Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove act_0515.exe Windows Activation Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 nicktrick92

nicktrick92

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 May 2017 - 07:18 PM

Hey guys, I've got a pretty bad virus on my hands here. I let my brother use my computer for just a couple hours and then I get this... The virus, which I'm 99% sure is a virus is a popup of Windows Activation, which asks for some computer information and my activation code for windows. In addition, it disables my other monitors, stops windows explorer, and completely covers the screen in which it appears on. In the short amount of time before it pops up after a restart, I was able to find out the following:
 
-The process name is "Activate File"
-The process properties show that it is running a file called act_0515.exe from the C:/ Directory
-If I delete said file before it can launch, the virus will not launch the activator page
-When the file is deleted, it will come back on every restart/sign out/Explorer restart
 
I'm just wondering if anybody has any experience with this kind of virus and if so if they found anything to be useful. Having to delete the file on each computer restart is a bit tedious. I have tried both a Malwarebytes, AVG, and Comodo scan (Comodo is almost done, still in progress) and no harmful files were found. I believe this virus came about with a program my brother tried to install which also installed about 10 "Play War Thunder" (And similar) icons on my desktop!
 
Any help is greatly appreciated, and let me know if you need any logs or anything!
 
Thanks,
 
~Nick M.


Forgot to include FRST scan, here's the log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Nick (25-05-2017 17:30:27)
Running from C:\Users\Nick\Downloads
Windows 10 Pro Version 1607 (X64) (2017-02-11 01:28:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3896182715-1549511042-1915770344-500 - Administrator - Disabled)
danba (S-1-5-21-3896182715-1549511042-1915770344-1008 - Limited - Enabled) => C:\Users\danba
danban502 (S-1-5-21-3896182715-1549511042-1915770344-1010 - Administrator - Enabled) => C:\Users\danban502
DefaultAccount (S-1-5-21-3896182715-1549511042-1915770344-503 - Limited - Disabled)
Guest (S-1-5-21-3896182715-1549511042-1915770344-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3896182715-1549511042-1915770344-1005 - Limited - Enabled)
Nick (S-1-5-21-3896182715-1549511042-1915770344-1001 - Administrator - Enabled) => C:\Users\Nick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
18 Wheels of Steel: American Long Haul (HKLM-x32\...\Steam App 12520) (Version:  - SCS Software)
4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8BitBoy (HKLM-x32\...\Steam App 296910) (Version:  - AwesomeBlade)
911 Operator (HKLM\...\Steam App 503560) (Version:  - Jutsu Games)
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_2) (Version: 16.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AirDroid 3.3.3.0 (HKLM-x32\...\AirDroid) (Version: 3.3.3.0 - Sand Studio)
Akamai NetSession Interface (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
American Truck Simulator (HKLM-x32\...\American Truck Simulator_is1) (Version:  - )
Apowersoft Phone Manager version 2.7.3 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.7.3 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.6.91 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.6.91 - The [S.o.E] team)
ASTER v2.11 (HKLM\...\{BFEB483E-1D6F-4A10-9D35-AA73EB950523}) (Version: v2.11 - IBIK Software Ltd)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Auto Mouse Click v13.1 (HKLM-x32\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 13.1 - MurGee.com)
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BB FlashBack Express 5 (HKLM-x32\...\BB FlashBack Express 5) (Version: 5.13.0.3881 - Blueberry)
Blackwake (HKLM\...\Steam App 420290) (Version:  - Mastfire Studios Pty Ltd)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Callouts V (HKLM-x32\...\CalloutsV) (Version:  - Official LukeD)
CameraGripTools demo (HKLM-x32\...\Camera GripTools Demo for CINEMA 4D_is1) (Version:  - FRIESLAND AV&MULTIMEDIA)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Camtasia Studio 8 (HKLM-x32\...\{1B57499B-1BEB-426A-A406-D9D004A1D2CE}) (Version: 8.5.0.1954 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CL3 Launcher (HKLM-x32\...\CL3 Launcher) (Version: 3.0.1.248 - City Life RPG)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Code 3 Callouts (HKLM\...\{46F64247-4839-4433-A038-38EE2CDB4AF5}) (Version: 0.6.0 - Stealth22)
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (Version: 10.0.1.6223 - COMODO Security Solutions Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Creatures Of Darkness (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Creatures of Darkness Voices for MorphVOX (HKLM-x32\...\{00e68eab-1128-4d89-94ae-a83b286afd69}) (Version: 4.4.41 - Screaming Bee Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Damyo's RPG ModPack - Community Edition Installer version 1.2b (HKLM-x32\...\{DE34FEF1-5193-46B3-9684-A0A151F86F65}_is1) (Version: 1.2b - daimyo21mods@gmail.com)
DCRS Dispatch (HKLM-x32\...\DCRS Dispatch) (Version:  - )
DCRS Mobile (HKLM-x32\...\{9380CD58-147F-490F-9A2A-4A458E8F29CC}) (Version: 1.1.0 - DCRS)
Discord (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enforcer: Police Crime Action (HKLM\...\Steam App 318220) (Version:  - Odin Game Studio)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Firewatch (HKLM-x32\...\Firewatch_is1) (Version:  - )
