Jump to content

Nanocore install dialog persists


Recommended Posts

Hey guys, i think i have some backdoor stuff going on with my system.  i very rarely restart this machine - like once a month. i have malwarebytes running a weekly scan and a couple of times recently it's come up with some threats - Trojan.stolendata in users/appdata/roaming/imminent/logs.

i recently set the machine to lock after 20 minutes and i've noticed more threat alerts. today i have a "would you like to install nanocore" dialog on my screen. i have not clicked either decline or accept on that dialog, but i read through some of your posts which seem to indicate that its the tip of a malware iceberg.

i have included a farbar 64 bit scan file as recommended in one of your latest posts. i guess i'm prepared to do a flatten and rebuild on this machine but i'd really rather not, and of course i'd like to trust my files.  can you give me any help with this?

FRST.txt

Link to post
Share on other sites

Hi strangelet :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

When you ran FRST, two logs should have been created: FRST.txt and Addition.txt. You provided me FRST.txt, but not Addition.txt. Can you attach it in your next reply?

Link to post
Share on other sites

All good :) As you mentionned, you were indeed infected with a backdoor trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

 
  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.


The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

This being said, there's no way to be sure that your system still won't be compromised after this clean-up, so you have two options: either go forward with it, or do a nuke and pave (format and reinstall). I'll assist you in both cases, just let me know which path you want to go down :)

Link to post
Share on other sites

thanks, i'd like to try cleanup for now , and then flatten the system when i have some more time.  i must say, your response time is excellent - thankyou for your dedication. i'm going to have to go sleep then work so i'll be back in 18 hours or so. i will change my online passwords from work tomorrow. 

Link to post
Share on other sites

Well, I'm always online in the evening, so I can reply to threads pretty fast. During the day, not so much since I'm at work and I cannot check constantly :) I'll help you with the clean-up, and at the end, if you ever want to do a nuke and pave, let me know. And yes, please change your passwords as soon as you can tomorrow and if possible, on another computer while we wait for yours to be completely cleaned (otherwise, it'll be pointless to change them since the system will still be infected).

I noticed in the logs that someone has installed settings in the hosts file designed to bypass or pirate at least Adobe software. As we do not condone piracy I'd like to ask you to please remove those settings so that we can continue on here and see what's up.

This being said, we'll start by running a fix using FRST, followed by a scan with Malwarebytes.

After running the fix with FRST, a file called Upload.zip will be created on your desktop. Please upload that file to the following link.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode

  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

After running FRST, Malwarebytes and restarting your computer, do you still get the prompts to install NanoCore?

Your next reply(ies) should include:

  • Acknowledgement that traces of pirated software are present on your system;
  • Confirmation that you uploaded the Upload.zip file to the link posted above;
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted content of Malwarebytes' clean log;
  • Current status of the NanoCore install prompts;

Well I happen to be online in the evening, so my response time gets affected :) During the day it's harder since I work.

 

fixlist.txt

Link to post
Share on other sites

ok. so first, shame on me, i have traces of pirated software on my machine v.v

Farbar 64 ran fine, and asked me to restart. upon restart, the nanocore dialog was gone.  i ran MWB, and it detected no threats. 

the farbar fixlog and the mwb log are included here - 

 

farbar fixlog - ----------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by strangelet (06-10-2016 13:49:01) Run:1
Running from C:\Users\strangelet\Desktop
Loaded Profiles: strangelet (Available Profiles: strangelet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Zip: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.lnk;C:\Users\strangelet\AppData\Roaming\Sync.exe;C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eYZFHhhieETC.lnk;C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KTeaARREAFKZ.lnk;C:\Users\strangelet\RZh83q3OKZX4ypjl\UDDi.exe;C:\Users\strangelet\5oktZ94jupWgyMGG\DQHF.exe;C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NdFSFDcRBOGRVCTR.cmd.lnk;

HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\MountPoints2: {b8e731be-3094-11e4-92ad-902b3457c95d} - E:\Startme.exe
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\MountPoints2: {c7dcc9ca-920a-11e2-9772-806e6f6e6963} - D:\Run.exe
Startup: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.lnk [2016-08-01]
ShortcutTarget: Browser.lnk -> C:\Users\strangelet\AppData\Roaming\Sync.exe ()
Startup: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eYZFHhhieETC.lnk [2016-09-27]
ShortcutTarget: eYZFHhhieETC.lnk -> C:\Users\strangelet\RZh83q3OKZX4ypjl\UDDi.exe (AutoIt Team)
Startup: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KTeaARREAFKZ.lnk [2016-10-05]
ShortcutTarget: KTeaARREAFKZ.lnk -> C:\Users\strangelet\5oktZ94jupWgyMGG\DQHF.exe (AutoIt Team)
Startup: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NdFSFDcRBOGRVCTR.cmd.lnk [2016-08-10]
ShortcutTarget: NdFSFDcRBOGRVCTR.cmd.lnk -> C:\Users\strangelet\AppData\Roaming\MSCESJchTQNhcMBYHBhfg.cmd (No File)

