Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Malware (Browser Redirected to Prizemediayou.com)


  • This topic is locked This topic is locked
12 replies to this topic

#1 Akureyr

Akureyr

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 03 August 2018 - 05:05 PM

For the first time in a long while, even with Windows Defender (Real Time protection) enabled and Malwarebytes (albeit free) on, a Chrome page I was on (an Internet forum page which had a green "Secure" icon in the upper left corner) redirected to what was clearly a phishing/malware site "prizemediayou.com"--I didn't click anywhere on that page (I just closed it), but I want to ensure my computer is completely free of any associated malware software. I've Googled around trying to find out how this malware gets to browsers, but was unable to find anything, so I have to guess it somehow came from the Internet forum itself despite the "Secure" icon in the upper left.

 

What steps should I take to ensure it is not in my computer or Chrome browser anywhere?

 

Why did my Malwarebytes and Windows Defender PC scans (after I closed the browser with "prizemediayou.com") not find anything?

 

And what steps should I take to ensure this malware doesn't affect this computer? For now I've installed the Chrome AdBlock extension.

 

NOTE: This laptop I'm currently using isn't the HP laptop I posted about previously which had a potential virus infection (see https://www.bleepingcomputer.com/forums/t/680873/virus-may-be-blocking-internet-access/ ). The laptop that is the subject of this thread is an Asus PC with Windows 8.1 installed on it)

 

EDIT: I did have several other browsers up (Gmail, YouTube, Facebook) when I first saw the malware page. So I am unsure if it was the forum page itself that was the source of the malware, even though it was the Internet forum page that redirected to the prizemediayou.com page.


Edited by Akureyr, 03 August 2018 - 05:14 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:16 PM

Posted 03 August 2018 - 08:27 PM

Please provide the FRST data requested at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

 

Louis



#3 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 04 August 2018 - 04:41 AM

Thanks for the reminder, in my panic I forgot. Scans below:
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Justin (administrator) on TABLETOP (04-08-2018 11:37:03)
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\System32\InputMethod\KOR\KorIME.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_181\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2014-01-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Run: [BingSvc] => C:\Users\Justin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
Tcpip\..\Interfaces\{25A095C6-C578-4367-A8FB-614C2C766CFD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68A2DD0E-0697-41E1-AFB7-494D5C6D0CC9}: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
 
Internet Explorer:
==================
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ww
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-17] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
Toolbar: HKU\S-1-5-21-1386187955-881786914-96266419-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-17] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-09]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-09]
CHR Extension: (Dropbox for Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (AdBlock) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-04]
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\System Profile [2016-05-10]
CHR HKU\S-1-5-21-1386187955-881786914-96266419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-31] (Dropbox, Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [920616 2016-08-08] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-08] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-08] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-03] (Malwarebytes)
R1 MpKsl6e6b18eb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{300B0067-5D1D-4C56-822D-B99CF2823599}\MpKsl6e6b18eb.sys [58120 2018-08-03] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 11:32 - 2018-08-04 11:34 - 000111294 _____ C:\Users\Justin\Desktop\Addition.txt
2018-08-04 11:30 - 2018-08-04 11:37 - 000013615 _____ C:\Users\Justin\Desktop\FRST.txt
2018-08-04 11:29 - 2018-08-04 11:29 - 002412544 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2018-08-03 23:35 - 2018-08-03 23:35 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-01 21:00 - 2018-08-01 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 03:25 - 2018-07-31 03:25 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-31 03:25 - 2018-07-31 03:25 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-31 03:25 - 2018-07-31 03:25 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-31 03:25 - 2018-07-31 03:25 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-19 21:14 - 2018-07-19 21:14 - 000283967 _____ C:\Users\Justin\Downloads\Athens Tour Restaurant Vouchers.pdf
2018-07-14 22:23 - 2018-07-14 22:26 - 081277058 _____ C:\Users\Justin\Downloads\Freesound Byzantine Chant.wav
2018-07-14 20:23 - 2018-08-04 02:19 - 000047501 _____ C:\Users\Justin\Downloads\Juris.aup
2018-07-14 20:23 - 2018-07-14 21:28 - 000000000 ____D C:\Users\Justin\Downloads\Juris_data
2018-07-11 21:30 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 21:30 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 21:30 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 19:56 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 19:56 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 19:56 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 19:56 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-07-10 19:56 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-07-10 19:56 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-07-10 19:56 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 19:56 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 19:56 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 19:56 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-07-10 19:56 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 19:56 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 19:56 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-10 19:56 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-07-10 19:56 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 19:56 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 19:56 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 19:56 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 19:56 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-10 19:56 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 19:56 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-07-10 19:56 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 19:56 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-10 19:56 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 19:56 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-07-10 19:56 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 19:56 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 19:56 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 19:56 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 19:56 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-10 19:56 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-10 19:56 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-10 19:56 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 19:56 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 19:56 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-07-10 19:56 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 19:56 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 19:56 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 19:56 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 19:56 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-07-10 19:56 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-07-10 19:56 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2018-07-10 19:56 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-07-10 19:56 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2018-07-10 19:56 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-10 19:56 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-09 00:51 - 2018-07-09 00:51 - 000591713 _____ C:\Users\Justin\Downloads\Adventure Sheet books 1 through 6.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 11:37 - 2016-06-25 18:44 - 000000000 ___DC C:\FRST
2018-08-04 11:31 - 2016-05-09 00:22 - 000003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1386187955-881786914-96266419-1001
2018-08-04 11:29 - 2016-05-09 20:53 - 000003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F08277D-6063-4C19-9113-6820952880B9}
2018-08-04 11:28 - 2016-05-09 00:19 - 000000000 __RDO C:\Users\Justin\OneDrive
2018-08-04 11:26 - 2016-05-11 16:36 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-04 02:21 - 2018-03-28 23:11 - 000000000 ____D C:\Users\Justin\Documents\Audacity
2018-08-04 02:19 - 2018-03-24 22:56 - 000000000 ____D C:\Users\Justin\AppData\Roaming\audacity
2018-08-04 02:02 - 2016-05-11 16:36 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-04 01:17 - 2016-05-09 21:38 - 000000000 ____D C:\Users\Justin\AppData\Local\Battle.net
2018-08-03 21:28 - 2016-05-09 21:27 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-03 21:28 - 2016-05-09 21:27 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-01 21:00 - 2016-05-11 16:36 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-22 23:28 - 2018-06-07 21:37 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-22 12:11 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-07-17 22:47 - 2018-02-10 18:02 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-17 22:47 - 2017-12-16 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-17 22:45 - 2017-12-16 00:21 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-17 21:34 - 2014-11-21 10:44 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-17 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-07-17 00:02 - 2016-05-09 20:58 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 00:22 - 2016-05-11 16:42 - 000000000 ___RD C:\Users\Justin\Dropbox
2018-07-15 21:51 - 2017-12-16 00:17 - 000000000 ____D C:\Users\Justin\Downloads\JaFL_106
2018-07-15 20:11 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-15 20:11 - 2013-08-22 16:44 - 000362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-15 02:08 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-07-15 02:05 - 2016-05-10 01:12 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-15 02:05 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-07-14 21:42 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 21:42 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-14 21:36 - 2013-08-22 17:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 21:15 - 2017-03-03 00:03 - 000004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-11 21:15 - 2017-03-03 00:03 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-07-11 21:15 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-11 21:15 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-11 01:09 - 2016-05-09 23:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 01:02 - 2016-05-09 23:56 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 19:54 - 2016-05-25 19:15 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-10 19:53 - 2016-05-25 19:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-10 19:48 - 2018-05-10 14:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
 
==================== Files in the root of some directories =======
 
2017-08-29 22:16 - 2017-08-29 22:16 - 000000000 _____ () C:\Users\Justin\AppData\Local\{FD8EAFC0-CB23-47D4-A862-DAE926F7E788}
 
