Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Rootkit, and ndistpr64.sys


  • This topic is locked This topic is locked
12 replies to this topic

#1 Felix_Nix

Felix_Nix

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 29 April 2017 - 12:01 AM

I have an issue with crashing and multiple popups per hour being opened. I'm trying to keep my computer off to have to avoid a complete system restore, so I will be answering all future posts with my phone unless otherwise directed. I got a clue a few days ago when I downloaded a suspicious file that said it was something else. cant remember the download site, as I was searching for the program on google. Once downloaded, I saw the installer looked nothing like it had when I downloaded the program previously. I attempted to close the installer, but couldn't do so fast enough. It dropped several "Play this game" icons on my desktop, which I got rid of, than I set about removing the programs it had automatically installed. Just thinking it harmless, and a company trying to get bloatware on my computer, I continued with business as usual. I Was playing a game, and heard music other than the games soundtrack, minimizing to find about 10-20 popup windows on both Microsoft edge, which I don't use, and the same amount on Firefox, as well as my homepage on Firefox being changed. I attempted to install Malarebytes immediately, but it didn't let me, saying the element was already in use, even in safe mode. Also attempted to get a rootkit remover, as I had seen on self help sites elsewhere, but again, it didn't let me install. I was attempting to get help elsewhere, but this site had a program that worked to get a log, so I'm going to stick with this one. I have had one blue screen crash that told me the reason for the crash was DRIVER_IRQL_NOT_OR_LESS_EQUAL, and the file was ndistpr64.sys, looked it up, and decided to not go this one alone. Please help!
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Audiosurf (HKLM\...\Steam App 12900) (Version:  - Dylan Fitterer)
Catalyst Control Center Next Localization BR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DarkCrusade (HKLM-x32\...\{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}) (Version: 1.20 - THQ)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
DragonBoost (HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
EVE Online (HKLM\...\Steam App 8500) (Version:  - CCP)
Fallout 3 - Game of the Year Edition (HKLM\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version:  - Paradox Development Studio)
Infinity (HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\Infinity) (Version: 2.3.4 - Daring Development Inc.)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Microsoft OneDrive (HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
Project Highrise - Las Vegas (HKLM-x32\...\2116077629_is1) (Version: 1.5.0.1.[50065894658122674] - GOG.com)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.13.0.17 - GOG.com)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
RESIDENT EVIL 7 biohazard / BIOHAZARD 7 resident evil (HKLM\...\Steam App 418370) (Version:  - CAPCOM Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris version 1.0.0 (HKLM-x32\...\Stellaris_is1) (Version: 1.0.0 - RezMar)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
This War of Mine: The Little Ones (HKLM-x32\...\This War of Mine: The Little Ones_is1) (Version:  - )
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version:  - )
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Warhammer 40,000: Dawn Of War - Platinum Edition (HKLM-x32\...\{8F99E711-CE74-4718-BE04-19D1A53A735C}) (Version: 1.51 - THQ)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11D1A476-7718-4731-991B-38BA01460982} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)
Task: {578BC532-8489-4710-9DF2-DE9AD465C7B5} - System32\Tasks\MPLClient => C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
Task: {5AC5EB14-38EB-426A-B81E-E73A80C53A15} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Eric Adkins\Desktop\Other Applications\Мozilla Firеfоx.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Eric Adkins\Desktop\Games\Fаllout New Vegаs Ultimatе Еditiоn.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.rehcnualvntuollaf.bat ()
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorer.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firefox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firеfox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-12 19:51 - 2017-03-28 02:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Eric Adkins\AppData\Local\ntuserlitelist\dataup\dataup.exe
2016-09-24 19:20 - 2016-09-24 19:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-04-12 19:51 - 2017-03-28 02:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-30 19:54 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:29 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2017-03-14 19:29 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:29 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:29 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 19:51 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 19:51 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 19:51 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-14 19:29 - 2017-03-04 02:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 19:24 - 2017-04-26 19:24 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-28 02:29 - 2017-04-28 02:29 - 00844288 _____ () C:\Program Files\SX7Q2BNRC2\SX7Q2BNRC.exe
2017-04-05 12:13 - 2017-04-05 12:13 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-04-28 02:29 - 2017-04-28 02:29 - 00844288 _____ () C:\Program Files\GDIAI7LX66\GDIAI7LX6.exe
2017-04-28 02:29 - 2017-04-28 02:29 - 00006144 _____ () C:\Users\Eric Adkins\AppData\Roaming\26963094\54126.exe
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\Eric Adkins\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-12-30 16:51 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-30 16:51 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-30 16:51 - 2017-04-25 19:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-30 16:51 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-30 16:51 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-30 16:51 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-30 16:51 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-30 16:51 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-30 16:51 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-30 16:51 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-30 16:51 - 2017-04-25 19:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-30 16:51 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-30 16:52 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-04-28 02:29 - 2017-04-28 02:30 - 00014336 _____ () C:\Users\Eric Adkins\AppData\Local\amling.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2017-04-28 02:28 - 00000918 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric Adkins\Pictures\Spiceandwolf Background.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F2FBC66F-258D-439A-90D5-4AF2DD01C5C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F46774C5-93C1-4539-96A2-AB98B5AC27A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2901D59A-3D52-4BC8-A93C-1587AA0B66A7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA717FE-7151-4EE7-B726-EDE6E8EF981D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1C86FF8B-AE29-49F6-815D-6C2D78E795E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E53CD0DB-4CD6-40BF-9487-8E339FCB7287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{11DB62C1-D30C-437C-83FD-7449DCB59D4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0FFB6F04-E8AE-4592-8277-3DD0E5C2BB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3A141B6F-3C37-4547-9F74-59BE6465A0C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{14F3D633-1759-4F96-8AAC-F804011AAC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4DE0F33D-EC35-479B-A6AE-B0713FF69CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A39494EA-68A7-40BF-8EFD-64711CCE45D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{447F25D5-6889-4B44-AF6B-E1319DF9D9F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{D2136099-F02E-47AC-A930-9913BC90E0ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{764D4842-C4C5-4E84-B9F4-479FBE5C48D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{DE4E9313-3205-44AE-904E-93D5EFF45FA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{A2D01FB9-B1DC-4148-A423-DDDFED63D35C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0DE0828-5250-4170-85E1-991AEF4A69C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E6A8E5D7-7031-4B5D-9E04-F2166E8F6A77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{2A4B8F27-4CA3-44E0-B66B-93464E0FDE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A635463C-114E-4EFC-9EE2-FF1E43E6FEAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{47C99FA5-08C0-42B1-A335-85FA48DB7863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6ECE5D09-ED93-4B98-8D03-C045029C96DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{1B5DB00E-C949-4603-89DE-B77D3B24FD0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{53D0FF39-A492-4569-9521-BD74FFC71EE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D7A82D35-6DCC-47D3-B893-4B17E82E14FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{6222F8E2-6AB0-40BD-9E35-EE214C440461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{BE7C250F-F717-4831-89A7-09125CDA2249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{F8C4442E-5DD1-4DF1-A3F4-E48DF707E3EA}C:\program files (x86)\thq\darkcrusade\darkcrusade.exe] => (Allow) C:\program files (x86)\thq\darkcrusade\darkcrusade.exe
FirewallRules: [UDP Query User{EB01E672-7FF8-44C9-BCFB-0EAF6171614A}C:\program files (x86)\thq\darkcrusade\darkcrusade.exe] => (Allow) C:\program files (x86)\thq\darkcrusade\darkcrusade.exe
FirewallRules: [TCP Query User{E09652A0-DCDC-403A-81B5-0767CD97FB4B}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [UDP Query User{D733C30F-1ED1-4B55-BB5A-32B420DC5545}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [{0E8180D1-A795-4D68-AA20-29C2B1D57EBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4E84352E-2FDF-433D-9E8A-50180473DD0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C1981A92-A4EE-4CD7-8C45-35EFB6F4B639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4CA0160-ECE4-4689-9C1D-17D8A4C98BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1BB7F8C-7287-4E43-91F1-8767ACB54D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C6327D2-E985-42BA-8C8E-EA036C18AC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{366AB8E1-14C9-4D9B-9DEB-272C5A4E245C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D28395B-0F6A-4868-AACB-35719BFC129D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5716A20C-B545-49F8-B074-09481381F91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FD4C34A6-3AAA-423B-87AD-01FB18C19A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F4CC3B60-68BB-4593-8448-D846ED4F1642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C1D37D3-502C-47B9-ACAE-EB353A54EE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3191199C-6574-4F73-853C-29005FB5901F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4199A184-840A-454B-9145-B4D93CB062BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A34E1763-0DE5-4192-B570-E724B90F5992}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F7D8754A-B87D-418C-BD3F-00D0EFCA3977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D8768048-5937-4038-935C-657AB458DE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10675FEB-774F-4B3A-8DD5-A7889B1C873D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31DF7D72-7467-4F74-9BA1-B9383BA10AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{564B7705-1928-4936-98F3-5E29B0B15027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{859CBBCA-17D1-4940-B5EF-634FEB8BBB21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD3919FE-09A1-45FA-A8F4-BD086A4AA0F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA755776-0FFD-4C6A-8A09-B7D622F137F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32ABD13C-C600-4CB9-BD17-88D004E5CF97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DDC16A6B-1161-42B2-80FD-2EB855944F54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E552A97-606B-4FE4-96AD-E6CF6522EFBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{655EAFF3-F689-442A-B3AB-14195495DC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A99B1F22-4A88-4D2D-952E-3ADEFDE60908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{308DFAB2-8957-42ED-AC15-E9E0075BB76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDF2A74C-05AF-4B4E-A912-F2C5CED1B10E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5E918CD-792D-4F4B-88D3-244549887C