112-842B-6502E8540407}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BD34F2B0-2105-4FD1-92E6-1B7F8D7E1DE3}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{2967AACD-F23A-4214-A43F-0F651901394C}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{CA143B44-3D37-4105-9CFA-C9CC9359F8FF}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{B9205372-6FF9-42EE-B4EB-A6629C4A0432}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{C9D9793F-8B84-47EA-9E95-3ADD6F3E6C02}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{1AD96CD3-91B5-446B-A42F-B4A2B50C2879}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{FA0EC666-5561-4E50-B953-A9C2E5A64568}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{7899CE38-B9A3-474F-B801-D47267EE027C}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [TCP Query User{456A7B1A-71A7-47C0-B900-763945B6D352}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{C57C75EE-AAFF-4F15-852E-DCE5D2188A46}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{84D3761A-95C3-4BCE-830E-BDD7082BF2B9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A7898BCF-9B7F-4A89-AD1A-E45E7D384781}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{9CAECB47-BCD1-435B-A50D-139FA989DEB8}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [UDP Query User{E8356EC9-7459-4F75-9102-63E692897370}C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe
FirewallRules: [{0B321DA6-5BB0-4D4F-9E95-F9573B1C6C85}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{B6CBACA7-4031-4DD6-A3CC-C6E06340DF61}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{7CD30A78-646D-4FCB-800C-A4FA08DF5C8A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{132F1996-6882-474C-9F66-04A08A9A0A14}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{5E64E54B-683A-4327-B910-09831C6C9C15}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{33F20447-C869-4E31-B64F-21A731C13647}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{C5231E38-676C-41A5-9659-2CBD4F6784D2}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{E318A71C-1934-43C4-8762-937800E8616D}D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{3D366735-F3D8-45F5-BF73-70D9C5D39D5C}] => (Allow) D:\SteamLibrary\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{FE36EBA1-D516-4E3F-97BF-A3A5EB74E9A3}] => (Allow) D:\SteamLibrary\steamapps\common\Fishing Planet\FishingPlanet.exe
FirewallRules: [{F9A8B319-A353-459A-BAC2-3E116B364696}] => (Allow) D:\SteamLibrary\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{F077E299-F8F0-4169-9F75-2094CEB51369}] => (Allow) D:\SteamLibrary\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{FB603980-232C-4127-999F-5CF4061A676C}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{80100A1A-5C6B-46A8-A025-F4F37D6A5FCF}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{88CD8B02-B45E-491C-A77E-B890505AB3EF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{48456994-48B0-47F6-9FCC-FFC635014171}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{FCB24122-D3B1-47C8-8D95-94A083164ED2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{C359D835-EC0B-46CF-9A1C-2C9F90881D1B}] => (Allow) D:\SteamLibrary\steamapps\common\Wildlands\GRW.exe
FirewallRules: [{A12E2B28-2F64-4B7A-9D40-795EF6A6274A}] => (Allow) D:\SteamLibrary\steamapps\common\Wildlands\GRW.exe
FirewallRules: [TCP Query User{D724AF4B-3D9B-49B2-A964-57AA87B728E8}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{26C3D9DC-9C35-4793-9D1F-40C9B9B5AE16}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{0F8892A3-57E8-4C20-808F-B70B9DAC548E}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{636381B2-7C69-4F90-834B-0FA7591C9990}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B5FCD578-A30F-450A-952F-ABF17B576EF3}] => (Allow) D:\Battflield 1\Battlefield 1\bf1Trial.exe
FirewallRules: [{FF37AEC6-B0DC-4449-883F-2AE633876520}] => (Allow) D:\Battflield 1\Battlefield 1\bf1Trial.exe
FirewallRules: [{9B03C11A-5524-4D1F-9C96-7AA5B72D5A78}] => (Allow) D:\Battflield 1\Battlefield 1\bf1.exe
FirewallRules: [{EB9C8985-536A-49AE-AEA7-49BD0615D2B3}] => (Allow) D:\Battflield 1\Battlefield 1\bf1.exe
FirewallRules: [{490DB56E-0D56-45E1-B26B-D195C3AE67D8}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D10BAB1A-E591-417D-A49D-B8A16CF1D710}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{AF57F82B-83A4-4F42-8232-B41F4CD599C3}] => (Allow) D:\SteamLibrary\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{4127163E-5093-4767-8805-E4853E8C4323}] => (Allow) D:\SteamLibrary\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{2EB2588F-5320-45F5-9CD2-9B14826C2791}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F91053F4-71A3-4D89-B077-19C3004ABD21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1A4B3EDC-183A-4150-AEFD-82A066281301}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FC6C2A7F-4C8F-44E3-B20D-8DE1449CB94B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{808D0F62-2EBE-4349-94CB-D4A879D9DC96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{CA69AB62-E8E4-42F0-86CC-617FDF7375F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{42AF51E3-5656-4BE7-8AD8-E6D52F3736C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{17AC8C7E-81FD-4304-B6DA-E5ED07AD77D2}] => (Allow) D:\SteamLibrary\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{4E8A3C39-3399-49A6-A128-EB84360325DD}] => (Allow) D:\SteamLibrary\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{C0883197-5E7A-4ADC-8B76-A612A9B6E488}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{231F8ADC-71F3-431B-AE84-6E0F33E092FC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
 
==================== Restore Points =========================
 
22-04-2017 06:37:52 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2017 07:19:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHUCKNORRIS2)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 07:14:52 PM) (Source: MsiInstaller) (EventID: 11711) (User: CHUCKNORRIS2)
Description: Product: Red Dead Redemption -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (04/27/2017 07:14:51 PM) (Source: MsiInstaller) (EventID: 11711) (User: CHUCKNORRIS2)
Description: Product: Red Dead Redemption -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.
 
Error: (04/27/2017 07:14:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed Red Dead Redemption; Error = 0x80070070).
 
Error: (04/27/2017 07:14:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/27/2017 07:14:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHUCKNORRIS2)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 07:11:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHUCKNORRIS2)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 07:11:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHUCKNORRIS2)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 07:07:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHUCKNORRIS2)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 07:06:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed AwesomiumSetup.; Error = 0x80070070).
 
 
System errors:
=============
Error: (04/27/2017 07:03:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/27/2017 07:03:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SuperRAIDSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/27/2017 05:49:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Extreme Tuning Utility Service service hung on starting.
 
Error: (04/27/2017 05:46:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/27/2017 05:46:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect.
 
Error: (04/27/2017 05:46:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Storage Service service hung on starting.
 
Error: (04/27/2017 05:39:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2017 05:39:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/27/2017 05:39:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (04/27/2017 05:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASUSSwitchUSB service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-14 07:58:08.487
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16332.68 MB
Available physical RAM: 12903.56 MB
Total Virtual: 20940.68 MB
Available Virtual: 16175.64 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.84 GB) (Free:0 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:50.72 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:0.12 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EEE35F0E)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 1A0F7ADB)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 27 April 2017 - 08:17 PM

Hi MolboCheeze :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 May 2017 - 12:10 AM

Hi MolboCheeze,

Are you still with me?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 08 May 2017 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users