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FEE005E-9468-D082-0890-9FEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2017\Inventor Server\Bin\TestServer.dll => No File
SID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2017\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5EC0D4F2-9468-D082-A444-B1AF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2017\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

Task: {67F1F308-4F0F-4FEC-BAA3-F2863D3A6390} - System32\Tasks\{7C16A7FA-EF7F-48E8-A7A1-F33AACE42E44} => pcalua.exe -a C:\Users\strangelet\Downloads\Saitek_X52Pro_Flight_Controller_SD6_64.exe -d C:\Users\strangelet\Downloads
Task: {7A44860A-5E35-4A71-B4BE-8E7E6590557F} - System32\Tasks\{E884E368-E0EB-48D3-8005-F3FB996C2D74} => pcalua.exe -a "C:\Users\strangelet\Documents\Vuze Downloads\7377_10_ca_V4EliteTextureAmy.exe" -d "C:\Users\strangelet\Documents\Vuze Downloads"

C:\ProgramData\mntemp
C:\ProgramData\temp21.log
C:\ProgramData\temp25.log
C:\ProgramData\temp54.log
C:\Users\strangelet\5oktZ94jupWgyMGG
C:\Users\strangelet\RZh83q3OKZX4ypjl
C:\Users\strangelet\AppData\Local\uninst.log
C:\Users\strangelet\AppData\Local\uninst3.log
C:\Users\strangelet\AppData\Local\uninst36.log
C:\Users\strangelet\AppData\Roaming\HIWZgHSAfhIH
C:\Users\strangelet\AppData\Roaming\GgTLKMSQOAPXDFTCSLM
C:\Users\strangelet\AppData\Roaming\Imminent
C:\Users\strangelet\AppData\Roaming\.Identifier
C:\Users\strangelet\AppData\Roaming\Sync.exe
C:\Users\strangelet\AppData\Roaming\MSCESJchTQNhcMBYHBhfg.cmd
C:\Users\strangelet\AppData\Roaming\uninst.log
C:\Users\strangelet\AppData\Roaming\uninst2.log
C:\Users\strangelet\AppData\Roaming\uninst45.log