Some files in TEMP:
====================
2018-07-17 22:43 - 2018-07-17 22:43 - 001906040 _____ (Oracle Corporation) C:\Users\Justin\AppData\Local\Temp\jre-8u181-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-27 00:49
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Justin (04-08-2018 11:37:52)
Running from C:\Users\Justin\Desktop
Windows 8.1 (Update) (X64) (2016-05-08 22:14:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1386187955-881786914-96266419-500 - Administrator - Disabled)
Guest (S-1-5-21-1386187955-881786914-96266419-501 - Limited - Disabled)
Justin (S-1-5-21-1386187955-881786914-96266419-1001 - Administrator - Enabled) => C:\Users\Justin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Discord (HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.146.1 - Intel Security)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {056B3ABA-2472-4427-BB24-C17601AEB721} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1EBAF5FB-167F-4B1E-9D15-B7708B535011} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
Task: {29CAFE71-9C60-4644-A385-B341905BE343} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-06] (AVAST Software)
Task: {2FB21EF4-5E9B-44B9-BEDE-8D67538D942F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
Task: {2FB488DD-2592-4441-B735-7C9B3A2777A9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {539F0270-1973-494A-834F-1B570793EAA1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {5843D15C-1789-4F53-8AC9-E62386F5099B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {61D14068-6B3B-4179-A7B2-1E87E7A13E84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {64169C5A-1ED3-44CB-AAC7-D7AFC1505DBF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {77AC6FED-5984-49C7-AB6D-383AFE742BE1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {8E85285E-50BA-46FE-B39C-5BBC8EFCEB5E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {9E6DA01C-9F5C-4941-A99E-3797D01DEBD6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {AB3F4B82-9687-48BC-8EC3-5707E48B7D4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {ADA2C393-4C38-4BD2-B5AA-78092B38ECE9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {BCC2B6C2-E247-45AF-AD45-83929E7DEB9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-18] (Realtek Semiconductor)
Task: {C3E92032-7380-44BF-BC1A-AD3F9D868AE3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {CD6F17FC-A2F1-4125-A074-AE407C2A449D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {F40E96A0-1FD3-4E32-97CE-BECC823C3832} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-07 21:37 - 2018-07-22 23:28 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-03 21:28 - 2018-07-31 01:32 - 002682200 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\swiftshader\libglesv2.dll
2018-08-03 21:28 - 2018-07-31 01:32 - 000148824 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\swiftshader\libegl.dll
2016-06-24 19:18 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-24 19:18 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-24 19:18 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-24 19:18 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-24 19:18 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2018-08-01 20:59 - 2018-07-31 03:25 - 001108672 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-08-01 20:59 - 2018-07-31 03:25 - 002247872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000021704 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000135840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 001881816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000111760 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-08-01 21:00 - 2018-07-31 03:25 - 000103576 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000069320 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000080064 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000400016 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-08-01 21:00 - 2018-07-31 03:25 - 000024728 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000043680 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000021656 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000125080 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000114848 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000392392 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000030432 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024736 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000175768 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024728 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000026264 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000048800 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000058016 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000024784 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000022728 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000026336 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000070360 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000025296 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000029904 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 003866304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000089272 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 001800896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 001960640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000028824 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000155856 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000521920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000051400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000043720 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000131264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000220872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000205512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000061080 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000056536 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024224 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000025304 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000028392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000348312 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000102088 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000024800 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000026840 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000036496 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000181432 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-08-01 21:00 - 2018-07-31 03:28 - 000031952 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000024752 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-08-01 20:59 - 2018-07-31 03:26 - 001638576 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000027352 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000547008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000360128 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2018-04-01 23:05 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 62.2.24.158 - 62.2.17.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\StartupApproved\Run: => "BingSvc"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{29403582-11E4-4607-AB5E-9FA471626746}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{02CC22BE-9969-4B70-878B-CDE48CD15540}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A907F235-6252-4BDE-82E5-00BA893BC89C}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2F27DF89-99E6-4301-93AC-4D2E392D8F20}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7D6D9721-6D43-4181-87FF-6089F0C4AD49}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{637A26B2-ACAB-48B7-B6A4-3578D2CBD9B7}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{1DAFCA5E-276E-4EB3-AB97-B558CA88D506}] => (Block) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{BEF12E73-1B24-4642-BEC8-B19A12D9BED2}] => (Block) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{50A84A39-AB33-499A-8D22-C45FF1ED1B47}D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{91BF274D-9CD4-463D-B25D-1CF42D667779}D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{B58603D9-92BA-44AC-A32D-D3BF56D3CD37}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7340C4FE-7ACD-4EAD-AFD0-A86B206584B6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12B86213-7B18-46C7-B758-5388CA22B4AE}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D3FBCEA-F49F-4B86-9800-7F41D8ED1BAD}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2456322A-031E-4682-A86F-758CA7FFCA0D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Twilight Struggle\TwilightStruggle.exe
FirewallRules: [{4C687FE8-E9FD-4A58-A7E5-041ADF307EF8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Twilight Struggle\TwilightStruggle.exe
FirewallRules: [{9101916C-D858-441A-AB2B-6B52D14CFEE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{51B4CA62-36B0-4D49-9D24-638CDE80A7A1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [TCP Query User{886AE4D7-9B5A-44BF-B5FB-DEF5C03EDDA1}D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E77279A4-2F1D-4757-9905-151A1F6782C4}D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8BAFC796-58ED-4622-981D-386DF0A285F8}C:\users\justin\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{50D01BCE-B4F9-438D-B9BA-B871E535BF68}C:\users\justin\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [{799BB178-E156-4B5D-A326-F805B00F6100}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [{01B00722-2AF2-4CB6-8E5D-C7DC83E3D26B}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{95E6C4CB-0F02-45EA-A5B3-AB5F85DEEE92}D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{687982ED-D7CB-4A6F-B7EA-CD0D20C537DA}D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [{DC15B152-E15B-49A3-B966-A0C412961E3F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [{CBFBB42C-DBBB-4F40-B692-45F838769342}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{746A1B53-9FED-4CE2-8A50-513077A3C0BE}D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B368F9DD-049D-4007-8FD7-0FF9CC62EE3E}D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [{237218EC-8607-488B-BD61-5E46AAC08EF0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [{E5444224-F410-49CB-8BB3-6A25617362BE}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3AF577FA-7981-40A0-AF41-9583FB888F73}D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FDFDB109-7076-4E1F-820B-9BED7E4C6685}D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{67944EB0-D7E6-4361-9619-4F144A4F05CA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{62C5DE3A-4039-4841-9267-05A4198F9388}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3BDFAE4C-5F65-4FD2-B8F4-74F4222EC976}D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7455B4B6-55DE-4C71-976F-AC28C7B682EF}D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{645FE9B3-D727-483F-B0C2-9E59A1F1776C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{E506F3D3-82D3-4C8E-B47F-34B75656B120}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A3A5F65-8FB6-4F0C-BB66-CDCCE2E6C760}D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A3A462F9-79FC-4196-8A51-A4CA937145A7}D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{65D3C04C-ACEB-4061-8E07-534767A0A503}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{6D466A70-DC0F-4B19-B904-5178F4F52F5D}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{6B20E23E-6F89-4AA5-8733-C3F5A06637E4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7CD96D20-7949-4096-91AB-694CFEF9CE25}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{7EA591AF-46DC-4EA5-8B4B-2DEAD55EA1FC}D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4A2BC49A-2CBD-4E2C-A2DF-AFF6DC8C3415}D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [{C5A4F42F-2499-42FF-87B9-DC30C03BBB6A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [{54789CC2-1307-4626-9158-2447D6070B08}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3112F4A6-25B6-4395-9840-231F96910A64}D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3BD5D83B-8870-440A-894F-B07855F2DFF4}D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{D3A7C6AA-1D9E-4F48-9311-872AAF985D58}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{8865B77C-C381-40DE-A7F3-EE857B9B4CB2}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{270629D1-2247-411F-AA50-AE102F73130B}D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{83A4C224-F505-43BA-BF0F-AD992D153441}D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{997B10B0-CE03-4209-AFA1-4D1A7B88674B}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{ED2C6FC2-0648-4872-A2E5-DAD2148DF4F1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{DFAD3246-00C1-46F3-826B-63F248554DF4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{796019A5-8B7D-4D05-A8D6-5332711FF7B1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{F463E209-481A-45BC-888E-4355979D9707}D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8C6F065C-7DE1-46D7-AA3E-411604EC4E13}D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{A0AC7741-50A3-46BA-BFC8-94C5F792BF28}] => (Block) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{26CE5BDC-D572-4B53-92B4-7C18E22BF369}] => (Block) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{073C1C1E-B4D1-4419-A9E5-573BA7DCFABC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{D088D97D-6378-4AC3-ADA5-688E1D804F7C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [TCP Query User{1441FBC6-9E8A-40DB-87EF-EDDAED0A2384}D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{710337F0-2E01-45E0-AA27-8515CCED8263}D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [{794D9376-D782-4F93-BDC3-82691A051F63}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [{E6C96126-92AD-466E-8140-A418E503323C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{56DF63A8-8F9D-49B1-AFDE-306C7FF02DC0}D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{62F464CE-5754-4BD6-BF7F-DA569BE81622}D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [{B711BA4D-7E80-4578-AF42-1718832BFB1E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [{734B3D5B-963F-43CD-89AE-4E679002765D}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A513A1DE-6609-4A7C-B1A6-A9D3978C99B4}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A2501FB4-0170-4216-B085-E2770A3AB341}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{B5AC2D34-E5FF-4685-8687-B4BCB78784FC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{ABE728DC-0F58-40C4-9B1D-75B352F114FF}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A72E29E-7173-4FF5-B952-BACF10CA4CF3}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D1BE9A14-49CE-4C8D-B458-C83D7EADF3A5}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{55F27970-7451-4582-8752-FAC941E474DA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{063CB813-E379-4E98-9CF1-DF9036958747}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{6CF846F2-1A62-42AE-8591-22CF0C83702F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{7A14621E-3813-4D27-A319-C37C08FBEED5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [TCP Query User{9865E2FA-E46F-425E-9957-7ED742572FB2}D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{89ED499A-846E-49CF-A84B-7F9286885AB4}D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [{D04E46FB-8B93-4060-B582-1955057F5441}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [{75F3B364-0006-4577-BE5C-535CD16A7B0E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7125B7F9-A0E7-4541-8C4E-81D6805B89E2}D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{74DF8C68-1832-4B1E-BD0D-26164E274471}D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{D38DE499-EF1E-41CD-A078-9B34AE49EC5C}] => (Block) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{9C7645BE-7493-42C8-8A1D-672A954FC692}] => (Block) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{AC87B0AE-1FF7-4C80-9B87-AB1A82A112C9}D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D1B050F3-2CD7-4DAE-AF64-BB210E721D1B}D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{772D66B9-E5F3-4AD4-A272-75C7DBC8840A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{724C361B-5963-491A-A116-0FF86BE9880B}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6EC22DEA-4FB8-4BA1-B058-831E527DD5AE}D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B99A1A8A-53E4-4FDA-9915-B27EC4175B13}D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{E46F49BE-AEDB-4899-8DF0-579ADE74D713}] => (Block) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{6C5CF84D-1D03-4908-9664-6D4A544FCF8F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4335FCAE-3534-42ED-9AE0-6A114E3D01E5}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E839852A-E060-4CE9-A873-FC68080A1C96}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E14F21DD-F8DA-4B24-B735-D382639041BD}] => (Block) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{DF36550B-3BBB-4934-A190-C9974C36C704}] => (Block) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{36987DB8-CB89-41C6-9768-8288058CEF6D}D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{35B8E37A-AF77-4892-A691-14297F8B1035}D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{03F3E8D7-970B-4DA3-806C-4904C3A632A3}D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7B40989A-4E92-447C-9482-EFCFF97A3C91}D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{27109A1B-34C6-4084-A2AB-09AE6D860A2B}D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe
FirewallRules: [UDP Query User{368118B9-29E3-480F-9B0D-F2521A60B55C}D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe
FirewallRules: [TCP Query User{1382CAFD-742F-4601-BAE8-501B236CEE6E}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{1FA4A19A-288F-4DFD-9B9C-36FE2F1F67E2}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [TCP Query User{9847408D-08EF-4CBB-91D5-3F97A1BCD605}D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AAE5D673-C23C-4CE8-AEB3-4E9009DEAC5B}D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C67F2500-90EE-4D28-B400-177DE9B739FA}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{326DCA9E-7DED-40BF-A86C-5A723F06F261}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0CF7BC59-EC8A-4503-A3DE-35F3349EC476}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5758F455-3D37-4BAD-A41D-FE30DF679E42}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DB8ACC76-4CA3-4936-8112-5BEC37C2C433}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{C3FBCBD6-5EBD-4AD4-8C4A-AE7D2BEA1952}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [{DC41F842-D30B-4DFC-B594-561D9BB76EF5}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C74316CB-FC1F-41EF-B19E-9E06D12C122C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{9044DAB9-ACEB-4F86-905D-EFF7671242F2}D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{689A25F9-373F-4B37-8BB4-4255D5E0CBF7}D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{D84490F6-F4DB-4013-8E37-C2B27B93F587}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{32CC86C6-166F-4352-8150-6EDB58C05D23}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{825480E9-C2BB-4F4E-97E8-4AB52C0CD1F4}D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FB309166-6718-4C2A-B0E6-5572D456F510}D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{86E8B669-DA71-4AE1-AE74-35A0F7E73CE1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{37497EA1-18D8-4F40-B752-FFD3D59E5670}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{23EE9E28-F6E1-48BA-9168-1E701B601ED8}D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{75610CAB-81F2-4941-84CF-D6B4A3CA6BBC}D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{1BBDD4AF-0689-44F2-BE13-8A3A3B7081C7}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{DCB710E4-647B-47B8-9BE7-FEBF876E9E12}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A38C67B9-55BC-48FA-9C17-6E23CD0C2072}D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [UDP Query User{8291E923-0489-4EEE-BDFA-6739AF378206}D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [{C8F8940B-AE30-4182-9E34-C341F7302D14}] => (Block) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [{82B86403-761F-422C-AAAA-A0C513D02AB0}] => (Block) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [TCP Query