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60506E56-BAAF-4529-9CC2-E61AB91B1E2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A780AAEF-050D-41DB-ACD4-4B575B155360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81532CD5-A849-4BA2-8BF4-7C66D43FB213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D01EADD-2EBF-4D91-9179-95354944D70C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{799845A0-06DF-400B-AD69-1B6A129D88D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A8A4460-BAE6-44D2-A1D5-5CF1CEAE025F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EE70DB0-8604-4AFA-B5B7-8417BBD3F5BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8433BDAD-AE93-4F21-BB74-564342AD9995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6DB1B5B-51CD-4705-9D24-0904520F8FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84F78B0B-F2F4-4CF0-9478-1031110DF5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0859ABEB-7EB1-4D7B-B73F-8C3AD8F3BF11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E26915D-A95B-42F9-8515-B4F13842B172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E56169D9-82F4-42B3-B743-31E5367DA8E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A2FDFE2-95E6-4EDA-914A-3A6BBEFFE44E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CA400ADD-F68B-408D-8992-3035EB4465C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7D1EE4E-B058-452D-A372-07B97AD70CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B03486F8-EF84-4AB6-B516-4E44B3DEED9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3609679B-EA33-43EC-8A7E-1B95E5D53EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{DA26E5A4-58F7-4563-8AB1-3C26626D560E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{B246739E-0871-43C6-97A4-7D2B4000DB8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A3C93AC-E2E8-4DEA-ACE2-BF5540C42348}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFA1EF06-555D-4DA5-B6F9-3A96AF6F0508}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{F56B238A-5C9C-4BFA-915F-2CDF36430FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{6BBAAA6D-D021-44AB-A16B-C68CCDA1A6CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0F093A5D-4795-487E-B22F-DD35E7E1729C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF035499-2EEA-44AB-B10B-B115FCB4839B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9063BF88-0278-4303-9D11-ED178E7E60AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{242A4A2B-1700-45E8-825B-ED5FB6EA51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09FA8724-DA58-4B02-93DC-96569F1A301E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31135FEC-8BE7-4CAA-B010-3DC00C2A8C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D288D75-9FA4-457C-8316-FA31ED5DA45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90DA78E5-E9E1-43EB-B5CD-26A7876D2DC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1CC9CF17-53AF-40E4-A606-8DD207B826E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89A14D6E-73CE-47E8-94DF-7BB259126950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FBCB474-77C8-4299-B0F5-AB914BF37733}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B408B96-6925-457A-ABD0-8C94DA211429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04FDE16E-E24D-4868-8DA2-C5108A299117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB48F00C-67D4-4CEC-B70B-3C50E06D7D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72D07915-80A6-49FB-A208-B976C2673A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EB3CCB1-4D7E-4342-B46C-13B8251EE441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A105AED-6AE9-41C3-B19B-4932B9966168}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B99339C2-3920-4CF9-A1B0-0851E675BAEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D27333D4-DFBA-4E9B-96EB-75C264A30B0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96F77DD3-D4FB-4AAE-A07B-F2884A69E4BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8846A3B-2662-46EA-B236-95451D25CC5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AE17FF3-DB14-49C1-833F-BC4E65DB3871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A20815C9-CB6B-4643-9546-0AE4E583CE60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84624492-5862-4AB3-90FF-32FFDDB45247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{509B9A4D-7142-48B3-82AB-072C45E5DAA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85CF9792-7313-4874-9E6E-4B80F3D9CC14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F192660C-B8C7-4DDE-A658-576A2F38FFA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CCDB565-E774-4506-9B15-0F140A67E8BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{283C824D-64C7-4B6A-8DE7-B17C2CC9AE14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4363E457-A9DE-4820-AC6A-590559ACCF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60E62EC3-7855-4383-A035-1640817B080C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A07C07CD-7E71-4298-A75D-8C58B4AB296E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{885984E2-E76B-4C9C-9DE7-DDB0BA29CDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15FF6CCB-F24F-42E2-8CF2-D5D7A196FB3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB5EB309-73CA-400D-93C8-B7950DD871D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE590E16-6439-4C54-A090-E87299A9918C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F2968CBB-76FD-4155-8025-B6AF9F17548C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40717109-2FBF-47D1-97B7-6FD91544C137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9E27144-C018-4DA9-9DD4-B2B0E76CEFFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A37D4B3-841B-49B7-B649-5CF7A7DB3BF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED34B256-B8EC-41B6-870F-A0159AA09A89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAD76C13-ECDF-464A-BE32-9F0153010696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AB0DBC5-C4AE-4B34-AE79-88461069218A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EBDEAD33-80DA-4D94-9C4B-AB17C5658490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26E329B9-E6DE-4418-9CD5-9C911823918B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8A4ECB2-9021-4A59-B758-CBC380B7A312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{D23644F6-5D5F-481B-A28C-F074771F7EC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{2FE478C1-9506-46A7-BA8A-4E02C5D5D0A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44E038C0-5D39-4483-9046-18FD1F128E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A84F6AD3-A7BC-4A5A-AC07-0048831A9D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB2EEFD2-B9C8-436D-BA51-36954A9A01D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27853DD3-7C5F-4821-9369-FD955019392B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CD55B38-B856-45DF-B31F-7BAF04B33496}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09ADE10C-3176-424F-AD55-CB23E926CE6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C770C3-9DEE-4A0F-80D2-A0E38EF04117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAEAD61F-5926-447B-8BCF-93AB8F8E7BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1119F227-D5B4-43ED-AAD3-2A3DAD9E9D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42A09E01-B706-414E-A592-EDDB7AA95C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40A4D381-A1C4-4AA1-981F-2BAA127AEC17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{928824BC-A834-4DAC-888A-0FCA11F5FBE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31166771-9B37-47E9-A2B8-2A4E8BD17E84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FFE2082-D7D3-4133-BB3C-2CC7321CBF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4044B8FD-59D9-4CB5-AC6E-1649E99618DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C4CD24D-3FD9-4568-8E59-1EE4C319B34C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55E6B832-AA9B-4B10-8322-A28B1C12D7AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D4669CA-2E43-4B80-8789-6E8A1069AEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC984192-EF4F-4A6B-B69F-D7DB0CC8DA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61A2024D-4346-4B60-9802-E8665665E683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B0FA959-3DEE-42EB-9CDD-546816F220EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{458F0E93-7459-483A-AE79-FC5368D2D3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE35C23C-7406-4519-8C27-7647CCFA13AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B408241-4F66-4671-855B-6215379459E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A772859-044A-4BFA-ACE9-92A63AB96AEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04F63AB6-08BD-4214-A156-1D1DACE91170}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{98940F21-6C7E-429E-AA9D-E2AAD82E9E52}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C7E1DFF6-2C29-4760-B187-78E39160F768}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{A99AC3F6-2C93-4DDE-8C2B-9DEE8CAAF19C}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{F35F12E5-FA51-45C7-9E67-851B68F34CC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1CC82BC-2852-4122-8BB9-FA6171E4F062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5881672F-DFF4-4265-B507-26DAC5BC3BBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{922EC6D2-2805-4E0A-8071-E6120316CE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{78EC51BA-768B-44EE-A745-305F2A9789C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{6704A23D-B0F0-4608-92E6-5D6BA6BE6D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{2D68CF6B-F1F2-42DD-AA9B-F386924F3282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B764981-FF06-41A0-9194-14AF0265AC76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D62A25A3-5719-4CF5-A6CA-6D4EBD857080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A74138E-7ED7-4E61-A48D-0DFB5DECFB78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04BDC023-05B0-4336-B836-3F833692CE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23E63623-3603-4D4B-AAF2-8E304E28F8E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4753CAD0-EE2C-49C4-85CF-DD2A60C11F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{D699C4C2-C173-4092-9171-ECEEA72B84F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{3507F32B-3E39-46AF-9A28-89BD71240D53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3974DE8B-6354-490D-82BB-F6950BEA1A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{619152E0-C3A7-4A4D-B9E0-6A32942F8DB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1040B8DC-284E-4229-9104-15F8D6CC0392}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFDCC86D-D313-4B19-ACB0-A695B9C934E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEA4960A-7858-468B-B5A5-7BDA186280BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B70864BA-14C6-42E1-A09D-E72892502CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{052B6F4C-33FC-4ED4-A1F2-F78B134D35EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{565A0B62-51BF-4A2D-A415-0868445E0F56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A950D923-AC18-417F-8A46-EE9DBEC257F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{119A04E4-14A2-45EF-A25F-44906CC71E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{148B5726-3D11-4594-B5B8-FC900A24B73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8EE2F9ED-761D-48C9-9B49-32F83CCAFC00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C29F85D8-D140-4799-8B9F-8151966373AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B62CB6F-A497-4A33-82D4-4731EC9DBECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{656CC92C-5D9E-47B0-80E4-CB9194944409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2087653-7CC9-47AB-B191-1BD5D25C027E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D1D7162-C7B6-4885-BEAB-4F6C869EF84B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F79C04B6-F25B-45B8-AAFA-5C4A0C6B7292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B92C1BFD-499F-4613-B5BD-D0A9B8F174C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14885187-AD47-49DC-B605-74A137047322}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60C3D3A0-43D2-4A6D-AC8F-804D7AF4FCBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21FBDC74-B0D7-4123-B0CF-FFBF979A93E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A80D1980-6200-43B3-BA4B-952A7CA9AD86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31CFAEA5-4904-4429-97DD-E7700B10A139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AD912D8-D359-456D-BB6A-68D1D9AA4EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F8BD7E9-67FE-4970-97AA-4E6CF48E663F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30621AA0-7F41-4516-B855-352E6721D209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F20F4D63-9456-4C72-B6C7-68B141930EF8}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{8FFABB6A-EE47-4BF0-B471-66CFC0577A9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47F73980-9AF9-4509-9D19-66CDAC4D5C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