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
================== Zip: ===================
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.lnk -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\AppData\Roaming\Sync.exe -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eYZFHhhieETC.lnk -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KTeaARREAFKZ.lnk -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\RZh83q3OKZX4ypjl\UDDi.exe -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\5oktZ94jupWgyMGG\DQHF.exe -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NdFSFDcRBOGRVCTR.cmd.lnk -> copied successfully to C:\Users\strangelet\Desktop\Upload.zip
"" -> not found
=========== Zip: End ===========
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8e731be-3094-11e4-92ad-902b3457c95d}" => key removed successfully
HKCR\CLSID\{b8e731be-3094-11e4-92ad-902b3457c95d} => key not found. 
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7dcc9ca-920a-11e2-9772-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{c7dcc9ca-920a-11e2-9772-806e6f6e6963} => key not found. 
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.lnk => moved successfully
C:\Users\strangelet\AppData\Roaming\Sync.exe => moved successfully
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eYZFHhhieETC.lnk => moved successfully
C:\Users\strangelet\RZh83q3OKZX4ypjl\UDDi.exe => moved successfully
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KTeaARREAFKZ.lnk => moved successfully
C:\Users\strangelet\5oktZ94jupWgyMGG\DQHF.exe => moved successfully
C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NdFSFDcRBOGRVCTR.cmd.lnk => moved successfully
C:\Users\strangelet\AppData\Roaming\MSCESJchTQNhcMBYHBhfg.cmd => not found.
gdrv => service removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}" => key removed successfully
SID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}" => key removed successfully
"HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67F1F308-4F0F-4FEC-BAA3-F2863D3A6390}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F1F308-4F0F-4FEC-BAA3-F2863D3A6390}" => key removed successfully
C:\Windows\System32\Tasks\{7C16A7FA-EF7F-48E8-A7A1-F33AACE42E44} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C16A7FA-EF7F-48E8-A7A1-F33AACE42E44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A44860A-5E35-4A71-B4BE-8E7E6590557F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A44860A-5E35-4A71-B4BE-8E7E6590557F}" => key removed successfully
C:\Windows\System32\Tasks\{E884E368-E0EB-48D3-8005-F3FB996C2D74} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E884E368-E0EB-48D3-8005-F3FB996C2D74}" => key removed successfully
C:\ProgramData\mntemp => moved successfully
C:\ProgramData\temp21.log => moved successfully
C:\ProgramData\temp25.log => moved successfully
C:\ProgramData\temp54.log => moved successfully
C:\Users\strangelet\5oktZ94jupWgyMGG => moved successfully
C:\Users\strangelet\RZh83q3OKZX4ypjl => moved successfully
C:\Users\strangelet\AppData\Local\uninst.log => moved successfully
C:\Users\strangelet\AppData\Local\uninst3.log => moved successfully
C:\Users\strangelet\AppData\Local\uninst36.log => moved successfully
C:\Users\strangelet\AppData\Roaming\HIWZgHSAfhIH => moved successfully
C:\Users\strangelet\AppData\Roaming\GgTLKMSQOAPXDFTCSLM => moved successfully
C:\Users\strangelet\AppData\Roaming\Imminent => moved successfully
C:\Users\strangelet\AppData\Roaming\.Identifier => moved successfully
"C:\Users\strangelet\AppData\Roaming\Sync.exe" => not found.
"C:\Users\strangelet\AppData\Roaming\MSCESJchTQNhcMBYHBhfg.cmd" => not found.
C:\Users\strangelet\AppData\Roaming\uninst.log => moved successfully
C:\Users\strangelet\AppData\Roaming\uninst2.log => moved successfully
C:\Users\strangelet\AppData\Roaming\uninst45.log => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 136733732 B
Java, Flash, Steam htmlcache => 249378992 B
Windows/system/drivers => 302907440 B
Edge => 0 B
Chrome => 784162231 B
Firefox => 378254617 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 17855 B
systemprofile32 => 66228 B
LocalService => 132244 B
NetworkService => 1363316 B
strangelet => 14496819317 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 15.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:49:34 ====

 

 

 

 

and the MWB results log ----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/10/2016
Scan Time: 13:52
Logfile: mwb-results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.06.09
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: strangelet

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 464998
Time Elapsed: 6 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Awesome :) Did you upload the Upload.zip file on the website I linked?

Now we'll run Emsisoft Emergency Kit to see if there are any remnants left, and grab a fresh pair of FRST logs.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

How's your computer running now?

Your next reply(ies) should include:

  • Answer to my question about Upload.zip;
  • Copy/pasted content of the EEK clean log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;
  • Answer to my question abour your computer's current state;

Link to post
Share on other sites

hey again.

I just uploaded the Upload.zip and filled out the info requested at your link.

my machine seems fine - the nanocore dialog is no longer appearing, although the machine's performance never seemed to have degraded in the first place so it's hard to tell if it's "back to normal" or not.

here's the emsisoft quarantine log  - ---------------------------------------

 

 

Emsisoft Emergency Kit - Version 11.9
Quarantine log

Date    Source    Event    Detection    
06/10/2016 22:36:02    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32    Moved to quarantine    Application.Win32.InstallExt (A)    
06/10/2016 22:36:02    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS    Moved to quarantine    Application.Win32.InstallExt (A)    
06/10/2016 22:36:02    C:\Program Files (x86)\SpeedTree\SpeedTree Modeler.exe    Moved to quarantine    Gen:Variant.Midie.1888 (B)    
 

 

 