User{23485C56-A1C8-411B-87A3-8D7A3BABB523}D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{879222D8-9F2C-4862-9973-99B8562D6E5D}D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [{AAD3EEA7-992C-40B6-BA3D-4796263D67C3}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [{CD7C467E-4C6A-4F16-AA4E-4F8061C46E82}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4F4653E6-DB31-4955-BCDC-67C6B18D0FCB}D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{44395774-9859-4124-9A55-8388B3AC1E14}D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{44F0BF1F-FE36-43C9-9D5A-01BD1E569A6F}] => (Block) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{9A205E81-CEC3-48E0-9EE6-196E82B42E43}] => (Block) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{5C250F68-8B7E-49E3-92FC-91C991DA07AF}D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C7A6B65E-44D7-4DDE-AC7D-78417EFA39FA}D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [{184FA379-4C0C-4BD2-A9F4-2BDFC5377E10}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [{53933444-8B68-4DD2-9979-1587BBF8958F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F606D773-0430-4C56-B14E-4A8F8C940E2B}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95BA1B17-2FD8-4C1C-89C8-7BD1FB09AE4C}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{72662A6A-6F8D-4467-9F9C-DE88F64CF4CD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{5976B299-F83E-4323-A64C-3FECB39C0841}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F7CC587E-D990-4B1E-9DC6-C2EB595CA72B}D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{1A57A12F-9EDC-45A6-BA0B-BFB0DEF509BA}D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{E75C6009-ECB0-4412-BD58-71006B49D53D}] => (Block) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{CDD77AC3-1B9F-4D8D-BA83-B36A47B71F30}] => (Block) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [TCP Query User{5C5AE4D4-6C15-4EF8-8DC8-28253E6CFB64}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DDEAE433-1D1B-40FF-A5A9-91A29B8D86A2}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{8B4E1628-9268-4147-9C2A-DDAFEE44F773}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{015152A4-E418-4683-A6D8-3443CEE659F0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{69F5A6AE-8CE4-47AE-86AD-60CC1613CDE1}D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{E6368E51-8F76-4F67-84D0-E8BED8D93450}D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{C4B56912-1FAB-4E6A-8269-86036651E158}] => (Block) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{A117ADE6-02BE-4240-B350-F53DBF82C5C0}] => (Block) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{2F4D6B0C-56B4-4C6D-A583-4A7CE34579CA}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{58A3DC6B-C7A8-451D-BDF7-304A48B4FEA4}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{4DC70EE0-7C2B-439A-B9FA-30D3FFEE80CC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{DCC08F79-AE76-4EFE-B58A-DDAF53A36BE9}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{504AA4D2-506B-4EB5-8EA6-0683F87AF6D8}D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EE77BE70-F9DD-493A-ABB8-3C91AD872F51}D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{E5F2EE12-9552-4C99-B701-482DFE3D0D60}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{E7BBBD86-EAC4-44ED-A143-D92BCCE109AB}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FE61046C-9BF2-4890-AAC2-35328F66B6A5}D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [UDP Query User{2729E212-9E65-4C14-A60A-81E61CE15776}D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [{B989B74C-3C67-4FB6-AF5B-5A06028907EB}] => (Block) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [{B94E6180-D21B-4423-AC32-75C9DC27AE9C}] => (Block) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [TCP Query User{7FCB1A2D-0758-45C2-BA03-75F948F46489}D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0A7AC4EA-F44D-492C-9831-EC4B9B944051}D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [{23201BAC-6CAA-4C13-9BE2-340384068C20}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [{26AEC1E6-7A5D-44C5-AEC8-E1038099C2DC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B8D96B8E-AE95-4E04-BFA9-14184563897C}D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [UDP Query User{20C22B33-1077-483A-85EB-4802A0A507A2}D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [{EE432C05-ED4A-4E33-8099-19436ED6C349}] => (Block) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [{E07B4861-893F-4313-91F3-85871862DF61}] => (Block) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [TCP Query User{7002D1E4-06EC-49B5-89BD-4089264E392F}D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{744BE3E7-48C1-44F6-A20D-0282A20F8544}D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [{2342511D-56F5-47F7-A190-4E49B0427093}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [{A87672EC-57CC-4DA7-AA0C-FDB366784937}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{22C95917-B42E-459F-BDAE-4C40D54CF172}D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [UDP Query User{9BD2E7C5-A2BF-47BF-9909-E108A389A47D}D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [{788B6AE5-F0C5-4714-ACD3-8B27AAB4565A}] => (Block) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [{6B0A7EB7-27CB-4B0F-A68C-813B8BBB8AFA}] => (Block) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [TCP Query User{6E37EB09-10F4-42C4-8E86-BE62948BEB93}D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{278016F1-8A75-4DA6-B7C9-4DED7D22BF94}D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{66E19672-1A22-4C9C-BC6B-B91F1BCD3019}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{36526C9B-E8EB-4A78-8820-DB698554CBE2}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BC929206-6015-4468-9709-B93C131393D7}D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{185A6F0A-4CDB-42E5-B51E-DC82094D0805}D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{1CED8F51-E197-4411-9E67-CDA2F9A114C8}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{BC071CB2-80B9-42DF-AA31-6E48C73852D4}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{46165159-1C74-4411-A5B0-E4123E50EA74}D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [UDP Query User{A7FA38CF-30C6-40DE-9DF9-843B64C2531B}D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [{68D52678-40C4-4BEB-B202-AA1ACFEBBCFF}] => (Block) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [{5BDBAB89-3CF6-468B-920A-AF592ED410B0}] => (Block) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [TCP Query User{AA40C2A6-749E-4407-ACEC-5DADE3783917}D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CB5B2DCB-33CD-4C82-9F3A-BF2F9E3443AF}D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [{A888C8ED-E87B-4FE6-9383-8AF7074A6521}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [{61399DE1-9F67-40C4-B05E-B168592BD2A1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{534B350C-F4C8-4F38-8820-9D46005D0349}C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [UDP Query User{5F2FB698-AA13-4C55-9900-148AECA590D2}C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [{3EF594B6-231A-4B24-B0EF-1F2F7C2F4659}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [{5B41CEA2-CDD7-4370-9AA7-98598672ECE8}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [TCP Query User{D6600B30-6265-4406-A4AE-E4220380A201}D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [UDP Query User{66801A4E-BE5A-44E8-ADD3-DF52DE81DF82}D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [{B79C947A-C1E8-4DE5-92C6-CD63482377D0}] => (Block) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [{9678E61D-2D6D-407C-BF82-F03FE0A5879B}] => (Block) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [TCP Query User{72870F75-798C-4093-BCC0-678E1180DEC4}D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{239D86C9-4532-4F98-813F-8A7992C685FD}D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [{B1566B08-23D6-48EB-B730-4871593C14C0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [{8266A776-557B-426E-A8C4-242462604EB1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{548EECE1-F0DA-41D4-A131-D1201DA3417D}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FE6473E5-565A-44E3-B282-D00F56488F44}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [{5975C76B-F18A-48EF-9692-7A2CDDF11337}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [{BBB5DAAD-D3FA-4C3F-92A4-10D079EF880F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C7F0A7D3-83AD-4B44-8D50-5DBF749051DF}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{946F7F41-8967-408B-8BB4-3936E3640ABE}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{E44723AF-73C3-4260-B69C-346CE23DB4CD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{8D626015-AD5E-420A-A230-A00B50FE659F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{92C21052-4883-40F6-A370-0C5EC95D8DA9}D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [UDP Query User{8143982D-2686-4260-85CD-255E8209D309}D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{31B13F5E-85E2-425C-BC18-06969C92A9C8}] => (Block) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{D0B54CB9-1990-4C66-9CE9-74A2F2871887}] => (Block) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{DB9497A4-AF65-4241-9415-615C368D2981}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DF3F88DB-EC63-4520-9ACB-69D6AC20FDA7}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [{BAF657AD-592D-4371-BC5C-C388BFD5EA0C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [{807B3C3C-F147-4CB5-8599-3748E5D61036}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{34EE0862-5670-4A62-B97D-2CC266AE0B7E}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8080F0E3-696A-49DD-AEB3-E0F72D699A03}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{364B7C04-9AA1-42BC-9D89-F71A8E2CD7C4}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{9A66ABAB-50D9-4D46-8796-284931666C99}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BE925B5D-5268-4EA8-958E-69C4DC06069C}D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [UDP Query User{0D1D6FD9-F401-472B-8366-607190A3F95B}D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{D1A098CA-09A9-4F44-85BE-9709A31D6331}] => (Block) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{5A681B59-7D76-42CF-8A7E-EBCEDE68531B}] => (Block) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [TCP Query User{FBB29511-41BF-467D-9947-EA80CD0F6037}D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [UDP Query User{61F199AF-5422-4E9F-A9C5-48A72838DE0C}D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [{9B35B966-21F1-42F8-A886-996A34642D93}] => (Block) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [{37032938-2AAA-418C-9999-3856687A9776}] => (Block) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [TCP Query User{0465F317-AF7D-4B36-B0CB-1448DF3986A8}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FC31C31B-21A9-420F-B36C-EE3C5945FC25}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{F204028F-53AA-478C-8E36-FC3A060E1DD0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{E89F4935-90F1-4BCC-A6F8-3281EFB1C385}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3D85DF8F-7AC4-499C-9F10-6C7067C29010}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C9612586-3022-4A61-A45F-88BFF97B7D6F}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{8FA54F88-44B4-482A-A86E-37AF4981C2FD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F9086EE3-2FD9-4782-A086-46275E5E5EFA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{52E8099C-E2DF-4192-9D10-CE16327069BC}D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F653F1F2-EA47-42CE-A8F0-5F836AA5E800}D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [{A49584EA-035A-4AFA-9471-D735FCF7C1AE}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [{FEF86CFF-6579-4F76-8F79-3EBA3C620D27}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3DBA1911-68C8-4853-A9EA-8B4542539B5F}D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2D2B79EA-C016-4A40-B4CF-47FE8884E790}D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{49CC19BF-A53D-4005-9188-986BCAF87340}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{D95C528B-3973-4E57-97E7-0C39478FF617}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{20E04287-30A2-4C32-AE8D-F1EF78FF33A3}D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [UDP Query User{E39D78DA-6C79-44F0-B0CD-27EB8A988FE0}D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [{9A170D20-D252-4958-9EC7-377F60B189F2}] => (Block) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [{EBCA939E-24DD-4921-8DB1-84C06B582F65}] => (Block) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [TCP Query User{A856271E-BD8C-48AA-B960-B9EC58C75602}D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CEB5495F-83DE-479D-A630-191B76796614}D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [{D23EFAC8-F2D3-4649-AAAC-20D5D79EC0AF}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [{76810233-7BDD-4100-A143-635C83EE2A4A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6BB84CBF-5261-4482-84A9-D9A42974CF1F}D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [UDP Query User{910450E4-1D72-46CD-93F0-E6FF5BE09519}D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [{99D7C47C-F83A-43EE-AF3B-6218E766A1B7}] => (Block) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [{A14D2EAE-780A-42F6-9812-DDC89FA65E97}] => (Block) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [TCP Query User{E4183C69-0B02-4FA7-A903-0027F97212FE}D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{63C3375A-4D75-4607-8FF1-83FF4CA1CC9D}D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [{CE10C8A1-81FD-4C39-84B5-5501B4F79419}] => (Block) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [{E239040B-C6AD-4042-9B46-B4859826BF5B}] => (Block) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{BCF26E14-0B4D-44F7-8271-3CD3C0EC430C}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5AD036CB-2B06-454F-901C-78E3BBE3DF67}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [{A4DF32DE-1C61-49F6-820A-B03183997B10}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [{1484E7A4-D4AE-423F-9879-9BCBDDB31A48}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2261CF86-50A6-4285-993A-17CBA4D218B5}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6AAE04EE-E7F1-475F-B334-398D60B2EF12}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6BD2E5E9-1B0F-468A-80E5-A99E091B417D}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{209BD85F-4791-4897-B63F-FEA7CB96B40D}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EF54F892-4611-468F-8557-A8957F4656EF}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{766F5987-EC1D-4A4A-AFA0-1108134FE382}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C4F8725E-7B85-48A7-AE51-54F861DFD2AB}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E70D007-4ADF-47D0-B371-67BADA736FEF}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1D65E9CB-2196-4EB7-8F48-2101A89C90EC}D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [UDP Query User{904C1088-F6CF-4B86-A743-A565CFD58D12}D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [TCP Query User{9573B8EC-1B79-4BD9-A931-C5E51F2A4091}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5D5F818F-7B5B-4EA1-9C39-751846732753}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5A98FAFD-8B20-4038-BB2F-F45BEB6211EE}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{24C9EC8B-3211-4C45-87F2-3F01041D269C}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F6DD240E-E5D2-42EF-8B55-435BF33E4583}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{40F6DACA-6356-4AE2-9512-434ACC467BA6}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F55AC804-7005-4C30-BE37-D12D67D62497}D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe
FirewallRules: [UDP Query User{980A5357-E805-4142-9F47-BFB0789F7ADD}D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe
FirewallRules: [TCP Query User{42A939B3-EA44-4DF4-BD37-8AE90069D8EC}D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5690C996-1D02-406C-BB3E-D21D104C734B}D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D13594FF-55FD-43A5-95AB-388B88568DE8}D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B69F8970-6C2A-4B66-8548-6419B5DA114F}D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{47024525-478E-4A20-A267-8092D8C5127C}D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F0984C60-AAF6-4ED5-900E-4FA30DBD48E0}D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{13325FC7-A3B9-4CBA-B33C-95BBCF103492}D:\program files (x86)\battle.net\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [UDP Query User{75CB7F83-1F29-44F2-91C2-C0CC8CBD8B7C}D:\program files (x86)\battle.net\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [TCP Query User{95C5ADD7-CB33-4A3A-8711-73C147D0EE89}D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{314D0C12-62E5-4D7C-87AC-AA97E18A21BA}D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{14D95B58-70B7-4449-8D84-D310EF1C34EA}D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{214C9B13-A214-4E08-BB11-0BFE43BA00DD}D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A700044A-343F-48AA-8E61-BFFE71BDA8BD}D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{36204FC0-41E1-4928-B7E6-47D70C3F54C0}D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{033226A0-6179-43FA-ABF4-B1B77BE41047}D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3743A80E-ACFA-4AE0-93A8-670137A8B28C}D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{034ABFEE-5F91-4C4C-83F1-7C5E6FF7DB63}D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6843BA20-E21E-43D7-BD46-85222E6037C0}D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{27A46C34-E3E3-4F55-AFC9-09B4B43CB7BC}D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ED40E8C1-9AAE-471E-9F07-856720EDE967}D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [{70A3B0B4-D111-4D00-AAC0-5A03CD83C559}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [{C706FC30-185E-44DB-A884-E1670A4A6C70}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5DEBFB11-46DA-4D30-B42A-F8DD5E1E496C}D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{07A86F53-B765-41AE-9052-37379BE3AE8D}D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [{4121E807-9380-4AF6-863C-8163BA9ADD91}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [{410278F9-D9E1-49E2-9A8E-5606544CC41E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C3E39A0D-AF5D-47CB-894F-5378916D784C}D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4E51DACD-0E18-484D-B565-32356A16FDF0}D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [{3C670086-BCC7-4343-A5ED-5E3178A63810}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [{BBE5A50E-F379-4A0D-A507-3FBC6EE3BAFB}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A5ABAB27-77E2-403F-9B59-9F7C11577AEA}D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8193417-103C-4E6C-B0FD-4D558C43AF11}D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [{32A78BDA-4EF5-45E7-A33A-6F8E7CF773AA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [{106022EF-3440-4D4B-B1E5-D732A3E86E92}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{92FF12DA-F08F-495A-8F2F-E113DB33BD5E}D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C090FEB4-53A4-47BA-9A98-A72680E827A5}D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{1959CDC1-F19E-4E82-A30A-18428A2E4103}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{0B350210-CE04-4F8F-8BE9-F58CCFE2EEF1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{18663074-0784-4736-90AF-45E795DB7761}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{63963DAB-8B03-4174-B8C3-35EB636C204B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{331EBEAC-DC7D-48A4-9708-9CE3A226DF60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{9B254037-71EC-4109-A2D7-036F5F559420}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [TCP Query User{EC89008E-74BC-4D80-84F5-C9A1CC03BB1D}D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{669BA84F-505B-4B79-854C-A90EBCD99DD9}D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [{B14625E2-67E2-449A-A2E6-89B354FDC550}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [{45038B4A-BEDB-4055-A6E2-6C3012461407}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DF115BE6-F6EB-4EC4-AC73-FBBD5BF9037F}D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E46FE625-8C97-44EB-BD30-1121C1F7275A}D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{778BBC31-B991-4E9E-92AE-FA34A326A670}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{1CFB5B62-B32B-4D84-B819-1E80AF702890}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{0EA2A9D6-DC72-4D83-A011-BA7B9FB2707A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B1940728-E303-4F57-9DEC-9D30A2675B26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
10-07-2018 00:34:59 Scheduled Checkpoint
14-07-2018 21:27:18 Windows Update
22-07-2018 12:04:00 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2018 11:26:29 AM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty.  Use :memory: to open an in-memory database
   at System.Data.SQLite.SQLiteConnection.Open()
   at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
   at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
   at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
   at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 
Error: (08/04/2018 11:26:26 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 02:52:22 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 02:52:22 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 02:52:22 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 02:52:21 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 02:52:19 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/04/2018 12:01:53 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
 