Five Multiplayer version (PRE-RELEASE) 0.2a (HKLM-x32\...\{D57270AA-D9AB-4D7C-BC08-09F2B5DEF815}_is1) (Version: (PRE-RELEASE) 0.2a - Five Multiplayer)
FMW 1 (Version: 1.202.1 - AVG Technologies) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Frontier Launchpad version 1.0.3 (HKLM-x32\...\{8916D4AB-BBCB-4FBC-A203-B4C3144CF89B}_is1) (Version: 1.0.3 - Frontier Developments plc)
FSX REX 4 Texture Direct Configuration Tool (HKLM\...\Steam App 389350) (Version:  - )
GameSalad Creator (HKLM-x32\...\{293B129D-255B-40B2-B56A-CFAC5EE1777C}) (Version: 0.13.40 - GameSalad)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Grammarly (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\GrammarlyForWindows) (Version: 1.5.25 - Grammarly)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
GTA CAD V3 (HKLM-x32\...\GTA CAD V3) (Version:  - )
GTA CAD V3 Update (HKLM-x32\...\GTA CAD V3 Update) (Version:  - )
GTA IV: San Andreas (HKLM-x32\...\{1DE5BF9F-3FBF-4B5E-AA7D-48703391CE24}) (Version: 0.5.4.0 - GTA IV: San Andreas Mod Team)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HandBrake 1.0.2 (HKLM-x32\...\HandBrake) (Version: 1.0.2 - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP OfficeJet Pro 6970 Basic Device Software (HKLM\...\{7A0A124B-842E-4E81-ABA3-2489A487F713}) (Version: 39.2.1964.60632 - HP Inc.)
HP OfficeJet Pro 6970 Help (HKLM-x32\...\{D44AA899-466E-4455-8980-60CE82CA44C7}) (Version: 39.0.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
iDisplay 2.4.2 (HKLM-x32\...\iDisplay_is1) (Version: 2.4.2.16 - SHAPE)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intugame VR (HKLM\...\{DE1F4CA5-9C31-42EF-A314-11BAB622D452}) (Version: 1.3.6 - Intugame Ltd.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
KeyShot 6 64 bit (HKLM-x32\...\KeyShot 6_64) (Version: 6.1 64 bit - Luxion ApS)
Kinoni Streamer 1.49 (HKLM-x32\...\Kinoni Remote Desktop) (Version: 1.49 - Kinoni)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAPD Dispatch System (HKLM-x32\...\{D1402153-4DFB-4116-B047-B0ECACB53E00}) (Version: 1.0.0 - OfficerCourts' Mod Group™)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.4.2 - LoiLo inc)
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.3.1 - G17 Media)
Magic The Gathering Online  (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\01641bea2c75c522) (Version: 3.4.93.627 - Wizards of the Coast, LLC)
Male Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Male Voices for MorphVOX (HKLM-x32\...\{4419f073-ac2b-4267-87d5-d31ec072be19}) (Version: 4.4.41 - Screaming Bee Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MorphVOX Pro (HKLM-x32\...\{75B956F9-D72D-4929-B695-120D70E8AEE1}) (Version: 4.4.7 - Screaming Bee)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Fan Control (HKLM-x32\...\{4B27FEF5-0AA2-4D49-B26F-D6B5AF2205D2}}_is1) (Version: 2.0.0.3 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 4.0.0.06 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
NBA 2K16 (HKLM-x32\...\NBA 2K16_is1) (Version:  - )
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.5 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenIV (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\OpenIV) (Version: 2.9.906 - .black/OpenIV Team)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
Pixelmon Launcher (HKLM-x32\...\Pixelmon Launcher 1.1.56) (Version: 1.1.56 - Ikara Software Limited)
Pixelmon Launcher (x32 Version: 1.1.56 - Ikara Software Limited) Hidden
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
Planet Coaster Alpha (HKLM\...\Steam App 518340) (Version:  - )
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.3-r115627-release - Plays.tv, LLC)
Police Tactics Imperio (HKLM-x32\...\Police Tactics Imperio_is1) (Version:  - )
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Product Improvement Study for HP OfficeJet Pro 6970 (HKLM\...\{F0DA5336-AAEF-4ACB-9519-4B8DCAB8403B}) (Version: 39.2.1964.60632 - HP Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Quicktime 7.7.8 for Windows 10 (HKLM-x32\...\{868DD3D2-BA20-4760-8654-1046B1C950B7}) (Version: 7.78.80.95 - Not Apple Inc)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 r2519 - )
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.0 - VS Revo Group, Ltd.)
ROBLOX Player for Nick (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Nick (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum_is1) (Version:  - GOG.com)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\{924EAD66-F854-4605-8493-696DD59A113B}) (Version: 1.00.000 - )
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - KADOKAWA)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.48 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
ScoreCloud Studio (HKLM-x32\...\ScoreCloud) (Version: 3.4 - DoReMIR Music Research)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
SimpleIDE version 1-0-2-RC2 (HKLM-x32\...\{CE380BA3-F51E-4DCB-A068-216961358E89}_is1) (Version: 1-0-2-RC2 - ParallaxInc)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Snagit 13 (HKLM-x32\...\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}) (Version: 13.0.1.6326 - TechSmith Corporation)
Snagit 13 (x32 Version: 13.0.1 - TechSmith Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.1.0.2 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{8416C860-16F1-4763-B4DA-C24D460CD5E0}) (Version: 6.1.6.0 - Husdawg, LLC)