21-04-2017 22:57:56 Windows Update
24-04-2017 22:30:24 Installed Microsoft Visual C++ 2005 Redistributable
28-04-2017 02:13:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2017 10:36:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: UEHCKQXFQT.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at Publisher.Utility.Cryptor.decrypt(System.String)
   at MTilryZbwC13ir210k.VNBb3gLGQJXC5JuuET.A2JQEAc1yW(System.String)
   at Publisher.Publisher.f86jYyvp2(System.Collections.Generic.List`1<Publisher.Prints.AdsInformation> ByRef, System.String ByRef)
   at Publisher.Publisher.P5P0hSa0q(Int32, Int32)
   at Publisher.Publisher+<>c__DisplayClass1_0.<OnlineWork>b__0()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (04/28/2017 10:21:31 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (04/28/2017 10:21:31 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (04/28/2017 04:11:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANKEN-METHOD)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/28/2017 04:10:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANKEN-METHOD)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/28/2017 03:30:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANKEN-METHOD)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/28/2017 03:23:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2017 02:45:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UEHCKQXFQT.exe, version: 0.0.0.22, time stamp: 0x5901d3a7
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1066, time stamp: 0x58d9ef32
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x914
Faulting application start time: 0x01d2bfe8c4608dd0
Faulting application path: C:\Users\Eric Adkins\AppData\Local\Temp\cb-b5597-ac8-f5581-ce4c12832666b\UEHCKQXFQT.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 47cbb2fd-f1b9-4167-8b1e-d8ef9c7996e3
Faulting package full name:
Faulting package-relative application ID:

Error: (04/28/2017 02:45:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: UEHCKQXFQT.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
   at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
   at wmPJMCcN5r60LpLNBj.XT5Zfd75e9pITKsYmG.QMH69l3ZL(System.String, Int32, Int32, Int32)
   at Publisher.Publisher.P5P0hSa0q(Int32, Int32)
   at Publisher.Publisher+<>c__DisplayClass1_0.<OnlineWork>b__0()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (04/28/2017 02:23:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/29/2017 12:39:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/29/2017 12:39:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the windowsmanagementservice service to connect.

Error: (04/29/2017 12:37:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/29/2017 12:37:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdBlockerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/29/2017 12:37:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AdBlockerService service to connect.

Error: (04/29/2017 12:36:48 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841156256

Error: (04/29/2017 12:37:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:25:48 PM on ‎4/‎28/‎2017 was unexpected.

Error: (04/28/2017 12:25:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:11:17 PM on ‎4/‎28/‎2017 was unexpected.

Error: (04/28/2017 10:34:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/28/2017 05:42:22 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


CodeIntegrity:
===================================
  Date: 2017-04-28 02:43:49.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-28 02:43:41.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-04 02:21:28.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-04 02:21:08.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 10%
Total physical RAM: 16276.68 MB
Available physical RAM: 14583.71 MB
Total Virtual: 18708.68 MB
Available Virtual: 16875.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:3725.47 GB) (Free:3399.07 GB) NTFS
Drive d: (WINDOWS10) (Removable) (Total:14.42 GB) (Free:7.15 GB) FAT32
Drive e: (COWBOY_BEBOP) (CDROM) (Total:7.37 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Attached File  Addition.txt   59.04KB   1 downloads

Edit: Moved topic from Windows 10 to the more appropriate forum, due to the inclusion of Addition.txt. ~ Animal

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 29 April 2017 - 03:07 PM

Welcome :)
  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Felix_Nix

Felix_Nix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 29 April 2017 - 08:10 PM

Allright, seems to have worked, though I know there may be more to do. It found over 4 thousand malware, and removed them all, cleaned and perfected. No popups yet, and I seem to have control back from it. I had to run it three times, though it wouldn't let me run it directly, if I downloaded it again it worked. I will post the logs in multiple parts, as I tried to post the whole thing and it said it was too long.



#4 Felix_Nix

Felix_Nix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 29 April 2017 - 08:17 PM

I can't post it without breaking it into so many parts it wouldn't be easy to read. Will attempt to post as attachment.