System errors:
=============
Error: (08/03/2018 11:35:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/31/2018 01:04:55 AM) (Source: DCOM) (EventID: 10010) (User: TABLETOP)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 did not register with DCOM within the required timeout.
 
Error: (07/31/2018 01:04:55 AM) (Source: DCOM) (EventID: 10010) (User: TABLETOP)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (07/15/2018 08:12:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (07/15/2018 08:11:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/11/2018 09:06:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (07/11/2018 09:05:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel Security True Key Scheduler service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/11/2018 09:05:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel Security True Key Scheduler service to connect.
 
 
Windows Defender:
===================================
Date: 2018-07-30 00:34:58.309
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {39ED0D97-E28C-423B-BB26-19EE64788953}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-28 16:47:33.178
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {60E911E7-8BBD-4240-A423-595A75091332}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-28 16:27:26.843
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {15154FC3-7003-4FE4-896C-BBB2F77E4F06}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-27 00:54:16.150
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {51BBBC28-5804-4D32-A6B8-A06852470C75}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-24 23:23:30.068
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BC9E17BC-CF32-40B1-B2BC-574863BA3D73}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-13 20:53:53.700
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:53.700
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:52.058
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:52.057
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:33.057
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2017-08-29 22:44:02.561
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:43:51.102
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:42:05.692
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2017-08-29 22:27:37.115
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:25:40.709
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks32.dll that did not meet the Microsoft signing level requirements.
 
Date: 2017-08-29 22:25:39.240
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2017-08-29 22:25:39.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2017-08-29 01:34:49.989
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 44%
Total physical RAM: 6068.55 MB
Available physical RAM: 3338.77 MB
Total Virtual: 8747.87 MB
Available Virtual: 5403.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:173.7 GB) (Free:129.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:422.12 GB) (Free:303 GB) NTFS
 
\\?\Volume{fce7b449-157e-11e6-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: DE4527D1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=422.1 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,700 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 08 August 2018 - 05:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/681659 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 08 August 2018 - 05:54 PM

1. I am unsure where the malware that I mentioned above (prizemediayou) is coming from, and while I didn't click on the link, I want to make sure it hasn't affected my computer. I implemented AdBlocker for Chrome (extension download) as a remedial measure, and did scans with Malwarebytes which found nothing.

 

3. I do not have the original Windows CD/DVD--it is overseas in my parents' home, and I will not be there for months yet.

 

Question: Must FRST be deleted upon use? As I already had it, my logs below are from the already-installed program.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Justin (administrator) on TABLETOP (09-08-2018 00:47:05)
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\InputMethod\KOR\KorIME.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2014-01-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Run: [BingSvc] => C:\Users\Justin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
Tcpip\..\Interfaces\{25A095C6-C578-4367-A8FB-614C2C766CFD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68A2DD0E-0697-41E1-AFB7-494D5C6D0CC9}: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
 