Tawk.to (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\Tawk-desktop) (Version:  - tawk.to)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Sims 4 (HKLM-x32\...\The Sims 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Train Valley (HKLM-x32\...\Steam App 353640) (Version:  - Alexey Davydov)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\UnityWebPlayer) (Version: 4.6.9f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
Vixen 3.2 (update 2) (64-bit) (HKLM-x32\...\Vixen) (Version: 3.2.153.2 - Vixen - Lighting Automation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014 2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.30 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zello 1.73.0.0 (HKLM-x32\...\Zello) (Version: 1.73.0.0 - Zello Inc)
Zoom (HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-AD1CF0E732C5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Nick\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3896182715-1549511042-1915770344-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0172BA6B-A688-4E80-8FF4-D54CD252299E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {019A62CD-1A3E-4E4B-839A-697DCF6C8419} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe 
Task: {123A7AC9-FA4E-4977-9667-0DD6B0CCA893} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {275FF375-FDEB-4965-A0A8-BD3DDA712A33} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nicktrick92@icloud.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {2D633B92-17BC-4E41-BFA8-9CB7A8F01322} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {33C83E38-2893-460B-AA36-7CEE7689A9DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3499580F-8871-4B3F-872E-41C76C1A8DB5} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-03-28] (TechSmith Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {38CE467E-4145-4537-B608-DE3F77649816} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3E1A377B-3A7D-4C0B-9212-5D96AD5DB888} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {41D10709-348D-4E8A-B243-59B3F08129CB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {478BAD1F-2EFD-438E-8821-9ED0BE80CDE3} - System32\Tasks\AdobeAAMUpdater-1.0-Nick-Beast-PC-danban502 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {4B319D2F-6C30-4990-8D72-A0A04F51D5B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {562E1CE2-9821-4F05-B258-FBAFAD1BC175} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {59B3A9A4-8396-4817-8385-FCCB77BA0BDB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation)
Task: {5B142475-D41C-424E-822A-C4D09AECA4B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {662532F6-0165-474B-A470-8BB0BD8C9B5E} - System32\Tasks\WMxBcy2UejWz0Tsd0cHX => C:\Users\Nick\AppData\Roaming\WMxBcy2UejWz0Tsd0cHX.exe  <==== ATTENTION
Task: {67BB3490-FD78-4550-8E8D-E14373AD7AFB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe 
Task: {6854C1C4-2F06-4B9B-B22B-DF2CEC99BAAB} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {6CB24161-3DE4-443E-B66B-DF1EA911A178} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {6D319DCB-14CF-4EFF-977F-A235C115784F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74E792F2-36BA-4928-A234-CBBD45546C2E} - System32\Tasks\winbppg => C:\Windows\SysWOW64\wintoplas.exe 
Task: {7634AA1D-68CE-4012-93B9-D8CBE563F363} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77835AFE-5DBB-4990-B6E0-F9C5182901E7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7A3563E7-0B7E-460A-B912-5941C9115552} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {83487490-8142-4503-BC79-6BFE4E948091} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {8489B6BE-B991-4A37-B109-EF92680A374B} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {84B1DB51-CFDC-48B5-A47E-8C9B04C52580} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {87A18150-C229-454C-8742-2D3E4FABA150} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe 
Task: {92E1FDA7-D82F-410B-9879-485A287AACB2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {978FA8BE-A6FD-494D-913B-CF3EB53458D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9CC147C6-CA95-4403-81C0-223BFE4C6B09} - System32\Tasks\{0D3B0ECB-6C3B-4117-8BD9-7801484D76FF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.7.0.103&amp;LastError=-3
Task: {9CDDD0CA-3EA6-4EA4-A9A6-8EE20B948D25} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {A5222855-1318-4369-83EA-6B052AD3DCE5} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-05-14] (Overwolf LTD)
Task: {B243B353-2751-4A96-9BEE-656AFABC511B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {B7B8C6D5-9475-4E9D-81EF-B74F858CDFAF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BEEC914E-889A-4875-9DB7-D4E5D46A6BF4} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 6970 => C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\HPCustPartic.exe [2016-01-18] (HP Inc.)
Task: {C1F8B71F-9AE7-41D2-9C17-6D7A2505DEDD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
Task: {CE118D5F-C76A-4070-873E-11607B3642CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-03] (Google Inc.)
Task: {DE84B80C-5496-42B1-A54D-2DC71B8626FD} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {E0D79C90-B7C9-492F-8FA8-9FFB368866B8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\WSCStub.exe 
Task: {EA4B5DAF-54DB-4FD9-8794-32C1EFA4480C} - System32\Tasks\wingtr => C:\Windows\wingtr.exe 
Task: {F2D2A5BC-B6F3-4442-8A06-4424499711A5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WMxBcy2UejWz0Tsd0cHX.job => C:\Users\Nick\AppData\Roaming\WMxBcy2UejWz0Tsd0cHX.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{DDD8797F-7C34-4681-9A37-ACB75BA7A51E}.job => c:\program files (x86)\google\chrome\application\chrome.exe Bhxxp:/ui.skype.com/ui/0/7.17.0.105/en/