 

Attached File  mbar-log-2017-04-29 (20-02-38).txt   1.41MB   6 downloads

Attached File  system-log.txt   3.29MB   3 downloads


Edited by Felix_Nix, 29 April 2017 - 08:18 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 29 April 2017 - 08:51 PM

That was quite an infection.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 29 April 2017 - 08:55 PM

In addition. Run FRST64 as follows:

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is ran. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Felix_Nix

Felix_Nix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 29 April 2017 - 10:41 PM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Eric Adkins (Administrator) on Sat 04/29/2017 at 22:04:07.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\Users\Eric Adkins\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\Users\Eric Adkins\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Eric Adkins\AppData\Roaming\browsers (Folder)
Successfully deleted: C:\Users\Eric Adkins\AppData\Roaming\Mozilla\Firefox\Profiles\i47sklid.default-1486193240931\Invalidprefs.js (File)
Successfully deleted: C:\Users\Eric Adkins\AppData\Roaming\spi (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{50111692-3AE5-4A24-8854-42CCBBA04FF1} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/29/2017 at 22:05:52.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ADW-

 

# AdwCleaner v6.046 - Logfile created 29/04/2017 at 22:19:57
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-29.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Eric Adkins - FRANKEN-METHOD
# Running from : C:\Users\Eric Adkins\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: swdumon
[-] Service deleted: AdBlockerService


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Eric Adkins\AppData\Local\llssoft
[-] Folder deleted: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\adblocker
[-] Folder deleted: C:\Users\Eric Adkins\AppData\Roaming\AGData


***** [ Files ] *****

[-] File deleted: C:\Users\Eric Adkins\AppData\Local\uninstallro.exe
[#] File deleted: C:\Users\Eric Adkins\AppData\Local\uninstallro.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: MPLClient


***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Software\VideoBox
[-] Key deleted: HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\VideoBox
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\VideoBox
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DragonBoost
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2830 Bytes] - [29/04/2017 22:19:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [2861 Bytes] - [29/04/2017 22:07:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2976 Bytes] ##########
 

FRST-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Eric Adkins (administrator) on FRANKEN-METHOD (29-04-2017 23:36:10)
Running from C:\Users\Eric Adkins\Downloads\Cleanup tools\FRST64
Loaded Profiles: Eric Adkins (Available Profiles: defaultuser0 & Eric Adkins & gastj)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{8931eebe-9e59-4484-b0d5-827b45ffc12e}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Eric Adkins\AppData\Roaming\Mozilla\Firefox\Profiles\i47sklid.default-1486193240931 [2017-04-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\i47sklid.default-1486193240931 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i47sklid.default-1486193240931 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\i47sklid.default-1486193240931 -> youtube.com
FF Extension: (uBlock Origin) - C:\Users\Eric Adkins\AppData\Roaming\Mozilla\Firefox\Profiles\i47sklid.default-1486193240931\Extensions\uBlock0@raymondhill.net.xpi [2017-04-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-22] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmdag.sys [28762648 2017-01-27] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository

 