Internet Explorer:
==================
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ww
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-17] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-09] (Intel Security)
Toolbar: HKU\S-1-5-21-1386187955-881786914-96266419-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-17] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2018-08-09]
CHR Extension: (Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-09]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-09]
CHR Extension: (Dropbox for Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (AdBlock) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-04]
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\System Profile [2016-05-10]
CHR HKU\S-1-5-21-1386187955-881786914-96266419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-31] (Dropbox, Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [920616 2016-08-08] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-08] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-08] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-03] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-09 00:47 - 2018-08-09 00:48 - 000013676 _____ C:\Users\Justin\Desktop\FRST.txt
2018-08-06 18:47 - 2018-08-06 18:47 - 001107004 _____ C:\Users\Justin\Downloads\9781317896876_preview.pdf
2018-08-06 18:47 - 2018-08-06 18:47 - 000477942 _____ C:\Users\Justin\Downloads\Sutherland_1978.pdf
2018-08-05 11:00 - 2018-08-05 11:00 - 000001318 _____ C:\Users\Public\Desktop\Skype.lnk
2018-08-05 10:59 - 2018-08-05 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-04 11:29 - 2018-08-04 11:29 - 002412544 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2018-08-03 23:35 - 2018-08-03 23:35 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-01 21:00 - 2018-08-01 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 03:25 - 2018-07-31 03:25 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-31 03:25 - 2018-07-31 03:25 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-31 03:25 - 2018-07-31 03:25 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-31 03:25 - 2018-07-31 03:25 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-14 22:23 - 2018-07-14 22:26 - 081277058 _____ C:\Users\Justin\Downloads\Freesound Byzantine Chant.wav
2018-07-14 20:23 - 2018-08-04 12:03 - 000048096 _____ C:\Users\Justin\Downloads\Juris.aup
2018-07-14 20:23 - 2018-07-14 21:28 - 000000000 ____D C:\Users\Justin\Downloads\Juris_data
2018-07-11 21:30 - 2018-06-12 21:01 - 000149632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 21:30 - 2018-06-08 15:15 - 002860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 21:30 - 2018-06-08 15:15 - 001602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 21:30 - 2018-06-08 15:15 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 19:56 - 2018-06-20 22:01 - 007398232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 19:56 - 2018-06-20 21:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 19:56 - 2018-06-20 21:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 19:56 - 2018-06-20 20:48 - 000095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-07-10 19:56 - 2018-06-20 20:48 - 000027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-07-10 19:56 - 2018-06-20 18:58 - 000092672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-07-10 19:56 - 2018-06-15 05:01 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-07-10 19:56 - 2018-06-12 10:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 19:56 - 2018-06-12 09:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 19:56 - 2018-06-11 18:55 - 025744896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 19:56 - 2018-06-11 18:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-07-10 19:56 - 2018-06-11 18:14 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 19:56 - 2018-06-11 18:06 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 19:56 - 2018-06-11 18:04 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-10 19:56 - 2018-06-11 17:39 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-07-10 19:56 - 2018-06-11 17:36 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 19:56 - 2018-06-11 17:31 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 19:56 - 2018-06-11 17:22 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 19:56 - 2018-06-11 17:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 19:56 - 2018-06-11 16:59 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-10 19:56 - 2018-06-09 18:40 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 19:56 - 2018-06-09 18:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-07-10 19:56 - 2018-06-09 18:09 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 19:56 - 2018-06-09 17:59 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-10 19:56 - 2018-06-09 17:37 - 004496384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 19:56 - 2018-06-09 17:37 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-07-10 19:56 - 2018-06-09 17:36 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 19:56 - 2018-06-09 17:32 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 19:56 - 2018-06-09 17:11 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 19:56 - 2018-06-09 17:08 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 19:56 - 2018-06-09 17:06 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-10 19:56 - 2018-06-09 04:47 - 002176072 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-10 19:56 - 2018-06-09 03:44 - 001565528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-10 19:56 - 2018-06-08 20:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 19:56 - 2018-06-08 19:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 19:56 - 2018-06-08 19:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-07-10 19:56 - 2018-06-08 19:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 19:56 - 2018-06-08 18:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 19:56 - 2018-06-07 20:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 19:56 - 2018-05-24 23:29 - 002449752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 19:56 - 2018-05-24 23:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-07-10 19:56 - 2018-05-15 10:42 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-07-10 19:56 - 2018-05-04 01:02 - 000439640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2018-07-10 19:56 - 2018-05-04 01:02 - 000325456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-07-10 19:56 - 2018-05-04 01:02 - 000187728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2018-07-10 19:56 - 2018-04-26 15:43 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000065880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000021848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000018776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000017240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000015192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000013152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:43 - 000011608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000063832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000020824 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000019288 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000017752 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000016216 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000014168 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000013656 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-10 19:56 - 2018-04-26 15:19 - 000012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-10 19:56 - 2018-04-25 19:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-09 00:47 - 2016-06-25 18:44 - 000000000 ___DC C:\FRST
2018-08-09 00:41 - 2016-05-09 00:22 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1386187955-881786914-96266419-1001
2018-08-09 00:33 - 2016-05-09 21:38 - 000000000 ____D C:\Users\Justin\AppData\Local\Battle.net
2018-08-09 00:02 - 2016-05-11 16:36 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-08 22:02 - 2016-05-11 16:36 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-08 21:35 - 2016-05-09 21:27 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 21:35 - 2016-05-09 21:27 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 21:28 - 2016-05-09 20:53 - 000003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F08277D-6063-4C19-9113-6820952880B9}
2018-08-08 21:27 - 2016-05-09 00:19 - 000000000 __RDO C:\Users\Justin\OneDrive
2018-08-08 01:48 - 2017-12-16 00:17 - 000000000 ____D C:\Users\Justin\Downloads\JaFL_106
2018-08-05 21:01 - 2018-03-24 22:56 - 000000000 ____D C:\Users\Justin\AppData\Roaming\audacity
2018-08-05 10:59 - 2016-05-09 21:38 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-08-05 10:59 - 2016-05-09 21:38 - 000000000 ____D C:\ProgramData\Skype
2018-08-05 10:58 - 2016-05-09 21:39 - 000000000 ____D C:\Users\Justin\AppData\Roaming\Skype
2018-08-05 10:50 - 2014-11-21 10:44 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-05 10:50 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-08-04 02:21 - 2018-03-28 23:11 - 000000000 ____D C:\Users\Justin\Documents\Audacity
2018-08-01 21:00 - 2016-05-11 16:36 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-22 23:28 - 2018-06-07 21:37 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-22 12:11 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-07-17 22:47 - 2018-02-10 18:02 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-17 22:47 - 2017-12-16 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-17 22:45 - 2017-12-16 00:21 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-17 00:02 - 2016-05-09 20:58 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 00:22 - 2016-05-11 16:42 - 000000000 ___RD C:\Users\Justin\Dropbox
2018-07-15 20:11 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-15 20:11 - 2013-08-22 16:44 - 000362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-15 02:08 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-07-15 02:05 - 2016-05-10 01:12 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-15 02:05 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-07-14 21:42 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 21:42 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-14 21:36 - 2013-08-22 17:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 21:15 - 2017-03-03 00:03 - 000004428 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-11 21:15 - 2017-03-03 00:03 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-07-11 21:15 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-11 21:15 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-11 01:09 - 2016-05-09 23:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 01:02 - 2016-05-09 23:56 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 19:54 - 2016-05-25 19:15 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-10 19:53 - 2016-05-25 19:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-10 19:48 - 2018-05-10 14:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
 
==================== Files in the root of some directories =======
 
2017-08-29 22:16 - 2017-08-29 22:16 - 000000000 _____ () C:\Users\Justin\AppData\Local\{FD8EAFC0-CB23-47D4-A862-DAE926F7E788}
 