here is the farbar FRST.txt ----------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by strangelet (administrator) on VADER (06-10-2016 22:40:47)
Running from C:\Users\strangelet\Desktop
Loaded Profiles: strangelet (Available Profiles: strangelet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Input Director\IDWinService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
( ) C:\Windows\System32\lxdncoms.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hammer & Chisel, Inc.) C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\Discord.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
() C:\Program Files (x86)\Input Director\IDVistaService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Imperative Software Pty Ltd) C:\Program Files (x86)\Input Director\InputDirector.exe
(Imperative Software Pty Ltd) C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hammer & Chisel, Inc.) C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\Discord.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Hammer & Chisel, Inc.) C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Run: [Google Update] => C:\Users\strangelet\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Run: [InputDirector] => C:\Program Files (x86)\Input Director\InputDirector.exe [593920 2012-09-27] (Imperative Software Pty Ltd)
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Run: [Discord] => C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013-09-08]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Driver Instrumentation Tray.lnk [2015-11-21]
ShortcutTarget: NVIDIA Driver Instrumentation Tray.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA PerfSDK\NVInstEnabler.exe ()
Startup: C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2013-03-22]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7DDBBA05-3137-428A-AFE2-87B767B665B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-04] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll => No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\strangelet\AppData\Roaming\Mozilla\Firefox\Profiles\if6ihpwt.default [2016-10-06]
FF Extension: (Adblock Plus) - C:\Users\strangelet\AppData\Roaming\Mozilla\Firefox\Profiles\if6ihpwt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-12-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-04] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [2013-11-12] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> c:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\strangelet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: @talk.google.com/O1DPlugin -> C:\Users\strangelet\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: @tools.google.com/Google Update;version=3 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: @tools.google.com/Google Update;version=9 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\strangelet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-30] ()
FF Plugin HKU\S-1-5-21-2473766996-3344577932-1833207240-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\strangelet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\strangelet\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR StartupUrls: Default -> ""
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default [2016-10-06]
CHR Extension: (From Dust) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-01-06]
CHR Extension: (Google Drive) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Adblock Plus) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-27]
CHR Extension: (Google Search) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2015-12-29]
CHR Extension: (Gmail) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\strangelet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1415176 2016-09-06] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [249104 2016-07-27] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2010-07-21] () [File not signed]
R2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2012-09-27] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( ) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-01] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 droidpad; C:\Windows\System32\DRIVERS\droidpad.sys [21320 2013-04-18] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 SaiHFF32; C:\Windows\System32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek)
S3 SaiIFF32; C:\Windows\System32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Saitek)
S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-20] (Saitek)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-06 22:25 - 2016-10-06 22:40 - 00000000 ____D C:\EEK
2016-10-06 14:00 - 2016-10-06 14:00 - 00001064 _____ C:\Users\strangelet\Desktop\mwb-results.txt
2016-10-06 13:49 - 2016-10-06 13:49 - 01378970 _____ C:\Users\strangelet\Desktop\Upload.zip
2016-10-06 13:49 - 2016-10-06 13:49 - 00015686 _____ C:\Users\strangelet\Desktop\Fixlog.txt
2016-10-05 23:25 - 2016-10-06 22:40 - 00028686 _____ C:\Users\strangelet\Desktop\FRST.txt
2016-10-05 23:25 - 2016-10-06 22:40 - 00000000 ____D C:\FRST
2016-10-05 23:25 - 2016-10-05 23:25 - 00179534 _____ C:\Users\strangelet\Desktop\Addition.txt
2016-10-05 23:24 - 2016-10-05 23:24 - 02405376 _____ (Farbar) C:\Users\strangelet\Desktop\FRST64.exe
2016-10-02 12:13 - 2016-10-02 12:14 - 00000000 ____D C:\Users\strangelet\Documents\New Unity Project
2016-10-02 01:54 - 2016-10-02 01:54 - 00000222 _____ C:\Users\strangelet\Desktop\Strike Vector.url
2016-09-25 11:39 - 2016-09-25 11:39 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\FiraxisLive
2016-09-25 11:38 - 2016-09-25 11:38 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\ModLauncherWPF
2016-09-24 18:09 - 2016-09-24 18:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2016-09-24 09:23 - 2016-09-24 09:23 - 00000222 _____ C:\Users\strangelet\Desktop\XCOM 2.url