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com
Shortcut: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyShot 6 64\Documentation\KeyShot Manual.lnk -> hxxp://keyshot.com/manual/keyshot6/KeyShot_6_Manual.pd

ShortcutWithArgument: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AirMirror.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=macmgoeeggnlnmpiojbcniblabkdjphe
ShortcutWithArgument: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-18 10:02 - 2016-05-18 10:02 - 00081920 _____ () C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-04-22 23:28 - 2017-04-22 23:28 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-04-22 23:27 - 2017-04-22 23:27 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-04-22 23:27 - 2017-04-22 23:27 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2016-03-16 11:25 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-05-17 13:22 - 2017-05-17 13:22 - 00689152 _____ () C:\Users\Nick\AppData\Local\vswjc\ct.exe
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-09 16:39 - 2017-04-27 17:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-05-09 16:39 - 2017-04-27 17:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-01 07:13 - 2016-07-20 18:19 - 00592384 _____ () C:\Users\Nick\AppData\Local\MEGAsync\ShellExtX64.dll
2015-04-15 13:13 - 2015-04-15 13:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-11-20 11:11 - 2016-11-20 11:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 16:14 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 16:14 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:14 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 16:14 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-09 16:39 - 2017-04-27 16:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-09 16:39 - 2017-04-27 16:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-09 16:39 - 2017-04-27 16:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 15:48 - 2017-05-09 15:48 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 15:48 - 2017-05-09 15:48 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 15:48 - 2017-05-09 15:48 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 15:48 - 2017-05-09 15:48 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-12-19 16:59 - 2016-12-19 16:59 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-12-19 16:59 - 2016-12-19 16:59 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-05-15 15:48 - 2017-05-09 02:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 15:48 - 2017-05-09 02:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-06-10 16:52 - 2016-03-23 03:02 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-06-10 16:52 - 2016-03-23 03:02 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 13:46 - 2015-11-24 13:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 13:46 - 2015-11-24 13:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 13:57 - 2015-12-07 13:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-05-24 19:00 - 2016-01-22 05:45 - 00086528 _____ () C:\WINDOWS\nick-beast-pc\mgwz.dll
2017-05-25 15:44 - 2017-05-25 15:43 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2015-10-16 03:02 - 2015-10-16 03:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-05-09 16:39 - 2017-04-27 17:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-05-24 19:00 - 00000918 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win10.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Snagit 13.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "asterctl"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3896182715-1549511042-1915770344-1001\...\StartupApproved\Run: => "SideSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E5D380DC-5217-4422-AE1F-426B4CC5FC9A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{572AEF4D-8E45-4DEC-BE28-945803A612C1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{56F84261-6A4B-4953-BA62-54C6805C4E8F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6CB2A336-9C08-4AF0-A78C-ECAD5642DBA2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{DBC78DB9-8195-4E18-BA53-35AC3B9F74BC}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [{06627F2D-8ECF-4D98-B00C-B12CD9FEF822}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{447D7440-DFF9-48F1-99F9-F6BC91F2DDE6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{110D51C7-405D-4659-90DF-C7DB237968E2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9890A60-52EA-4268-8132-1515126EC070}] => (Allow) C:\Users\Nick\Desktop\New FiveReborn\FiveReborn.exe
FirewallRules: [{E02EE446-5EBE-4B8F-A3D3-523555F0FA75}] => (Allow) C:\Users\Nick\Desktop\New FiveReborn\FiveReborn.exe
FirewallRules: [{2BB1009D-608A-4FD4-BA07-002099C393EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{CD4111D0-5DFE-4088-9A31-403FDA98AB1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{9AAB9207-FB0C-4630-8569-516B36BD2ADD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{B32F0E81-B9BB-444C-9811-C9B30F4250B1}] => (Allow) C:\Users\Nick\Desktop\FiveReborn\FiveReborn.exe
FirewallRules: [{735653E0-7FD6-4E9B-B839-B053971F867D}] => (Allow) C:\Users\Nick\Desktop\FiveReborn\FiveReborn.exe
FirewallRules: [{2528ACE7-7B59-4176-8102-E9F8E3C711DD}] => (Allow) C:\Users\Nick\Desktop\SoE FiveReborn\FiveReborn.exe