Some files in TEMP:
====================
2018-07-17 22:43 - 2018-07-17 22:43 - 001906040 _____ (Oracle Corporation) C:\Users\Justin\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-08-05 10:58 - 2018-08-05 10:58 - 057812744 _____ (Skype Technologies S.A.) C:\Users\Justin\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-06 21:31
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Justin (09-08-2018 00:49:19)
Running from C:\Users\Justin\Desktop
Windows 8.1 (Update) (X64) (2016-05-08 22:14:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1386187955-881786914-96266419-500 - Administrator - Disabled)
Guest (S-1-5-21-1386187955-881786914-96266419-501 - Limited - Disabled)
Justin (S-1-5-21-1386187955-881786914-96266419-1001 - Administrator - Enabled) => C:\Users\Justin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Discord (HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.146.1 - Intel Security)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1386187955-881786914-96266419-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {056B3ABA-2472-4427-BB24-C17601AEB721} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1EBAF5FB-167F-4B1E-9D15-B7708B535011} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
Task: {29CAFE71-9C60-4644-A385-B341905BE343} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-06-06] (AVAST Software)
Task: {2FB21EF4-5E9B-44B9-BEDE-8D67538D942F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
Task: {2FB488DD-2592-4441-B735-7C9B3A2777A9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {539F0270-1973-494A-834F-1B570793EAA1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {5843D15C-1789-4F53-8AC9-E62386F5099B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {61D14068-6B3B-4179-A7B2-1E87E7A13E84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {64169C5A-1ED3-44CB-AAC7-D7AFC1505DBF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {77AC6FED-5984-49C7-AB6D-383AFE742BE1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {8E85285E-50BA-46FE-B39C-5BBC8EFCEB5E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {9E6DA01C-9F5C-4941-A99E-3797D01DEBD6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {AB3F4B82-9687-48BC-8EC3-5707E48B7D4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {ADA2C393-4C38-4BD2-B5AA-78092B38ECE9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {BCC2B6C2-E247-45AF-AD45-83929E7DEB9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-18] (Realtek Semiconductor)
Task: {C3E92032-7380-44BF-BC1A-AD3F9D868AE3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {CD6F17FC-A2F1-4125-A074-AE407C2A449D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {F40E96A0-1FD3-4E32-97CE-BECC823C3832} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-07 21:37 - 2018-07-22 23:28 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-03 21:28 - 2018-07-31 01:32 - 002682200 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\swiftshader\libglesv2.dll
2018-08-03 21:28 - 2018-07-31 01:32 - 000148824 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\swiftshader\libegl.dll
2016-06-24 19:18 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-24 19:18 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-24 19:18 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-24 19:18 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-24 19:18 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2018-08-01 20:59 - 2018-07-31 03:25 - 001108672 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-08-01 20:59 - 2018-07-31 03:25 - 002247872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000021704 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000135840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 001881816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000111760 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-08-01 21:00 - 2018-07-31 03:25 - 000103576 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000069320 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000080064 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000400016 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-08-01 21:00 - 2018-07-31 03:25 - 000024728 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000043680 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000021656 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000125080 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000114848 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000392392 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000030432 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024736 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000175768 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024728 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000026264 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000048800 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000058016 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000024784 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000022728 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000026336 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000070360 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000025296 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000029904 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 003866304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000089272 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 001800896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 001960640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000028824 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000155856 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000521920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000051400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000043720 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000131264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000220872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000205512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000061080 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000056536 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000024224 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000025304 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000028392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:25 - 000348312 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000102088 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-08-01 21:00 - 2018-07-31 03:28 - 000024800 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000026840 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:25 - 000036496 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000181432 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-08-01 21:00 - 2018-07-31 03:28 - 000031952 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:26 - 000024752 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-08-01 20:59 - 2018-07-31 03:26 - 001638576 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-08-01 21:00 - 2018-07-31 03:28 - 000027352 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000547008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-08-01 20:59 - 2018-07-31 03:27 - 000360128 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2018-04-01 23:05 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1386187955-881786914-96266419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 62.2.24.158 - 62.2.17.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-1386187955-881786914-96266419-1001\...\StartupApproved\Run: => "BingSvc"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{29403582-11E4-4607-AB5E-9FA471626746}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{02CC22BE-9969-4B70-878B-CDE48CD15540}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A907F235-6252-4BDE-82E5-00BA893BC89C}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2F27DF89-99E6-4301-93AC-4D2E392D8F20}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7D6D9721-6D43-4181-87FF-6089F0C4AD49}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{637A26B2-ACAB-48B7-B6A4-3578D2CBD9B7}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{1DAFCA5E-276E-4EB3-AB97-B558CA88D506}] => (Block) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{BEF12E73-1B24-4642-BEC8-B19A12D9BED2}] => (Block) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{50A84A39-AB33-499A-8D22-C45FF1ED1B47}D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{91BF274D-9CD4-463D-B25D-1CF42D667779}D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{B58603D9-92BA-44AC-A32D-D3BF56D3CD37}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7340C4FE-7ACD-4EAD-AFD0-A86B206584B6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12B86213-7B18-46C7-B758-5388CA22B4AE}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D3FBCEA-F49F-4B86-9800-7F41D8ED1BAD}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2456322A-031E-4682-A86F-758CA7FFCA0D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Twilight Struggle\TwilightStruggle.exe
FirewallRules: [{4C687FE8-E9FD-4A58-A7E5-041ADF307EF8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Twilight Struggle\TwilightStruggle.exe
FirewallRules: [{9101916C-D858-441A-AB2B-6B52D14CFEE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{51B4CA62-36B0-4D49-9D24-638CDE80A7A1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [TCP Query User{886AE4D7-9B5A-44BF-B5FB-DEF5C03EDDA1}D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E77279A4-2F1D-4757-9905-151A1F6782C4}D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8BAFC796-58ED-4622-981D-386DF0A285F8}C:\users\justin\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{50D01BCE-B4F9-438D-B9BA-B871E535BF68}C:\users\justin\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [{799BB178-E156-4B5D-A326-F805B00F6100}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [{01B00722-2AF2-4CB6-8E5D-C7DC83E3D26B}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{95E6C4CB-0F02-45EA-A5B3-AB5F85DEEE92}D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{687982ED-D7CB-4A6F-B7EA-CD0D20C537DA}D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [{DC15B152-E15B-49A3-B966-A0C412961E3F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [{CBFBB42C-DBBB-4F40-B692-45F838769342}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{746A1B53-9FED-4CE2-8A50-513077A3C0BE}D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B368F9DD-049D-4007-8FD7-0FF9CC62EE3E}D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [{237218EC-8607-488B-BD61-5E46AAC08EF0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [{E5444224-F410-49CB-8BB3-6A25617362BE}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3AF577FA-7981-40A0-AF41-9583FB888F73}D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FDFDB109-7076-4E1F-820B-9BED7E4C6685}D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{67944EB0-D7E6-4361-9619-4F144A4F05CA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{62C5DE3A-4039-4841-9267-05A4198F9388}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3BDFAE4C-5F65-4FD2-B8F4-74F4222EC976}D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7455B4B6-55DE-4C71-976F-AC28C7B682EF}D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{645FE9B3-D727-483F-B0C2-9E59A1F1776C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{E506F3D3-82D3-4C8E-B47F-34B75656B120}] => (Block) D:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A3A5F65-8FB6-4F0C-BB66-CDCCE2E6C760}D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A3A462F9-79FC-4196-8A51-A4CA937145A7}D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{65D3C04C-ACEB-4061-8E07-534767A0A503}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{6D466A70-DC0F-4B19-B904-5178F4F52F5D}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe
FirewallRules: [{6B20E23E-6F89-4AA5-8733-C3F5A06637E4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7CD96D20-7949-4096-91AB-694CFEF9CE25}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{7EA591AF-46DC-4EA5-8B4B-2DEAD55EA1FC}D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4A2BC49A-2CBD-4E2C-A2DF-AFF6DC8C3415}D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [{C5A4F42F-2499-42FF-87B9-DC30C03BBB6A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [{54789CC2-1307-4626-9158-2447D6070B08}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44737\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3112F4A6-25B6-4395-9840-231F96910A64}D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3BD5D83B-8870-440A-894F-B07855F2DFF4}D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{D3A7C6AA-1D9E-4F48-9311-872AAF985D58}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{8865B77C-C381-40DE-A7F3-EE857B9B4CB2}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{270629D1-2247-411F-AA50-AE102F73130B}D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{83A4C224-F505-43BA-BF0F-AD992D153441}D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{997B10B0-CE03-4209-AFA1-4D1A7B88674B}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{ED2C6FC2-0648-4872-A2E5-DAD2148DF4F1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{DFAD3246-00C1-46F3-826B-63F248554DF4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{796019A5-8B7D-4D05-A8D6-5332711FF7B1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{F463E209-481A-45BC-888E-4355979D9707}D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8C6F065C-7DE1-46D7-AA3E-411604EC4E13}D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{A0AC7741-50A3-46BA-BFC8-94C5F792BF28}] => (Block) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{26CE5BDC-D572-4B53-92B4-7C18E22BF369}] => (Block) D:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{073C1C1E-B4D1-4419-A9E5-573BA7DCFABC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{D088D97D-6378-4AC3-ADA5-688E1D804F7C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\AoW3\AoW3Launcher.exe
FirewallRules: [TCP Query User{1441FBC6-9E8A-40DB-87EF-EDDAED0A2384}D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{710337F0-2E01-45E0-AA27-8515CCED8263}D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [{794D9376-D782-4F93-BDC3-82691A051F63}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [{E6C96126-92AD-466E-8140-A418E503323C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46158\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{56DF63A8-8F9D-49B1-AFDE-306C7FF02DC0}D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{62F464CE-5754-4BD6-BF7F-DA569BE81622}D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [{B711BA4D-7E80-4578-AF42-1718832BFB1E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [{734B3D5B-963F-43CD-89AE-4E679002765D}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46446\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A513A1DE-6609-4A7C-B1A6-A9D3978C99B4}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A2501FB4-0170-4216-B085-E2770A3AB341}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{B5AC2D34-E5FF-4685-8687-B4BCB78784FC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{ABE728DC-0F58-40C4-9B1D-75B352F114FF}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0A72E29E-7173-4FF5-B952-BACF10CA4CF3}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D1BE9A14-49CE-4C8D-B458-C83D7EADF3A5}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{55F27970-7451-4582-8752-FAC941E474DA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{063CB813-E379-4E98-9CF1-DF9036958747}] => (Block) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [{6CF846F2-1A62-42AE-8591-22CF0C83702F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{7A14621E-3813-4D27-A319-C37C08FBEED5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [TCP Query User{9865E2FA-E46F-425E-9957-7ED742572FB2}D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{89ED499A-846E-49CF-A84B-7F9286885AB4}D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [{D04E46FB-8B93-4060-B582-1955057F5441}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [{75F3B364-0006-4577-BE5C-535CD16A7B0E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47219\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7125B7F9-A0E7-4541-8C4E-81D6805B89E2}D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{74DF8C68-1832-4B1E-BD0D-26164E274471}D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{D38DE499-EF1E-41CD-A078-9B34AE49EC5C}] => (Block) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{9C7645BE-7493-42C8-8A1D-672A954FC692}] => (Block) D:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{AC87B0AE-1FF7-4C80-9B87-AB1A82A112C9}D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D1B050F3-2CD7-4DAE-AF64-BB210E721D1B}D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{772D66B9-E5F3-4AD4-A272-75C7DBC8840A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{724C361B-5963-491A-A116-0FF86BE9880B}] => (Block) D:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6EC22DEA-4FB8-4BA1-B058-831E527DD5AE}D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B99A1A8A-53E4-4FDA-9915-B27EC4175B13}D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{E46F49BE-AEDB-4899-8DF0-579ADE74D713}] => (Block) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{6C5CF84D-1D03-4908-9664-6D4A544FCF8F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4335FCAE-3534-42ED-9AE0-6A114E3D01E5}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E839852A-E060-4CE9-A873-FC68080A1C96}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E14F21DD-F8DA-4B24-B735-D382639041BD}] => (Block) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{DF36550B-3BBB-4934-A190-C9974C36C704}] => (Block) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{36987DB8-CB89-41C6-9768-8288058CEF6D}D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{35B8E37A-AF77-4892-A691-14297F8B1035}D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{03F3E8D7-970B-4DA3-806C-4904C3A632A3}D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7B40989A-4E92-447C-9482-EFCFF97A3C91}D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{27109A1B-34C6-4084-A2AB-09AE6D860A2B}D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe
FirewallRules: [UDP Query User{368118B9-29E3-480F-9B0D-F2521A60B55C}D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8179\battle.net.exe
FirewallRules: [TCP Query User{1382CAFD-742F-4601-BAE8-501B236CEE6E}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{1FA4A19A-288F-4DFD-9B9C-36FE2F1F67E2}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [TCP Query User{9847408D-08EF-4CBB-91D5-3F97A1BCD605}D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AAE5D673-C23C-4CE8-AEB3-4E9009DEAC5B}D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C67F2500-90EE-4D28-B400-177DE9B739FA}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{326DCA9E-7DED-40BF-A86C-5A723F06F261}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0CF7BC59-EC8A-4503-A3DE-35F3349EC476}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5758F455-3D37-4BAD-A41D-FE30DF679E42}D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DB8ACC76-4CA3-4936-8112-5BEC37C2C433}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{C3FBCBD6-5EBD-4AD4-8C4A-AE7D2BEA1952}D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [{DC41F842-D30B-4DFC-B594-561D9BB76EF5}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C74316CB-FC1F-41EF-B19E-9E06D12C122C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{9044DAB9-ACEB-4F86-905D-EFF7671242F2}D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{689A25F9-373F-4B37-8BB4-4255D5E0CBF7}D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{D84490F6-F4DB-4013-8E37-C2B27B93F587}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{32CC86C6-166F-4352-8150-6EDB58C05D23}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{825480E9-C2BB-4F4E-97E8-4AB52C0CD1F4}D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FB309166-6718-4C2A-B0E6-5572D456F510}D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{86E8B669-DA71-4AE1-AE74-35A0F7E73CE1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{37497EA1-18D8-4F40-B752-FFD3D59E5670}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{23EE9E28-F6E1-48BA-9168-1E701B601ED8}D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{75610CAB-81F2-4941-84CF-D6B4A3CA6BBC}D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{1BBDD4AF-0689-44F2-BE13-8A3A3B7081C7}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{DCB710E4-647B-47B8-9BE7-FEBF876E9E12}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A38C67B9-55BC-48FA-9C17-6E23CD0C2072}D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [UDP Query User{8291E923-0489-4EEE-BDFA-6739AF378206}D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [{C8F8940B-AE30-4182-9E34-C341F7302D14}] => (Block) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [{82B86403-761F-422C-AAAA-A0C513D02AB0}] => (Block) D:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [TCP Query