2016-09-19 19:40 - 2016-09-19 19:40 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-19 19:40 - 2016-08-25 22:10 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-09-19 19:40 - 2016-08-25 22:10 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-09-19 19:40 - 2016-08-25 21:50 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-09-19 19:40 - 2016-05-04 03:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-19 19:40 - 2016-05-04 03:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-09-19 19:40 - 2016-05-04 03:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-19 19:40 - 2016-05-04 03:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-19 19:39 - 2016-08-26 00:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-19 19:39 - 2016-08-26 00:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00408784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-09-19 19:39 - 2016-08-26 00:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-09-19 19:39 - 2016-08-26 00:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-09-19 19:39 - 2016-08-26 00:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-09-19 19:17 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-09-19 19:17 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-09-19 19:17 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-09-11 00:04 - 2016-09-11 00:04 - 00000222 _____ C:\Users\strangelet\Desktop\TOXIKK.url
2016-09-10 19:19 - 2016-09-10 19:19 - 00000000 ____D C:\Users\strangelet\AppData\Local\Nicke_Manarin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-06 22:36 - 2013-04-15 00:35 - 00000000 ____D C:\Program Files (x86)\SpeedTree
2016-10-06 22:35 - 2013-03-22 00:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-06 22:35 - 2013-03-22 00:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-06 22:27 - 2014-10-14 23:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-06 22:20 - 2013-05-18 14:17 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000UA.job
2016-10-06 22:01 - 2013-03-23 03:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-06 13:58 - 2009-07-14 06:13 - 00782274 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-06 13:58 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-06 13:58 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-06 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-06 13:51 - 2013-07-10 20:33 - 00000000 ____D C:\Users\strangelet\AppData\Local\CrashDumps
2016-10-06 13:51 - 2013-03-22 20:21 - 00000000 ____D C:\Users\strangelet\AppData\Local\TSVNCache
2016-10-06 13:51 - 2013-03-22 01:03 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-06 13:51 - 2013-03-22 00:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-06 13:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-06 13:49 - 2015-01-28 20:52 - 00000000 ____D C:\Users\strangelet\AppData\LocalLow\Temp
2016-10-06 13:49 - 2013-03-21 23:58 - 00000000 ____D C:\Users\strangelet
2016-10-06 13:47 - 2013-03-22 01:09 - 00000000 ____D C:\Users\strangelet\Documents\Vuze Downloads
2016-10-06 01:20 - 2013-05-18 14:17 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000Core.job
2016-10-05 23:05 - 2013-03-23 04:26 - 00000000 ____D C:\Users\strangelet\Documents\UnCodeX
2016-10-04 17:24 - 2014-12-28 03:02 - 00000000 ____D C:\Users\strangelet\AppData\Local\Frontier_Developments
2016-10-03 22:37 - 2013-03-22 00:22 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 22:37 - 2013-03-22 00:22 - 00002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-02 12:16 - 2013-08-11 03:06 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\Audacity
2016-10-02 12:13 - 2014-02-22 00:58 - 00000000 ____D C:\ProgramData\Unity
2016-10-02 01:54 - 2014-05-16 01:18 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-01 18:28 - 2016-07-13 20:33 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\obs-studio
2016-09-25 11:38 - 2013-05-02 02:40 - 00000000 ____D C:\Users\strangelet\Documents\My Games
2016-09-19 19:43 - 2013-05-01 22:56 - 00000000 ____D C:\Users\strangelet\Desktop\unadded
2016-09-19 19:40 - 2015-05-03 22:55 - 00000000 ____D C:\temp
2016-09-19 19:40 - 2013-03-22 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-19 19:40 - 2013-03-22 00:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-19 19:40 - 2013-03-22 00:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-19 19:17 - 2014-10-15 22:06 - 00001386 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-19 19:17 - 2014-10-15 22:06 - 00000000 ____D C:\Users\strangelet\AppData\Local\NVIDIA Corporation
2016-09-19 19:17 - 2014-10-15 22:06 - 00000000 ____D C:\Users\strangelet\AppData\Local\NVIDIA
2016-09-18 12:57 - 2013-04-25 20:52 - 00000000 ____D C:\Users\strangelet\Documents\World Machine Documents
2016-09-17 19:41 - 2013-04-07 12:23 - 00000000 ____D C:\Users\strangelet\AppData\Roaming\FileZilla
2016-09-17 13:34 - 2016-08-08 20:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-14 22:52 - 2013-07-03 01:52 - 00000000 ____D C:\Users\strangelet\AppData\Local\Arma 3
2016-09-14 20:20 - 2013-07-03 01:52 - 00000000 ____D C:\Users\strangelet\Documents\Arma 3
2016-09-14 19:37 - 2014-07-25 01:32 - 00000000 ____D C:\Users\strangelet\AppData\Local\Bohemia_Interactive
2016-09-13 15:01 - 2013-03-23 03:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:01 - 2013-03-23 03:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:01 - 2013-03-22 22:49 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 15:01 - 2013-03-22 02:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:01 - 2013-03-22 02:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-11 10:59 - 2014-08-19 23:07 - 00000000 ____D C:\Users\strangelet\Desktop\webthrows
2016-09-10 20:11 - 2016-08-22 17:47 - 00000000 ____D C:\Users\strangelet\AppData\Local\CLO
2016-09-10 15:53 - 2014-01-27 22:00 - 00000000 ____D C:\Users\strangelet\shared
2016-09-10 13:24 - 2013-04-05 00:30 - 00001456 _____ C:\Users\strangelet\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-10 12:41 - 2013-03-30 02:49 - 00000132 _____ C:\Users\strangelet\AppData\Roaming\Adobe Targa Format CS6 Prefs