FirewallRules: [{D62E4A65-9807-4694-AA48-248F3A0C9D25}] => (Allow) C:\Users\Nick\Desktop\SoE FiveReborn\FiveReborn.exe
FirewallRules: [{E9A0FF0B-BBB0-4B7B-BDBB-6A76D6CFA240}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [{334AFFE2-4155-49B2-B9E2-334307AB3129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\911 Operator\911.exe
FirewallRules: [{C3CB419C-8C94-43FD-BE3D-C9DBE5BA653A}] => (Allow) C:\Users\Nick\Desktop\STAY HERE FOR A SEC\FiveReborn\FiveReborn.exe
FirewallRules: [{127E3931-275B-4C01-B9F2-2A665D627D68}] => (Allow) C:\Users\Nick\Desktop\STAY HERE FOR A SEC\FiveReborn\FiveReborn.exe
FirewallRules: [{434FF6A0-0DF5-48FA-BA9A-B6A778FCE33D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster Alpha\PlanetCoaster.exe
FirewallRules: [{77D7E3C6-063E-4C4E-8E4B-EF72DF28278D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster Alpha\PlanetCoaster.exe
FirewallRules: [{CAEDCF38-4625-486E-845C-2939E1EA6E27}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{7CCDC905-0C25-4CCE-9704-CD1B58C7EF20}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{ABF37ADB-5577-4DEC-9943-371445A806A1}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5194F848-5DF2-42D7-93D2-71AACDC0BD34}] => (Allow) LPort=5357
FirewallRules: [{BEA37ECD-24D6-4EEE-B7E1-293BE9F5CB0B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\DeviceSetup.exe
FirewallRules: [{C52558D7-A20C-47CA-BB8D-7D994FB6FC87}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\bin\FaxPrinterUtility.exe
FirewallRules: [{A7624BEC-6CAC-4794-8165-31CB28AD765D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\bin\SendAFax.exe
FirewallRules: [{983E540E-2275-423D-ADCB-BD54AD1C3A72}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\bin\DigitalWizards.exe
FirewallRules: [{9AC60692-8C3D-47CD-B8E6-4448204E5276}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6970\bin\FaxApplications.exe
FirewallRules: [{95DE5B14-5322-4D48-B8C9-1759F15CAF19}] => (Allow) LPort=8298
FirewallRules: [{63EA0263-7E1D-402E-B3F0-96AD2EB6F21E}] => (Allow) C:\Users\Nick\Desktop\FiveReborn\FiveReborn.exe
FirewallRules: [{88EDDD51-F8ED-4B48-81D5-4B3488F59D84}] => (Allow) C:\Users\Nick\Desktop\FiveReborn\FiveReborn.exe
FirewallRules: [{0CBD55F3-367D-41F7-86BF-19E495B0EAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{71983824-A50F-46C8-AE97-55BAD8509979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{84859EF2-0296-4909-87E8-7AB4D45FFDC3}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{E7994A98-4804-497D-9B59-CF0CAD9032BB}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{8E4F7076-A021-48BE-8C91-F3DDFBA887D1}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{47FF72B2-5BD0-4951-A450-E54A4C37CF33}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{AE5676D2-30FE-4B0C-8C71-F71C6EB3C93F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{1C7E0BD8-EB51-4055-B235-AFF005B8D5E0}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{18869E19-CBF8-4036-A16A-DC1204411F03}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{24D57D9E-2F52-4CAF-97DE-8BE1FCB53AC3}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{B1263A36-DD1A-4056-8E1A-18089EA12631}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{E3E89288-BF01-4623-90A6-599104FBB46D}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{8D4A560D-3211-4C51-AF79-D1FAD64A927F}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{C8C9802B-2CA1-4528-B46E-7BD2A5BADADA}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{851724E7-1EE4-4E13-ACCE-2F392B3DCDE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\Multifive.exe
FirewallRules: [{BD31F391-3B74-469D-9CAD-072A53A4F762}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\Multifive.exe
FirewallRules: [{1FCD2832-C8CF-4C56-8629-C9C640AEBF24}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot_daemon.exe
FirewallRules: [{33C1A0D9-BB18-45CB-8DEF-C82694B79B4B}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot6.exe
FirewallRules: [UDP Query User{9AE5AD3A-1A36-45E5-A0B6-7E2DEB7508B1}C:\users\nick\desktop\clean gta v c2cj\gtaiv\gtaiv.exe] => (Allow) C:\users\nick\desktop\clean gta v c2cj\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{D985F54A-9C56-47D5-8740-EA51043E0398}C:\users\nick\desktop\clean gta v c2cj\gtaiv\gtaiv.exe] => (Allow) C:\users\nick\desktop\clean gta v c2cj\gtaiv\gtaiv.exe
FirewallRules: [{3B496397-8BBC-49E0-93ED-10CE1D6FCA54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65DA45DB-0A9E-4A70-BF27-588297CD02B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{82A0A935-9C10-4208-A5CD-8190B69E5461}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6DB1F23C-82A7-4FCA-BCB2-B3B1567D9EF4}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C18C426D-DC73-40F7-AE33-EC366A10E25A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3930DFD4-50A4-45C9-B1FE-5697F421A116}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{06FD0124-1595-48ED-AC3B-EEB695D12B81}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{087D446C-1350-4017-A171-ADB0BA9EC013}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{AFF9AE07-76A5-4C65-831A-B4B0EC3E58D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{14A23F5F-0F98-463C-96E9-FCF4F09CDD35