Addition-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Eric Adkins (29-04-2017 23:37:09)
Running from C:\Users\Eric Adkins\Downloads\Cleanup tools\FRST64
Windows 10 Home Version 1607 (X64) (2016-12-31 11:25:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1184652116-1258360446-4164663185-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1184652116-1258360446-4164663185-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1184652116-1258360446-4164663185-1000 - Limited - Disabled) => C:\Users\defaultuser0
Eric Adkins (S-1-5-21-1184652116-1258360446-4164663185-1001 - Administrator - Enabled) => C:\Users\Eric Adkins
gastj (S-1-5-21-1184652116-1258360446-4164663185-1003 - Limited - Enabled) => C:\Users\gastj
Guest (S-1-5-21-1184652116-1258360446-4164663185-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Audiosurf (HKLM\...\Steam App 12900) (Version:  - Dylan Fitterer)
Catalyst Control Center Next Localization BR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DarkCrusade (HKLM-x32\...\{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}) (Version: 1.20 - THQ)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
EVE Online (HKLM\...\Steam App 8500) (Version:  - CCP)
Fallout 3 - Game of the Year Edition (HKLM\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version:  - Paradox Development Studio)
Infinity (HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\Infinity) (Version: 2.3.4 - Daring Development Inc.)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Microsoft OneDrive (HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
Project Highrise - Las Vegas (HKLM-x32\...\2116077629_is1) (Version: 1.5.0.1.[50065894658122674] - GOG.com)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.13.0.17 - GOG.com)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
RESIDENT EVIL 7 biohazard / BIOHAZARD 7 resident evil (HKLM\...\Steam App 418370) (Version:  - CAPCOM Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris version 1.0.0 (HKLM-x32\...\Stellaris_is1) (Version: 1.0.0 - RezMar)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
This War of Mine: The Little Ones (HKLM-x32\...\This War of Mine: The Little Ones_is1) (Version:  - )
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version:  - )
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Warhammer 40,000: Dawn Of War - Platinum Edition (HKLM-x32\...\{8F99E711-CE74-4718-BE04-19D1A53A735C}) (Version: 1.51 - THQ)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11D1A476-7718-4731-991B-38BA01460982} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)
Task: {5AC5EB14-38EB-426A-B81E-E73A80C53A15} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Eric Adkins\Desktop\Other Applications\Мozilla Firеfоx.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\Desktop\Games\Fаllout New Vegаs Ultimatе Еditiоn.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.rehcnualvntuollaf.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Еxрlorer.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firefox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firеfox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-12 19:51 - 2017-03-28 02:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-24 19:20 - 2016-09-24 19:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-08-29 18:54 - 2016-08-29 18:54 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-29 18:54 - 2016-08-29 18:54 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-04-12 19:51 - 2017-03-28 02:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-30 19:54 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:29 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:29 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:29 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:29 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 19:51 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 19:51 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 19:51 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 19:24 - 2017-04-26 19:24 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 19:24 - 2017-04-26 19:24 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1184652116-1258360446-4164663185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric Adkins\Pictures\Spiceandwolf Background.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F2FBC66F-258D-439A-90D5-4AF2DD01C5C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F46774C5-93C1-4539-96A2-AB98B5AC27A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2901D59A-3D52-4BC8-A93C-1587AA0B66A7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2EA717FE-7151-4EE7-B726-EDE6E8EF981D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1C86FF8B-AE29-49F6-815D-6C2D78E795E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E53CD0DB-4CD6-40BF-9487-8E339FCB7287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{11DB62C1-D30C-437C-83FD-7449DCB59D4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0FFB6F04-E8AE-4592-8277-3DD0E5C2BB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3A141B6F-3C37-4547-9F74-59BE6465A0C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{14F3D633-1759-4F96-8AAC-F804011AAC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4DE0F33D-EC35-479B-A6AE-B0713FF69CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A39494EA-68A7-40BF-8EFD-64711CCE45D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{447F25D5-6889-4B44-AF6B-E1319DF9D9F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{D2136099-F02E-47AC-A930-9913BC90E0ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{764D4842-C4C5-4E84-B9F4-479FBE5C48D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{DE4E9313-3205-44AE-904E-93D5EFF45FA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{A2D01FB9-B1DC-4148-A423-DDDFED63D35C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0DE0828-5250-4170-85E1-991AEF4A69C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E6A8E5D7-7031-4B5D-9E04-F2166E8F6A77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{2A4B8F27-4CA3-44E0-B66B-93464E0FDE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A635463C-114E-4EFC-9EE2-FF1E43E6FEAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{47C99FA5-08C0-42B1-A335-85FA48DB7863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{6ECE5D09-ED93-4B98-8D03-C045029C96DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{1B5DB00E-C949-4603-89DE-B77D3B24FD0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{53D0FF39-A492-4569-9521-BD74FFC71EE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D7A82D35-6DCC-47D3-B893-4B17E82E14FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{6222F8E2-6AB0-40BD-9E35-EE214C440461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{BE7C250F-F717-4831-89A7-09125CDA2249}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{F8C4442E-5DD1-4DF1-A3F4-E48DF707E3EA}C:\program files (x86)\thq\darkcrusade\darkcrusade.exe] => (Allow) C:\program files (x86)\thq\darkcrusade\darkcrusade.exe
FirewallRules: [UDP Query User{EB01E672-7FF8-44C9-BCFB-0EAF6171614A}C:\program files (x86)\thq\darkcrusade\darkcrusade.exe] => (Allow) C:\program files (x86)\thq\darkcrusade\darkcrusade.exe
FirewallRules: [TCP Query User{E09652A0-DCDC-403A-81B5-0767CD97FB4B}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [UDP Query User{D733C30F-1ED1-4B55-BB5A-32B420DC5545}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [{0E8180D1-A795-4D68-AA20-29C2B1D57EBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4E84352E-2FDF-433D-9E8A-50180473DD0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C1981A92-A4EE-4CD7-8C45-35EFB6F4B639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4CA0160-ECE4-4689-9C1D-17D8A4C98BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1BB7F8C-7287-4E43-91F1-8767ACB54D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C6327D2-E985-42BA-8C8E-EA036C18AC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{366AB8E1-14C9-4D9B-9DEB-272C5A4E245C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D28395B-0F6A-4868-AACB-35719BFC129D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5716A20C-B545-49F8-B074-09481381F91A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FD4C34A6-3AAA-423B-87AD-01FB18C19A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F4CC3B60-68BB-4593-8448-D846ED4F1642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C1D37D3-502C-47B9-ACAE-EB353A54EE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3191199C-6574-4F73-853C-29005FB5901F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4199A184-840A-454B-9145-B4D93CB062BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A34E1763-0DE5-4192-B570-E724B90F5992}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F7D8754A-B87D-418C-BD3F-00D0EFCA3977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D8768048-5937-4038-935C-657AB458DE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10675FEB-774F-4B3A-8DD5-A7889B1C873D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31DF7D72-7467-4F74-9BA1-B9383BA10AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{564B7705-1928-4936-98F3-5E29B0B15027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{859CBBCA-17D1-4940-B5EF-634FEB8BBB21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD3919FE-09A1-45FA-A8F4-BD086A4AA0F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA755776-0FFD-4C6A-8A09-B7D622F137F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32ABD13C-C600-4CB9-BD17-88D004E5CF97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DDC16A6B-1161-42B2-80FD-2EB855944F54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E552A97-606B-4FE4-96AD-E6CF6522EFBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{655EAFF3-F689-442A-B3AB-14195495DC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A99B1F22-4A88-4D2D-952E-3ADEFDE60908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{308DFAB2-8957-42ED-AC15-E9E0075BB76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDF2A74C-05AF-4B4E-A912-F2C5CED1B10E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A5E918CD-792D-4F4B-88D3-244549887C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60506E56-BAAF-4529-9CC2-E61AB91B1E2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A780AAEF-050D-41DB-ACD4-4B575B155360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81532CD5-A849-4BA2-8BF4-7C66D43FB213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D01EADD-2EBF-4D91-9179-95354944D70C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{799845A0-06DF-400B-AD69-1B6A129D88D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A8A4460-BAE6-44D2-A1D5-5CF1CEAE025F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EE70DB0-8604-4AFA-B5B7-8417BBD3F5BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8433BDAD-AE93-4F21-BB74-564342AD9995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6DB1B5B-51CD-4705-9D24-0904520F8FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84F78B0B-F2F4-4CF0-9478-1031110DF5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0859ABEB-7EB1-4D7B-B73F-8C3AD8F3BF11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E26915D-A95B-42F9-8515-B4F13842B172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E56169D9-82F4-42B3-B743-31E5367DA8E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A2FDFE2-95E6-4EDA-914A-3A6BBEFFE44E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CA400ADD-F68B-408D-8992-3035EB4465C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7D1EE4E-B058-452D-A372-07B97AD70CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B03486F8-EF84-4AB6-B516-4E44B3DEED9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3609679B-EA33-43EC-8A7E-1B95E5D53EDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{DA26E5A4-58F7-4563-8AB1-3C26626D560E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{B246739E-0871-43C6-97A4-7D2B4000DB8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A3C93AC-E2E8-4DEA-ACE2-BF5540C42348}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFA1EF06-555D-4DA5-B6F9-3A96AF6F0508}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{F56B238A-5C9C-4BFA-915F-2CDF36430FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{6BBAAA6D-D021-44AB-A16B-C68CCDA1A6CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0F093A5D-4795-487E-B22F-DD35E7E1729C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF035499-2EEA-44AB-B10B-B115FCB4839B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9063BF88-0278-4303-9D11-ED178E7E60AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{242A4A2B-1700-45E8-825B-ED5FB6EA51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09FA8724-DA58-4B02-93DC-96569F1A301E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31135FEC-8BE7-4CAA-B010-3DC00C2A8C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D288D75-9FA4-457C-8316-FA31ED5DA45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90DA78E5-E9E1-43EB-B5CD-26A7876D2DC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1CC9CF17-53AF-40E4-A606-8DD207B826E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89A14D6E-73CE-47E8-94DF-7BB259126950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FBCB474-77C8-4299-B0F5-AB914BF37733}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B408B96-6925-457A-ABD0-8C94DA211429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04FDE16E-E24D-4868-8DA2-C5108A299117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB48F00C-67D4-4CEC-B70B-3C50E06D7D79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72D07915-80A6-49FB-A208-B976C2673A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EB3CCB1-4D7E-4342-B46C-13B8251EE441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A105AED-6AE9-41C3-B19B-4932B9966168}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B99339C2-3920-4CF9-A1B0-0851E675BAEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D27333D4-DFBA-4E9B-96EB-75C264A30B0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96F77DD3-D4FB-4AAE-A07B-F2884A69E4BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8846A3B-2662-46EA-B236-95451D25CC5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AE17FF3-DB14-49C1-833F-BC4E65DB3871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A20815C9-CB6B-4643-9546-0AE4E583CE60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84624492-5862-4AB3-90FF-32FFDDB45247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{509B9A4D-7142-48B3-82AB-072C45E5DAA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85CF9792-7313-4874-9E6E-4B80F3D9CC14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F192660C-B8C7-4DDE-A658-576A2F38FFA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CCDB565-E774-4506-9B15-0F140A67E8BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{283C824D-64C7-4B6A-8DE7-B17C2CC9AE14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4363E457-A9DE-4820-AC6A-590559ACCF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60E62EC3-7855-4383-A035-1640817B080C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A07C07CD-7E71-4298-A75D-8C58B4AB296E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{885984E2-E76B-4C9C-9DE7-DDB0BA29CDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15FF6CCB-F24F-42E2-8CF2-D5D7A196FB3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB5EB309-73CA-400D-93C8-B7950DD871D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE590E16-6439-4C54-A090-E87299A9918C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F2968CBB-76FD-4155-8025-B6AF9F17548C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40717109-2FBF-47D1-97B7-6FD91544C137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9E27144-C018-4DA9-9DD4-B2B0E76CEFFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A37D4B3-841B-49B7-B649-5CF7A7DB3BF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ED34B256-B8EC-41B6-870F-A0159AA09A89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAD76C13-ECDF-464A-BE32-9F0153010696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AB0DBC5-C4AE-4B34-AE79-88461069218A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EBDEAD33-80DA-4D94-9C4B-AB17C5658490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26E329B9-E6DE-4418-9CD5-9C911823918B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8A4ECB2-9021-4A59-B758-CBC380B7A312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{D23644F6-5D5F-481B-A28C-F074771F7EC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{2FE478C1-9506-46A7-BA8A-4E02C5D5D0A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44E038C0-5D39-4483-9046-18FD1F128E59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A84F6AD3-A7BC-4A5A-AC07-0048831A9D11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB2EEFD2-B9C8-436D-BA51-36954A9A01D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27853DD3-7C5F-4821-9369-FD955019392B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CD55B38-B856-45DF-B31F-7BAF04B33496}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09ADE10C-3176-424F-AD55-CB23E926CE6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36C770C3-9DEE-4A0F-80D2-A0E38EF04117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAEAD61F-5926-447B-8BCF-93AB8F8E7BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1119F227-D5B4-43ED-AAD3-2A3DAD9E9D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42A09E01-B706-414E-A592-EDDB7AA95C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40A4D381-A1C4-4AA1-981F-2BAA127AEC17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{928824BC-A834-4DAC-888A-0FCA11F5FBE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31166771-9B37-47E9-A2B8-2A4E8BD17E84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FFE2082-D7D3-4133-BB3C-2CC7321CBF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4044B8FD-59D9-4CB5-AC6E-1649E99618DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C4CD24D-3FD9-4568-8E59-1EE4C319B34C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55E6B832-AA9B-4B10-8322-A28B1C12D7AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D4669CA-2E43-4B80-8789-6E8A1069AEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC984192-EF4F-4A6B-B69F-D7DB0CC8DA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61A2024D-4346-4B60-9802-E8665665E683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B0FA959-3DEE-42EB-9CDD-546816F220EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{458F0E93-7459-483A-AE79-FC5368D2D3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE35C23C-7406-4519-8C27-7647CCFA13AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B408241-4F66-4671-855B-6215379459E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A772859-044A-4BFA-ACE9-92A63AB96AEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04F63AB6-08BD-4214-A156-1D1DACE91170}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{98940F21-6C7E-429E-AA9D-E2AAD82E9E52}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C7E1DFF6-2C29-4760-B187-78E39160F768}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{A99AC3F6-2C93-4DDE-8C2B-9DEE8CAAF19C}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{F35F12E5-FA51-45C7-9E67-851B68F34CC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1CC82BC-2852-4122-8BB9-FA6171E4F062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5881672F-DFF4-4265-B507-26DAC5BC3BBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{922EC6D2-2805-4E0A-8071-E6120316CE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{78EC51BA-768B-44EE-A745-305F2A9789C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{6704A23D-B0F0-4608-92E6-5D6BA6BE6D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{2D68CF6B-F1F2-42DD-AA9B-F386924F3282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B764981-FF06-41A0-9194-14AF0265AC76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D62A25A3-5719-4CF5-A6CA-6D4EBD857080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A74138E-7ED7-4E61-A48D-0DFB5DECFB78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04BDC023-05B0-4336-B836-3F833692CE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23E63623-3603-4D4B-AAF2-8E304E28F8E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4753CAD0-EE2C-49C4-85CF-DD2A60C11F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{D699C4C2-C173-4092-9171-ECEEA72B84F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{3507F32B-3E39-46AF-9A28-89BD71240D53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3974DE8B-6354-490D-82BB-F6950BEA1A84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{619152E0-C3A7-4A4D-B9E0-6A32942F8DB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1040B8DC-284E-4229-9104-15F8D6CC0392}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFDCC86D-D313-4B19-ACB0-A695B9C934E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEA4960A-7858-468B-B5A5-7BDA186280BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B70864BA-14C6-42E1-A09D-E72892502CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{052B6F4C-33FC-4ED4-A1F2-F78B134D35EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{565A0B62-51BF-4A2D-A415-0868445E0F56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A950D923-AC18-417F-8A46-EE9DBEC257F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{119A04E4-14A2-45EF-A25F-44906CC71E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{148B5726-3D11-4594-B5B8-FC900A24B73C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8EE2F9ED-761D-48C9-9B49-32F83CCAFC00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C29F85D8-D140-4799-8B9F-8151966373AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B62CB6F-A497-4A33-82D4-4731EC9DBECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{656CC92C-5D9E-47B0-80E4-CB9194944409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2087653-7CC9-47AB-B191-1BD5D25C027E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D1D7162-C7B6-4885-BEAB-4F6C869EF84B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F79C04B6-F25B-45B8-AAFA-5C4A0C6B7292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B92C1BFD-499F-4613-B5BD-D0A9B8F174C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14885187-AD47-49DC-B605-74A137047322}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60C3D3A0-43D2-4A6D-AC8F-804D7AF4FCBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{21FBDC74-B0D7-4123-B0CF-FFBF979A93E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A80D1980-6200-43B3-BA4B-952A7CA9AD86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31CFAEA5-4904-4429-97DD-E7700B10A139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AD912D8-D359-456D-BB6A-68D1D9AA4EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F8BD7E9-67FE-4970-97AA-4E6CF48E663F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30621AA0-7F41-4516-B855-352E6721D209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F20F4D63-9456-4C72-B6C7-68B141930EF8}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{8FFABB6A-EE47-4BF0-B471-66CFC0577A9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47F73980-9AF9-4509-9D19-66CDAC4D5C22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