==================== Files in the root of some directories =======

2014-07-13 21:40 - 2014-08-25 18:05 - 0000132 _____ () C:\Users\strangelet\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-05-05 00:34 - 2015-05-16 02:47 - 0000132 _____ () C:\Users\strangelet\AppData\Roaming\Adobe OpenEXR Format CS6 Prefs
2013-04-05 00:37 - 2016-07-12 23:13 - 0000132 _____ () C:\Users\strangelet\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-03-30 02:49 - 2016-09-10 12:41 - 0000132 _____ () C:\Users\strangelet\AppData\Roaming\Adobe Targa Format CS6 Prefs
2013-04-05 00:30 - 2016-09-10 13:24 - 0001456 _____ () C:\Users\strangelet\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-07-08 21:20 - 2013-07-08 21:20 - 0003584 _____ () C:\Users\strangelet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-22 20:34 - 2016-08-08 22:42 - 0007666 _____ () C:\Users\strangelet\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\strangelet\0-keyshot_w64_5.3.6_update.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-05 01:35

==================== End of FRST.txt ============================

 

 

and here is the farbar Addition.txt  -------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by strangelet (06-10-2016 22:40:57)
Running from C:\Users\strangelet\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-21 22:58:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2473766996-3344577932-1833207240-500 - Administrator - Disabled)
Guest (S-1-5-21-2473766996-3344577932-1833207240-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2473766996-3344577932-1833207240-1003 - Limited - Enabled)
strangelet (S-1-5-21-2473766996-3344577932-1833207240-1000 - Administrator - Enabled) => C:\Users\strangelet