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{B40DE931-9BC8-4662-85DA-4ECACDF22559}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{BB97B7AC-F69B-400A-AFE4-B06CF92EDEDC}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{0FE2777B-248C-4B64-82E5-35FCB2D3568B}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{65E5ABB4-1DF1-4493-B6DB-D9E56D2088AA}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{90E84458-E2ED-43E9-90C5-2AD769A86482}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{417309CC-5780-4321-8668-703554F103EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{17DEE520-FA80-4997-8B21-749533FD7F4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{17F75D8E-B36E-4FF9-A091-A3CCBE32E836}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{28D56063-9B1A-4D11-BEFB-6CE948D8BE08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DDF81331-DC3E-480C-88A4-E6EF9C831A6F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B1A15711-5E44-48C6-A8E0-C8252FED124D}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{415FE667-B1E8-427F-9D2B-E9B57796886B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{257F275A-6F43-417E-A7C0-260FCE792F0D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{8253EC0E-CD62-4D92-B7F7-2504E0287F1B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{839A6892-73DC-4F81-A78C-949783847D44}C:\users\nick\downloads\grand theft auto v\gta5.exe] => (Allow) C:\users\nick\downloads\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{CA8411B8-78CE-49B1-AF91-B665A62CADEA}C:\users\nick\downloads\grand theft auto v\gta5.exe] => (Allow) C:\users\nick\downloads\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{B59D5024-3691-40ED-B171-737857A8230E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{653EFFAA-5EA7-4209-BE4D-0EC0F950E875}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0E3BC00B-9997-473D-B941-C7F30BA2CA8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\18 Wheels of Steel American Long Haul\alh.exe
FirewallRules: [{4D53BCF1-9D2A-4E6A-BEF0-55A0DA2DE3DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\18 Wheels of Steel American Long Haul\alh.exe
FirewallRules: [{56630176-4197-4467-9D4F-C9EE0FC3BBA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{69FBBA43-270A-4EEE-B658-1AD8EE493C53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{91B9B76D-2D97-4931-8E24-A5F7CCFC382F}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67B9144E-B878-48DF-8898-15E25796A5E6}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4BE596B9-1845-4FDC-803A-AE5084BD43CF}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFD4A315-13F2-446D-8CF8-D0C28AE05B38}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E72BE361-9765-4B45-9C7C-D0BBFC8E2582}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E80F4FF-C7BD-44DC-AEBA-3CE224AE477E}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A11C6FB-1A6D-4E7D-BF9D-85C5AE5C1A7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{67FA0A7A-694E-4683-8A4E-578B0E2432D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{6CABFBDA-0306-4AC2-85F8-E0483CB14AFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B775B943-0628-49E1-BD17-112A7E7CB660}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08C9F683-2C80-4AFD-9281-B5FD89CCD2E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C74C20DC-2477-4260-A1EE-6CACC21FD1D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1472D141-63C5-4DA7-AE19-799F41066F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{6D3A5343-810D-43BE-94AF-0EBD41274855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{601CE42F-F0E3-4550-9953-33B736FBCD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Train Valley\train-valley.exe
FirewallRules: [{58904EA7-E42F-423A-A612-32FE0D79716B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Train Valley\train-valley.exe
FirewallRules: [{0A67FBD9-D632-453D-85A0-07327E067577}] => (Allow) LPort=8317
FirewallRules: [{B7B4D13F-B054-4202-A71C-5BA6DA0E5F46}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{67D9AEBD-2D26-4537-ABF7-0DEDDCCA8A72}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C5E93C10-733B-4D10-9D10-17CC8F714359}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5A299C5F-77C5-47E7-9BE1-FA65E0F93624}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{62498741-7FEA-4A31-AA52-8462BACD487F}] => (Allow) C:\Users\Nick\AppData\Local\Temp\7zS8843.tmp\SymNRT.exe
FirewallRules: [{202C5923-D0E9-4003-BA2C-D6205051C249}] => (Allow) C:\Users\Nick\AppData\Local\Temp\7zS8843.tmp\SymNRT.exe
FirewallRules: [TCP Query User{7977E149-84CD-4E54-86A7-761C2452351B}C:\users\nick\desktop\animation stuff\cinema 4d r16\cinema 4d.exe] => (Allow) C:\users\nick\desktop\animation stuff\cinema 4d r16\cinema 4d.exe
FirewallRules: [UDP Query User{DA1661DA-8854-4796-A922-7FEBE2BD2B4F}C:\users\nick\desktop\animation stuff\cinema 4d r16\cinema 4d.exe] => (Allow) C:\users\nick\desktop\animation stuff\cinema 4d r16\cinema 4d.exe