User{23485C56-A1C8-411B-87A3-8D7A3BABB523}D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{879222D8-9F2C-4862-9973-99B8562D6E5D}D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [{AAD3EEA7-992C-40B6-BA3D-4796263D67C3}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [{CD7C467E-4C6A-4F16-AA4E-4F8061C46E82}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4F4653E6-DB31-4955-BCDC-67C6B18D0FCB}D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{44395774-9859-4124-9A55-8388B3AC1E14}D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{44F0BF1F-FE36-43C9-9D5A-01BD1E569A6F}] => (Block) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [{9A205E81-CEC3-48E0-9EE6-196E82B42E43}] => (Block) D:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{5C250F68-8B7E-49E3-92FC-91C991DA07AF}D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C7A6B65E-44D7-4DDE-AC7D-78417EFA39FA}D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [{184FA379-4C0C-4BD2-A9F4-2BDFC5377E10}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [{53933444-8B68-4DD2-9979-1587BBF8958F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F606D773-0430-4C56-B14E-4A8F8C940E2B}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95BA1B17-2FD8-4C1C-89C8-7BD1FB09AE4C}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{72662A6A-6F8D-4467-9F9C-DE88F64CF4CD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{5976B299-F83E-4323-A64C-3FECB39C0841}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F7CC587E-D990-4B1E-9DC6-C2EB595CA72B}D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{1A57A12F-9EDC-45A6-BA0B-BFB0DEF509BA}D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{E75C6009-ECB0-4412-BD58-71006B49D53D}] => (Block) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [{CDD77AC3-1B9F-4D8D-BA83-B36A47B71F30}] => (Block) D:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [TCP Query User{5C5AE4D4-6C15-4EF8-8DC8-28253E6CFB64}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DDEAE433-1D1B-40FF-A5A9-91A29B8D86A2}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{8B4E1628-9268-4147-9C2A-DDAFEE44F773}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{015152A4-E418-4683-A6D8-3443CEE659F0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{69F5A6AE-8CE4-47AE-86AD-60CC1613CDE1}D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{E6368E51-8F76-4F67-84D0-E8BED8D93450}D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{C4B56912-1FAB-4E6A-8269-86036651E158}] => (Block) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{A117ADE6-02BE-4240-B350-F53DBF82C5C0}] => (Block) D:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{2F4D6B0C-56B4-4C6D-A583-4A7CE34579CA}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{58A3DC6B-C7A8-451D-BDF7-304A48B4FEA4}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{4DC70EE0-7C2B-439A-B9FA-30D3FFEE80CC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [{DCC08F79-AE76-4EFE-B58A-DDAF53A36BE9}] => (Block) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{504AA4D2-506B-4EB5-8EA6-0683F87AF6D8}D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EE77BE70-F9DD-493A-ABB8-3C91AD872F51}D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{E5F2EE12-9552-4C99-B701-482DFE3D0D60}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [{E7BBBD86-EAC4-44ED-A143-D92BCCE109AB}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FE61046C-9BF2-4890-AAC2-35328F66B6A5}D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [UDP Query User{2729E212-9E65-4C14-A60A-81E61CE15776}D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [{B989B74C-3C67-4FB6-AF5B-5A06028907EB}] => (Block) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [{B94E6180-D21B-4423-AC32-75C9DC27AE9C}] => (Block) D:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [TCP Query User{7FCB1A2D-0758-45C2-BA03-75F948F46489}D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0A7AC4EA-F44D-492C-9831-EC4B9B944051}D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [{23201BAC-6CAA-4C13-9BE2-340384068C20}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [{26AEC1E6-7A5D-44C5-AEC8-E1038099C2DC}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B8D96B8E-AE95-4E04-BFA9-14184563897C}D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [UDP Query User{20C22B33-1077-483A-85EB-4802A0A507A2}D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [{EE432C05-ED4A-4E33-8099-19436ED6C349}] => (Block) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [{E07B4861-893F-4313-91F3-85871862DF61}] => (Block) D:\program files (x86)\battle.net\battle.net.8539\battle.net.exe
FirewallRules: [TCP Query User{7002D1E4-06EC-49B5-89BD-4089264E392F}D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{744BE3E7-48C1-44F6-A20D-0282A20F8544}D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [{2342511D-56F5-47F7-A190-4E49B0427093}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [{A87672EC-57CC-4DA7-AA0C-FDB366784937}] => (Block) D:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{22C95917-B42E-459F-BDAE-4C40D54CF172}D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [UDP Query User{9BD2E7C5-A2BF-47BF-9909-E108A389A47D}D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [{788B6AE5-F0C5-4714-ACD3-8B27AAB4565A}] => (Block) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [{6B0A7EB7-27CB-4B0F-A68C-813B8BBB8AFA}] => (Block) D:\program files (x86)\battle.net\battle.net.8554\battle.net.exe
FirewallRules: [TCP Query User{6E37EB09-10F4-42C4-8E86-BE62948BEB93}D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{278016F1-8A75-4DA6-B7C9-4DED7D22BF94}D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{66E19672-1A22-4C9C-BC6B-B91F1BCD3019}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [{36526C9B-E8EB-4A78-8820-DB698554CBE2}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BC929206-6015-4468-9709-B93C131393D7}D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{185A6F0A-4CDB-42E5-B51E-DC82094D0805}D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{1CED8F51-E197-4411-9E67-CDA2F9A114C8}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{BC071CB2-80B9-42DF-AA31-6E48C73852D4}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{46165159-1C74-4411-A5B0-E4123E50EA74}D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [UDP Query User{A7FA38CF-30C6-40DE-9DF9-843B64C2531B}D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [{68D52678-40C4-4BEB-B202-AA1ACFEBBCFF}] => (Block) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [{5BDBAB89-3CF6-468B-920A-AF592ED410B0}] => (Block) D:\program files (x86)\battle.net\battle.net.8600\battle.net.exe
FirewallRules: [TCP Query User{AA40C2A6-749E-4407-ACEC-5DADE3783917}D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CB5B2DCB-33CD-4C82-9F3A-BF2F9E3443AF}D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [{A888C8ED-E87B-4FE6-9383-8AF7074A6521}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [{61399DE1-9F67-40C4-B05E-B168592BD2A1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{534B350C-F4C8-4F38-8820-9D46005D0349}C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [UDP Query User{5F2FB698-AA13-4C55-9900-148AECA590D2}C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [{3EF594B6-231A-4B24-B0EF-1F2F7C2F4659}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [{5B41CEA2-CDD7-4370-9AA7-98598672ECE8}] => (Block) C:\users\justin\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [TCP Query User{D6600B30-6265-4406-A4AE-E4220380A201}D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [UDP Query User{66801A4E-BE5A-44E8-ADD3-DF52DE81DF82}D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [{B79C947A-C1E8-4DE5-92C6-CD63482377D0}] => (Block) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [{9678E61D-2D6D-407C-BF82-F03FE0A5879B}] => (Block) D:\program files (x86)\battle.net\battle.net.8657\battle.net.exe
FirewallRules: [TCP Query User{72870F75-798C-4093-BCC0-678E1180DEC4}D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{239D86C9-4532-4F98-813F-8A7992C685FD}D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [{B1566B08-23D6-48EB-B730-4871593C14C0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [{8266A776-557B-426E-A8C4-242462604EB1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{548EECE1-F0DA-41D4-A131-D1201DA3417D}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FE6473E5-565A-44E3-B282-D00F56488F44}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [{5975C76B-F18A-48EF-9692-7A2CDDF11337}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [{BBB5DAAD-D3FA-4C3F-92A4-10D079EF880F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C7F0A7D3-83AD-4B44-8D50-5DBF749051DF}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{946F7F41-8967-408B-8BB4-3936E3640ABE}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{E44723AF-73C3-4260-B69C-346CE23DB4CD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{8D626015-AD5E-420A-A230-A00B50FE659F}] => (Block) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{92C21052-4883-40F6-A370-0C5EC95D8DA9}D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [UDP Query User{8143982D-2686-4260-85CD-255E8209D309}D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{31B13F5E-85E2-425C-BC18-06969C92A9C8}] => (Block) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{D0B54CB9-1990-4C66-9CE9-74A2F2871887}] => (Block) D:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{DB9497A4-AF65-4241-9415-615C368D2981}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DF3F88DB-EC63-4520-9ACB-69D6AC20FDA7}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [{BAF657AD-592D-4371-BC5C-C388BFD5EA0C}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [{807B3C3C-F147-4CB5-8599-3748E5D61036}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{34EE0862-5670-4A62-B97D-2CC266AE0B7E}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8080F0E3-696A-49DD-AEB3-E0F72D699A03}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{364B7C04-9AA1-42BC-9D89-F71A8E2CD7C4}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{9A66ABAB-50D9-4D46-8796-284931666C99}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BE925B5D-5268-4EA8-958E-69C4DC06069C}D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [UDP Query User{0D1D6FD9-F401-472B-8366-607190A3F95B}D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{D1A098CA-09A9-4F44-85BE-9709A31D6331}] => (Block) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{5A681B59-7D76-42CF-8A7E-EBCEDE68531B}] => (Block) D:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [TCP Query User{FBB29511-41BF-467D-9947-EA80CD0F6037}D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [UDP Query User{61F199AF-5422-4E9F-A9C5-48A72838DE0C}D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [{9B35B966-21F1-42F8-A886-996A34642D93}] => (Block) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [{37032938-2AAA-418C-9999-3856687A9776}] => (Block) D:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [TCP Query User{0465F317-AF7D-4B36-B0CB-1448DF3986A8}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FC31C31B-21A9-420F-B36C-EE3C5945FC25}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{F204028F-53AA-478C-8E36-FC3A060E1DD0}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{E89F4935-90F1-4BCC-A6F8-3281EFB1C385}] => (Block) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3D85DF8F-7AC4-499C-9F10-6C7067C29010}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C9612586-3022-4A61-A45F-88BFF97B7D6F}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{8FA54F88-44B4-482A-A86E-37AF4981C2FD}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F9086EE3-2FD9-4782-A086-46275E5E5EFA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{52E8099C-E2DF-4192-9D10-CE16327069BC}D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F653F1F2-EA47-42CE-A8F0-5F836AA5E800}D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [{A49584EA-035A-4AFA-9471-D735FCF7C1AE}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [{FEF86CFF-6579-4F76-8F79-3EBA3C620D27}] => (Block) D:\program files (x86)\heroes of the storm\versions\base54968\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3DBA1911-68C8-4853-A9EA-8B4542539B5F}D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2D2B79EA-C016-4A40-B4CF-47FE8884E790}D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{49CC19BF-A53D-4005-9188-986BCAF87340}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [{D95C528B-3973-4E57-97E7-0C39478FF617}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55010\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{20E04287-30A2-4C32-AE8D-F1EF78FF33A3}D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [UDP Query User{E39D78DA-6C79-44F0-B0CD-27EB8A988FE0}D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [{9A170D20-D252-4958-9EC7-377F60B189F2}] => (Block) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [{EBCA939E-24DD-4921-8DB1-84C06B582F65}] => (Block) D:\program files (x86)\battle.net\battle.net.8965\battle.net.exe
FirewallRules: [TCP Query User{A856271E-BD8C-48AA-B960-B9EC58C75602}D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CEB5495F-83DE-479D-A630-191B76796614}D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [{D23EFAC8-F2D3-4649-AAAC-20D5D79EC0AF}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [{76810233-7BDD-4100-A143-635C83EE2A4A}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6BB84CBF-5261-4482-84A9-D9A42974CF1F}D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [UDP Query User{910450E4-1D72-46CD-93F0-E6FF5BE09519}D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [{99D7C47C-F83A-43EE-AF3B-6218E766A1B7}] => (Block) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [{A14D2EAE-780A-42F6-9812-DDC89FA65E97}] => (Block) D:\program files (x86)\battle.net\battle.net.9061\battle.net.exe
FirewallRules: [TCP Query User{E4183C69-0B02-4FA7-A903-0027F97212FE}D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{63C3375A-4D75-4607-8FF1-83FF4CA1CC9D}D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [{CE10C8A1-81FD-4C39-84B5-5501B4F79419}] => (Block) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [{E239040B-C6AD-4042-9B46-B4859826BF5B}] => (Block) D:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{BCF26E14-0B4D-44F7-8271-3CD3C0EC430C}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5AD036CB-2B06-454F-901C-78E3BBE3DF67}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [{A4DF32DE-1C61-49F6-820A-B03183997B10}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [{1484E7A4-D4AE-423F-9879-9BCBDDB31A48}] => (Block) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2261CF86-50A6-4285-993A-17CBA4D218B5}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6AAE04EE-E7F1-475F-B334-398D60B2EF12}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6BD2E5E9-1B0F-468A-80E5-A99E091B417D}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{209BD85F-4791-4897-B63F-FEA7CB96B40D}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EF54F892-4611-468F-8557-A8957F4656EF}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{766F5987-EC1D-4A4A-AFA0-1108134FE382}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C4F8725E-7B85-48A7-AE51-54F861DFD2AB}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E70D007-4ADF-47D0-B371-67BADA736FEF}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1D65E9CB-2196-4EB7-8F48-2101A89C90EC}D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [UDP Query User{904C1088-F6CF-4B86-A743-A565CFD58D12}D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [TCP Query User{9573B8EC-1B79-4BD9-A931-C5E51F2A4091}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5D5F818F-7B5B-4EA1-9C39-751846732753}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5A98FAFD-8B20-4038-BB2F-F45BEB6211EE}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{24C9EC8B-3211-4C45-87F2-3F01041D269C}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F6DD240E-E5D2-42EF-8B55-435BF33E4583}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{40F6DACA-6356-4AE2-9512-434ACC467BA6}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F55AC804-7005-4C30-BE37-D12D67D62497}D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe
FirewallRules: [UDP Query User{980A5357-E805-4142-9F47-BFB0789F7ADD}D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.9526\battle.net.exe
FirewallRules: [TCP Query User{42A939B3-EA44-4DF4-BD37-8AE90069D8EC}D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5690C996-1D02-406C-BB3E-D21D104C734B}D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D13594FF-55FD-43A5-95AB-388B88568DE8}D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B69F8970-6C2A-4B66-8548-6419B5DA114F}D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{47024525-478E-4A20-A267-8092D8C5127C}D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F0984C60-AAF6-4ED5-900E-4FA30DBD48E0}D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{13325FC7-A3B9-4CBA-B33C-95BBCF103492}D:\program files (x86)\battle.net\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [UDP Query User{75CB7F83-1F29-44F2-91C2-C0CC8CBD8B7C}D:\program files (x86)\battle.net\battle.net.exe] => (Block) D:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [TCP Query User{95C5ADD7-CB33-4A3A-8711-73C147D0EE89}D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{314D0C12-62E5-4D7C-87AC-AA97E18A21BA}D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{14D95B58-70B7-4449-8D84-D310EF1C34EA}D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{214C9B13-A214-4E08-BB11-0BFE43BA00DD}D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A700044A-343F-48AA-8E61-BFFE71BDA8BD}D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{36204FC0-41E1-4928-B7E6-47D70C3F54C0}D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{033226A0-6179-43FA-ABF4-B1B77BE41047}D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3743A80E-ACFA-4AE0-93A8-670137A8B28C}D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{034ABFEE-5F91-4C4C-83F1-7C5E6FF7DB63}D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6843BA20-E21E-43D7-BD46-85222E6037C0}D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base63402\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{27A46C34-E3E3-4F55-AFC9-09B4B43CB7BC}D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ED40E8C1-9AAE-471E-9F07-856720EDE967}D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [{70A3B0B4-D111-4D00-AAC0-5A03CD83C559}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [{C706FC30-185E-44DB-A884-E1670A4A6C70}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5DEBFB11-46DA-4D30-B42A-F8DD5E1E496C}D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{07A86F53-B765-41AE-9052-37379BE3AE8D}D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [{4121E807-9380-4AF6-863C-8163BA9ADD91}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [{410278F9-D9E1-49E2-9A8E-5606544CC41E}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C3E39A0D-AF5D-47CB-894F-5378916D784C}D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4E51DACD-0E18-484D-B565-32356A16FDF0}D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [{3C670086-BCC7-4343-A5ED-5E3178A63810}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [{BBE5A50E-F379-4A0D-A507-3FBC6EE3BAFB}] => (Block) D:\program files (x86)\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A5ABAB27-77E2-403F-9B59-9F7C11577AEA}D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8193417-103C-4E6C-B0FD-4D558C43AF11}D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [{32A78BDA-4EF5-45E7-A33A-6F8E7CF773AA}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [{106022EF-3440-4D4B-B1E5-D732A3E86E92}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{92FF12DA-F08F-495A-8F2F-E113DB33BD5E}D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C090FEB4-53A4-47BA-9A98-A72680E827A5}D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{1959CDC1-F19E-4E82-A30A-18428A2E4103}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{0B350210-CE04-4F8F-8BE9-F58CCFE2EEF1}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{18663074-0784-4736-90AF-45E795DB7761}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{63963DAB-8B03-4174-B8C3-35EB636C204B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{331EBEAC-DC7D-48A4-9708-9CE3A226DF60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{9B254037-71EC-4109-A2D7-036F5F559420}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [TCP Query User{EC89008E-74BC-4D80-84F5-C9A1CC03BB1D}D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{669BA84F-505B-4B79-854C-A90EBCD99DD9}D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [{B14625E2-67E2-449A-A2E6-89B354FDC550}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [{45038B4A-BEDB-4055-A6E2-6C3012461407}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DF115BE6-F6EB-4EC4-AC73-FBBD5BF9037F}D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E46FE625-8C97-44EB-BD30-1121C1F7275A}D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{778BBC31-B991-4E9E-92AE-FA34A326A670}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{1CFB5B62-B32B-4D84-B819-1E80AF702890}] => (Block) D:\program files (x86)\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe
FirewallRules: [{0EA2A9D6-DC72-4D83-A011-BA7B9FB2707A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{866FC323-8A79-4C58-A957-D117D2B1F401}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{46232BF3-2928-4E0C-B65C-DF0BDF3360D6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{DD9A86B9-860C-4951-B223-D9FCEB00815D}D:\program files (x86)\heroes of the storm\versions\base67143\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base67143\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{30D16E87-8EBB-4547-BAFA-441E66F40091}D:\program files (x86)\heroes of the storm\versions\base67143\heroesofthestorm_x64.exe] => (Block) D:\program files (x86)\heroes of the storm\versions\base67143\heroesofthestorm_x64.exe
FirewallRules: [{B504E9F5-8E39-4A8D-A399-47A61AE97F15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
22-07-2018 12:04:00 Scheduled Checkpoint
06-08-2018 22:54:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2018 09:23:35 PM) (Source: TrueKey) (EventID: 0) (User: )
Description: Failed to process session change. System.ArgumentException: Data Source cannot be empty.  Use :memory: to open an in-memory database
   at System.Data.SQLite.SQLiteConnection.Open()
   at McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
   at McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
   at McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
   at McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
 