21-04-2017 22:57:56 Windows Update
24-04-2017 22:30:24 Installed Microsoft Visual C++ 2005 Redistributable
28-04-2017 02:13:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
29-04-2017 22:04:11 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2017 10:12:28 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (04/29/2017 10:06:32 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (04/29/2017 10:06:25 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (04/29/2017 10:05:19 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (04/29/2017 10:04:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/29/2017 09:25:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FRANKEN-METHOD)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/29/2017 08:50:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/29/2017 08:49:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/29/2017 08:00:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 20e8

Start Time: 01d2c14335d779bc

Termination Time: 14

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 026b16fb-2d38-11e7-b61c-708bcd5726d3

Faulting package full name:

Faulting package-relative application ID:

Error: (04/29/2017 07:48:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 12bc

Start Time: 01d2c14044639138

Termination Time: 7

Application Path: C:\Windows\SysWOW64\rundll32.exe

Report Id: 4c24fba6-2d36-11e7-b61c-708bcd5726d3

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/29/2017 10:30:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2017 10:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/29/2017 10:21:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/29/2017 10:20:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/29/2017 10:20:22 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/29/2017 10:20:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/29/2017 10:19:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/29/2017 10:19:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2017 10:19:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The StarWind AE Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2017 10:19:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-04-28 02:43:49.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-28 02:43:41.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-04 02:21:28.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-04 02:21:08.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 12%
Total physical RAM: 16276.68 MB
Available physical RAM: 14257.01 MB
Total Virtual: 18708.68 MB
Available Virtual: 16304.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:3725.47 GB) (Free:3404.69 GB) NTFS
Drive d: (WINDOWS10) (Removable) (Total:14.42 GB) (Free:7.15 GB) FAT32
Drive e: (COWBOY_BEBOP) (CDROM) (Total:7.37 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 30 April 2017 - 08:50 AM

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

favicon-32x32.png Please download Malwarebytes to your desktop.
 
Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
 
Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
 
The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
 
10a.png
 
After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.
 
13a.png
 
Put a checkmark on all detected and click on "Quarantine Selected"
 
18a.png
 
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
 
19a.png
 
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Felix_Nix

Felix_Nix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 30 April 2017 - 09:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-04-2017
Ran by Eric Adkins (30-04-2017 22:28:23) Run:1
Running from C:\Users\Eric Adkins\Downloads\Cleanup tools\FRST64
Loaded Profiles: Eric Adkins (Available Profiles: defaultuser0 & Eric Adkins & gastj)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Hosts:
Shortcut: C:\Users\Eric Adkins\Desktop\Other Applications\?ozilla Fir?f?x.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\Desktop\Games\F?llout New Veg?s Ultimat? ?diti?n.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.rehcnualvntuollaf.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ?x?lorer.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozilla Fir?fox.lnk -> C:\Users\Eric Adkins\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

Hosts restored successfully.
"C:\Users\Eric Adkins\Desktop\Other Applications\?ozilla Fir?f?x.lnk" => Could not move.
C:\Users\Eric Adkins\Desktop\Games\F?llout New Veg?s Ultimat? ?diti?n.lnk => not found.
"C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ?x?lorer.lnk" => Could not move.
"C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozilla Fir?fox.lnk" => Could not move.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{B547E0E5-7224-4FC6-8F1D-0641B5EFFA1E} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19559079 B
Java, Flash, Steam htmlcache => 356936638 B
Windows/system/drivers => 10164574 B
Edge => 5824293 B
Chrome => 0 B
Firefox => 376384913 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 7296 B
Eric Adkins => 918167671 B
gastj => 83338885 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:30:02 ====

 

 

Malwarebytes Scanlog-

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/17
Scan Time: 10:35 PM
Logfile: MWB Scanlog.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1841
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: FRANKEN-METHOD\Eric Adkins

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406085
Time Elapsed: 3 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#10 Felix_Nix

Felix_Nix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jacksonville NC
  • Local time:11:21 AM

Posted 30 April 2017 - 09:58 PM

Looks to me like she's all clean, boss. Gave her a restart after the scan, she seems to be good. Thanks for the help, I'll give you a donation when I get paid. I will keep checking back to see if their is anything else you need me to do.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 30 April 2017 - 10:12 PM

Yes it is, congratulations.

 

Lets cleanup the tools we used.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.

 

Best regards.    :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 01 May 2017 - 08:50 AM

Look for these files:

 

C:\Users\Eric Adkins\Desktop\Other Applications\?ozilla Fir?f?x.lnk"
C:\Users\Eric Adkins\Desktop\Games\F?llout New Veg?s Ultimat? ?diti?n.lnk
"C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ?x?lorer.lnk"
"C:\Users\Eric Adkins\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox.lnk"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozilla Fir?fox.lnk"

 

If they contain the interrogation mark and it isn't due to language, please delete them all.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 05 May 2017 - 07:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users