FirewallRules: [TCP Query User{8D22610A-752F-4BC2-94CB-986D2ADF147A}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{3CB20CF3-AA47-45A1-AFD0-08CFC9F18708}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{95B24EA9-8053-4E5A-8588-23DB79828AF7}C:\users\nick\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nick\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B3B45C04-3DA0-4F84-B4B4-D68AC75B2FD2}C:\users\nick\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nick\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CDD090DC-CF41-45E4-B479-25534F3AE8D3}C:\program files\autodesk\maya2016\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2016\bin\maya.exe
FirewallRules: [UDP Query User{C3348A6D-5F41-4EDB-AADE-988BFE81DC56}C:\program files\autodesk\maya2016\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2016\bin\maya.exe
FirewallRules: [TCP Query User{07A8A9B3-FD3D-4BDE-9007-0E4358C50E38}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{BF8A1B3C-8CD5-4ABB-BF68-199416772FEC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{1695F3C5-23D7-471E-BD46-8B16C91E799A}C:\program files (x86)\idisplay\idisplay.exe] => (Allow) C:\program files (x86)\idisplay\idisplay.exe
FirewallRules: [UDP Query User{E9560F24-7052-474B-97A3-9FFAFB91E6B0}C:\program files (x86)\idisplay\idisplay.exe] => (Allow) C:\program files (x86)\idisplay\idisplay.exe
FirewallRules: [{05BE2C3C-92DF-40AF-91A2-23869E9E626E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{01826402-D951-4C04-9209-DB302B8C8568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [TCP Query User{83AE4B2E-186A-4A40-8BF7-F28759A8B85E}C:\program files (x86)\firewatch\firewatch.exe] => (Allow) C:\program files (x86)\firewatch\firewatch.exe
FirewallRules: [UDP Query User{8DC254A7-CF79-438D-B434-5C2244BD62A3}C:\program files (x86)\firewatch\firewatch.exe] => (Allow) C:\program files (x86)\firewatch\firewatch.exe
FirewallRules: [{505810F0-3EAF-4FB1-AB17-54C64DC002BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{863873B9-7457-40B0-B0B6-33FDDB246660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{85DD3CBC-DD78-43C3-B56D-8228634F9389}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8ACF50B6-9477-48A7-A64A-6424ABA99CCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E20F80E1-5C90-4E36-ACF3-32BBDA08D764}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{97CA5E3E-0893-464C-9D8D-B97FF7605213}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DF292797-3A39-41A6-839A-47AC54A37FC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enforcer\Enforcer.exe
FirewallRules: [{156DD866-38DD-45EA-9578-9BF041D685D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enforcer\Enforcer.exe
FirewallRules: [{9DD4D96A-8D86-4099-8375-F0B224DAF5AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{F9CA8A5C-199C-4090-A959-2B1B5C4D05F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{6B620019-C80F-4D44-88DC-46164ABC9EED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0BD783CA-1E55-4C3C-BD80-06E3557FE964}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B6EF2B71-F545-456D-ADA3-0C8551C85A65}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
FirewallRules: [{3634203B-8E7D-4C59-A795-930C22D91C3C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{23ECF7C6-4418-405F-B7C9-334990527480}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{FC990C5E-264B-4862-88E6-32CCFC3E2FCA}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{78E88485-669B-4EF1-AD3E-4E2607FC795D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{C2183778-97CE-4B5E-93A9-EDC1A2DC355B}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{DFA833DF-2F9B-4CF5-B743-CA878AC3C576}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{3B716E2E-03AA-4486-9272-A444FC8D6B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{D2C0382E-BFD0-4291-8996-51B2AC7F04BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{02411A1D-F38F-445F-92A4-C5EE3CC36242}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\DLC\379542\REX 4 Texture Direct\rextexturedirect_se.exe
FirewallRules: [{6AE9DB4A-7692-43A8-9FB7-7D4D04E1D617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\DLC\379542\REX 4 Texture Direct\rextexturedirect_se.exe
FirewallRules: [{9470F7C5-91BD-4B8D-AF8B-5BEF77872A8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3D4408E6-9EAC-4262-BF25-6A7A532CA229}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{812B3B3A-DB5A-4CA0-8E5B-A9B7FF44BE4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{7A6E1E5C-ADBD-4F33-962A-C08730FC6F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B4D3BC7D-26DD-421D-9AD7-887AD285CC59}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3 Launcher uninst.exe
FirewallRules: [{20B323B7-814C-491F-8610-BBB92E8B397F}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3 Launcher uninst.exe
FirewallRules: [{F4FBFE96-BD55-496C-8930-63B77E20E15C}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3Launcher.exe
FirewallRules: [{B5026631-79C6-47A3-A715-F07656049363}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3Launcher.exe
FirewallRules: [{0A4758F3-37FD-4381-9B5B-46FE3E810721}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3Launcher.exe
FirewallRules: [{D555C749-0795-400E-8E11-926274F3979A}] => (Allow) C:\Program Files (x86)\City Life RPG\CL3 Launcher\CL3 Launcher uninst.exe
FirewallRules: [{511EB93A-1552-4829-B28A-E4353A569937}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90A159FA-8475-459F-B269-9AA4E4C760BA}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe

==================== Restore Points =========================

20-05-2017 12:42:02 Installed XSplit Broadcaster
23-05-2017 20:24:40 Windows Update

==================== Faulty Device Manager Devices =============

Name: OfficeJet Pro 6970
Description: OfficeJet Pro 6970
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2017 05:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1074
Faulting application start time: 0x01d2d5b3d15a1a0d
Faulting application path: C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Nick\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: a6717b18-66ba-4877-aa88-1211fd36f6cf
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/25/2017 04:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program act_0515.exe version 3.5.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1708

Start Time: 01d2d5a97e320ec3

Termination Time: 60000

Application Path: C:\Windows\act_0515.exe

Report Id: 673dbe55-41a0-11e7-81c4-d0509961d8fd

Faulting package full name: 

Faulting package-relative application ID:

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (05/25/2017 03:53:38 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored.


System errors:
=============
Error: (05/25/2017 04:41:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/25/2017 04:40:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/25/2017 04:37:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/25/2017 04:36:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.

Error: (05/25/2017 04:34:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (05/25/2017 04:29:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/25/2017 04:24:41 PM) (Source: DCOM) (EventID: 10010) (User: NICK-BEAST-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/25/2017 04:24:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/25/2017 04:20:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/25/2017 04:17:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-05-25 16:37:46.246
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-25 15:53:53.419
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-25 15:53:53.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-25 15:53:50.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-24 19:36:26.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-21 17:43:24.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 13:41:06.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-21 13:19:57.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 13:19:44.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-20 12:19:53.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 16335.05 MB
Available physical RAM: 9513.77 MB
Total Virtual: 19919.05 MB
Available Virtual: 12564.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:40.98 GB) NTFS
Drive e: () (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7F55BCFE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Edited by hamluis, 25 May 2017 - 08:26 PM.


BC AdBot (Login to Remove)

 


#2 nicktrick92

nicktrick92
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 29 May 2017 - 11:29 AM

Alright, so a quick update on the situation... I ran MBAR a couple days ago and it found all the viruses in 2 folders inside my local AppData folder. I don't remember their names, but they were named in another thread of another virus somebody had on these forums. Now, I am encountering a new issue. The file "act_0515.exe" Is still being created during each startup, but it throws a KERNALBASE error in the event viewer and crashes my windows explorer. Here are the error logs I get in EventVwr:

EVENT 1026: .NET Runtime

Application: act_0515.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at System.Management.ThreadDispatch.Start()
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at Rational.MyForm.OSStatus()
   at Rational.MyForm.InitializeComponent()
   at Rational.MyForm..ctor()
   at <Module>.Main(System.String[])


and

Event 1000: Application Error

Faulting application name: act_0515.exe, version: 3.5.6.0, time stamp: 0x5915ea59
Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0x28e9cf15
Exception code: 0xe0434352
Fault offset: 0x000eb802
Faulting process id: 0x2314
Faulting application start time: 0x01d2d897f0b8cc46
Faulting application path: C:\WINDOWS\act_0515.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ffacef67-dbf5-4676-8d0d-c099a8a61086
Faulting package full name: 
Faulting package-relative application ID: 

Like I said, these errors, which pop up every 10 minutes, give or take, crash my windows explorer, causing my computer to be left with a black screen. I am, however, able to get to task manager and open up windows explorer again, but it just crashes 10 minutes later! I believe this is still linked to the Windows Activation virus (act_0515.exe, which keeps creating itself after deletion) since that virus would crash explorer so that you "couldn't" get out of the virus popup. By the way, I found out that act_0515.exe has a signature regarding "Nitro Ads INC," so I know it's a virus.

 

Please let me know if you need anymore information,

 

Regards,

 

Nick M.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 30 May 2017 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647669 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 AM

Posted 04 June 2017 - 07:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users