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Ripper DX v1.8.2 (HKLM-x32\...\3D Ripper DX_is1) (Version:  - Roman Lut)
3d-coat (HKLM-x32\...\Steam App 100980) (Version:  - Pilgway)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A New Zero (HKLM-x32\...\A New Zero) (Version:  - )
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version:  - Namco)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM-x32\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Agisoft PhotoScan Professional (HKLM\...\{EDDC0F4F-8941-4DBF-B107-4175041DEABD}) (Version: 1.2.5 - Agisoft)
Allegorithmic Substance Player 3.x (HKLM-x32\...\substance_player_3_x) (Version: 3.6.0 build 12465 (2013-07-09) - Allegorithmic)
Allegorithmic Substance Player 4.2.0 (HKLM-x32\...\substance_player_4_x) (Version: 4.2.0 build 13610 (2014-04-11) - Allegorithmic)
Allegorithmic Substance Player 5.3.3 (HKLM-x32\...\Substance Player_5) (Version: 5.3.3 build 16921 (2015-11-10) - Allegorithmic)
Angels Fall First (HKLM\...\AFF-260932ec-23cb-41a9-a508-ea0797f9d151) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM\...\UDK-7b0c7d71-4805-4bd2-bb9b-a60145f9622c) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM\...\UDK-b1df1b13-f204-4c91-a816-39b66054c822) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM\...\UDK-deaef42d-f2d2-4354-8af1-f58cd120a697) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM\...\UDK-f18b29d1-89c8-43d3-9964-0456d54ea223) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM\...\UDK-f9e176f8-5e55-40c0-8ad8-d61e37d79c87) (Version:  - Epic Games, Inc.)
Angels Fall First (HKLM-x32\...\Steam App 367270) (Version:  - Strangely Interactive Ltd)
Angels Fall First Dedicated Server (HKLM-x32\...\Steam App 407480) (Version:  - )
Angels Fall First jtest1 (HKLM\...\AFF-9346733d-8215-428e-86f4-1fc54b9368bd) (Version:  - Epic Games, Inc.)
Angels Fall First RC0 (HKLM\...\AFF-7f5122d5-35b4-4513-92c7-231da5d5d947) (Version:  - Epic Games, Inc.)
Angels Fall First RC0 (HKLM\...\AFF-beac2a54-5a86-40e6-bf35-410fc7897615) (Version:  - Epic Games, Inc.)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.3.0 - Propellerhead Software AB) Hidden
Autodesk 123D Catch (HKLM-x32\...\{DCA7A8E3-5D4C-4798-86CE-C2F229FA68C1}) (Version: 1.0.688 - Autodesk)
Autodesk 3ds Max 2010 64-bit (HKLM\...\{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2010 64-bit Components (HKLM\...\{B9E591DD-DAAC-0409-B1B8-5667E359170B}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2017 (HKLM\...\Autodesk 3ds Max 2017) (Version: 19.0.1072.0 - Autodesk)
Autodesk 3ds Max 2017 (Version: 19.0.1072.0 - Autodesk) Hidden
Autodesk 3ds Max 2017 Populate Data (HKLM\...\{2B07E17E-A072-43BD-9DCC-369B56C16698}) (Version: 19.0.0.0 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (HKLM\...\Autodesk 3ds Max Design 2013 64-bit) (Version: 15.6.164.0 - Autodesk)
Autodesk 3ds Max Design 2013 64-bit (Version: 15.6.164.0 - Autodesk) Hidden
Autodesk 3ds Max Design 2013 64-bit Product Update 6 (HKLM\...\Autodesk 3ds Max Design 2013 64-bit SP6) (Version: 15.6.164.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk Backburner 2017.0 (HKLM-x32\...\{0038F5AA-8482-4BB2-8A28-3FEA1D58D780}) (Version: 17.0.0.0 - Autodesk)
Autodesk Civil View for 3ds Max 2017 64-bit (HKLM\...\{1C4FFAF0-7DBB-4F7A-A386-46747D060826}) (Version: 19.0.0.0 - Autodesk)
Autodesk FBX 2013.3 Plug-in for 3ds Max 2013 64-bit (HKLM\...\Autodesk FBX 2013.3 Plug-in for 3ds Max 2013 64-bit) (Version:  - Autodesk)
Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit (HKLM\...\Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit) (Version:  - Autodesk)
Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit) (Version:  - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2017 (HKLM\...\{9167CA34-4E68-49E3-8892-3C439739D2D3}) (Version: 19.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2017 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2017) (Version: 17.0.411.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2017 (Version: 17.0.411.0 - Autodesk) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitmap2Material (HKLM-x32\...\Steam App 246600) (Version:  - Allegorithmic)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BRINK (HKLM-x32\...\Steam App 22350) (Version:  - Splash Damage)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
CINEMA 4D 16.011 (HKLM\...\MAXON8B6F11F9) (Version: 16.011 - MAXON Computer GmbH)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CraftWare 1.13 (HKLM-x32\...\CraftWare1.13) (Version: 1.13 - CraftUnique ltd)
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
Crossout Launcher 1.0.0.18 (HKLM-x32\...\CrossOutLauncher_is1) (Version:  - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Electronic Arts)
CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
Darksiders (HKLM\...\Steam App 50620) (Version:  - Vigil Games)
Darksiders II (HKLM\...\Steam App 50650) (Version:  - Vigil Games)
DDS Thumbnail Viewer (HKLM-x32\...\{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}) (Version: 1.00.000 - )
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
DS4Windows (HKLM-x32\...\{BA597B36-ACBC-424E-B43D-C5FF4BC5F42B}) (Version: 1.5.9 - DSDCS)
Elgato Game Capture HD (HKLM-x32\...\{C99F524D-DA01-410A-8AE1-ED8B755DC2D3}) (Version: 1.30.24.382 - Elgato Systems GmbH)
Elite Dangerous Launcher version 0.4.4783.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.4783.0 - Frontier Developments)
Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version:  - Frontier Developments)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Epic Games Launcher (HKLM\...\{89009F5F-0A2C-4196-9543-EA50C81CF26E}) (Version: 1.1.39.0 - Epic Games, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Forged Alliance Forever (HKLM-x32\...\{BDB1A380-10A0-4750-96AF-08ABD3715794}) (Version: 242.10.125 - FAF Community)
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Fractured Space (HKLM\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
gDEBugger (HKLM-x32\...\{9CA5D9C5-9F31-4019-88DC-3DF500DB3605}) (Version: 5.7.0.11390 - Graphic Remedy)