Error: (08/08/2018 09:23:32 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 02:13:04 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 02:13:03 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 02:13:03 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 02:13:00 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 02:12:56 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (08/08/2018 12:28:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ed8
 
Start Time: 01d42e8daaae0d48
 
Termination Time: 0
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 575ebf5e-9a90-11e8-828e-20cf30732033
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/03/2018 11:35:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/31/2018 01:04:55 AM) (Source: DCOM) (EventID: 10010) (User: TABLETOP)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 did not register with DCOM within the required timeout.
 
Error: (07/31/2018 01:04:55 AM) (Source: DCOM) (EventID: 10010) (User: TABLETOP)
Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (07/15/2018 08:12:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (07/15/2018 08:11:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/11/2018 09:06:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (07/11/2018 09:05:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel Security True Key Scheduler service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/11/2018 09:05:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel Security True Key Scheduler service to connect.
 
 
Windows Defender:
===================================
Date: 2018-08-09 00:44:09.426
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {0443FC62-3F7E-4C2B-88E3-13AE74E53C3E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-06 21:32:11.865
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C31E9411-139A-4AA7-BC40-375DE0CEF04E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-05 12:14:09.747
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {B95F7C04-F4A9-4491-9311-6EC19FE81475}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-30 00:34:58.309
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {39ED0D97-E28C-423B-BB26-19EE64788953}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-28 16:47:33.178
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {60E911E7-8BBD-4240-A423-595A75091332}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-13 20:53:53.700
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:53.700
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:52.058
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:52.057
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-07-13 20:53:33.057
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.271.886.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2017-08-29 22:44:02.561
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:43:51.102
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:42:05.692
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2017-08-29 22:27:37.115
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2017-08-29 22:25:40.709
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks32.dll that did not meet the Microsoft signing level requirements.
 
Date: 2017-08-29 22:25:39.240
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2017-08-29 22:25:39.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2017-08-29 01:34:49.989
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 48%
Total physical RAM: 6068.55 MB
Available physical RAM: 3153.44 MB
Total Virtual: 8747.87 MB
Available Virtual: 4647.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:173.7 GB) (Free:132.57 GB) NTFS
Drive d: (DATA) (Fixed) (Total:422.12 GB) (Free:302.67 GB) NTFS
 
\\?\Volume{fce7b449-157e-11e6-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: DE4527D1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=422.1 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:16 PM

Posted 09 August 2018 - 08:47 PM

Greetings Akureyr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Do you recognize these?

C:\Users\Justin\Downloads\Juris.aup
C:\Users\Justin\Downloads\Juris_data


Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
Toolbar: HKU\S-1-5-21-1386187955-881786914-96266419-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8}
CHR HKU\S-1-5-21-1386187955-881786914-96266419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe"
U0 aswVmm; no ImagePath
2017-08-29 22:16 - 2017-08-29 22:16 - 000000000 _____ () C:\Users\Justin\AppData\Local\{FD8EAFC0-CB23-47D4-A862-DAE926F7E788}
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • AdwCleaner log
  • Fixlog
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 10 August 2018 - 01:16 PM

Thanks! The Juris.aup and data files relate to an Audacity audio recording I've been working on (I did import it from my other laptop via a USB, but I don't think malware can spread from those files right?)

 

AdW Cleaner log: 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-07.3
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-10-2018
# Duration: 00:00:05
# OS:       Windows 8.1
# Cleaned:  1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       MSN Homepage & Bing Search Engine
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1267 octets] - [10/08/2018 19:56:43]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 
FRST log: 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Justin (10-08-2018 20:03:45) Run:1
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
Toolbar: HKU\S-1-5-21-1386187955-881786914-96266419-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8}
CHR HKU\S-1-5-21-1386187955-881786914-96266419-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe"
U0 aswVmm; no ImagePath
2017-08-29 22:16 - 2017-08-29 22:16 - 000000000 _____ () C:\Users\Justin\AppData\Local\{FD8EAFC0-CB23-47D4-A862-DAE926F7E788}
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
"HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
"HKU\S-1-5-21-1386187955-881786914-96266419-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => not found
"HKU\S-1-5-21-1386187955-881786914-96266419-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => removed successfully
"HKLM\System\CurrentControlSet\Services\InstallerService" => removed successfully
InstallerService => service removed successfully
"HKLM\System\CurrentControlSet\Services\aswVmm" => removed successfully
aswVmm => service removed successfully
C:\Users\Justin\AppData\Local\{FD8EAFC0-CB23-47D4-A862-DAE926F7E788} => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31309770 B
Java, Flash, Steam htmlcache => 342615045 B
Windows/system/drivers => 2635418 B
Edge => 0 B
Chrome => 488019829 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 432 B
LocalService => 713684 B
NetworkService => 1016670 B
Justin => 69669362 B
 
RecycleBin => 409317349 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:08:29 ====
 
No major or suspicious issues lately since installing the Chrome AdBlock extension, thankfully--I do want to be sure the prizemediayou thing is gone, and I do also want to figure out where it could have come from.

Edited by Akureyr, 10 August 2018 - 01:17 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:16 PM

Posted 10 August 2018 - 03:30 PM

Thanks for the information.

Those files are of no concern as long as you are aware of them. They were just unfamiliar to me.

It is hard to tell where it came from but it sounds like it was related to an attempt at a Drive-by download, which is common. The key is to not click on the pop up. You handled it perfectly.

I don't see any reason for concern at this point. Do you have any other issues or concerns before we wrap this up?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 11 August 2018 - 08:19 AM

That's a relief to hear.  No other issues or concerns. 

 

How do I protect myself in the future, and what triggers drive-by-downloads?

 

Also, can even secure sites (i.e. marked "secure" with green lock in the upper left next to the URL typed out) have drive-by-download windows?


Edited by Akureyr, 11 August 2018 - 08:20 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:16 PM

Posted 11 August 2018 - 07:15 PM

Greetings.

Keeping your computer up to date minimizes the chances of malicious software from entering your computer. Antivirus and other types of programs can assist as well. Just continue these and keep an eye out for suspicious activity as you did in this case and act accordingly. There is additional information below to help you keep your computer clean and safe.

You should be OK with secure web sites (https) but it is always good to be diligent.

Looks like we are all done.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your computer is now clean.

Right click on the FRST icon and rename it to Uninstall. Right click on it again, select Run as administrator and FRST will delete itself.
To check for any leftover installed tools hit the Windows Key + R at the same time, type appwiz.cpl, and hit Enter.
You may uninstall any listed program we used that still remains. You may also delete any other tools or reports created during our efforts.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 12 August 2018 - 04:14 AM

Many thanks! 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:16 PM

Posted 12 August 2018 - 08:31 AM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:16 PM

Posted 12 August 2018 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users