GitHub (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\5f7eb300e2ea4ebf) (Version: 1.3.1.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.5.0 - Google Inc.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.34 - AT&T Research Labs.)
Greenfish Icon Editor Pro 3.31 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
GRID (HKLM-x32\...\Steam App 12750) (Version:  - Codemasters Studios)
HAWKEN (HKLM\...\Steam App 271290) (Version:  - Reloaded Games)
Heightmap Image Converter (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\bd57d37cae5c36de) (Version: 1.0.0.0 - Mavrik Games)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
HipChat (HKLM-x32\...\{1E58E3D7-8943-4BF1-BADD-BF471506B684}_is1) (Version: 4.0.1610 - Atlassian Inc)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Input Director v1.3 BETA (HKLM-x32\...\Input Director) (Version: 1.3 - Imperative Software Pty Ltd)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IPackThat (HKLM\...\Steam App 363020) (Version:  - Piranha Bytes Distribution UG&Co KG)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Istrolid (HKLM\...\Steam App 449140) (Version:  - treeform)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer - Dedicated Server (HKLM-x32\...\Steam App 261140) (Version:  - )
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
L.A. Noire (HKLM\...\Steam App 110800) (Version:  - Team Bondi)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Line of Defense (HKLM\...\Steam App 266620) (Version:  - 3000AD)
Line Of Defense Docs (HKLM-x32\...\Line Of Defense Docs) (Version:  - 3000AD, Inc.)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
MacX DVD Ripper Pro For Windows 7.6.8 (HKLM-x32\...\MacX DVD Ripper Pro For Windows_is1) (Version:  - Digiarty Software, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1010 - Marvell)
Marvelous Designer 5 Personal (HKLM-x32\...\Marvelous Designer 5 Personal) (Version:  - CLO Virtual Fashion Inc.)
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Remedy Entertainment)
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
MechWarrior Online (HKLM\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
MeshLab_64b 1.3.3 (HKLM-x32\...\MeshLab_64b) (Version: 1.3.3 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Michael 4 Base Power Loader (HKLM-x32\...\Michael 4 Base Power Loader 7877_3_dpc_M4BasePwrLoader) (Version: 7877_3_dpc_M4BasePwrLoader - Name of your company)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Module Microsoft Report Viewer pour Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
My Game Long Name (HKLM\...\UDK-5158133e-e494-4eae-9090-2befb26e7a80) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-dfb901c9-065a-4e23-97bd-5c96fa5e7ddf) (Version:  - Epic Games, Inc.)
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 7.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_7.5) (Version: 7.5 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA mental ray and IRay feature plugins for 3ds Max 2017 (HKLM\...\{6ABEC32F-B90F-4499-B3A3-FF8A00948178}) (Version: 19.0.0.0 - Autodesk)
NVIDIA PerfHUD 64 bit (HKLM-x32\...\{70A66934-9248-4B31-A71A-E1E4239F7BC6}) (Version: 1 - )
NVIDIA PerfSDK (HKLM-x32\...\{41B6EF3E-C5D2-4196-B915-7DDD8842F8C0}) (Version: 5.0 - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.1 - OBS Project)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
ORION (HKLM\...\Steam App 407840) (Version:  - Trek Industries, Inc)
Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.8.3-4883" - "Outerra")
Overgrowth (HKLM\...\Steam App 25000) (Version:  - Wolfire)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pearl Harbor Encounter (HKLM-x32\...\Pearl Harbor Encounter) (Version:  - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Poser Pro 2012 (HKLM\...\Poser Pro 2012_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PoserContent2012 (HKLM\...\Poser Pro_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quick Media Converter HD (HKLM-x32\...\QUICKMEDIACONVERTER) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Reason 6.5.3 (HKLM\...\Reason6.5_64_is1) (Version: 6.5.3 - Propellerhead Software AB)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
ReCycle 2.2.3 (HKLM\...\ReCycle2.2_64_is1) (Version: 2.2.3 - Propellerhead Software AB)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Rodina (HKLM\...\Steam App 314230) (Version:  - Elliptic Games)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM\...\Steam App 41700) (Version:  - GSC Game World)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Shelter 2 (HKLM-x32\...\Steam App 275100) (Version:  - Might and Delight)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM-x32\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpeedTree 5.1 (HKLM-x32\...\SpeedTree 5.1) (Version:  - )
Spintires (HKLM\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Star Citizen Launcher (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Conflict (HKLM\...\Steam App 212070) (Version:  - Star Gem Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteamVR Performance Test (HKLM\...\Steam App 323910) (Version:  - Valve)
Strike Suit Infinity (HKLM-x32\...\Steam App 234160) (Version:  - )
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version:  - )
Strike Vector (HKLM\...\Steam App 246700) (Version:  - Ragequit Corporation)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version:  - Ragequit Corporation)
Substance Designer 5 (HKLM-x32\...\Steam App 330160) (Version:  - Allegorithmic)
Substance Painter (HKLM-x32\...\Steam App 273390) (Version:  - Allegorithmic)
Substance Painter 2 (HKLM\...\Steam App 454510) (Version:  - Allegorithmic)
Substance Painter 2 version 2.2.0 (HKLM\...\{f42b7a996fa1d13a1d0a2e33eea2c0800bb5d1b8}_is1) (Version: 2.2.0 - Allegorithmic)
Substance Painter version 2.0.1 (HKLM\...\{410F5B6E-A29C-4F43-9DE3-44A1357D6AF5}_is1) (Version: 2.0.1 - Allegorithmic)
Substance Utilities version 1.0.3 (HKLM-x32\...\{09972846-FF49-48DE-81B5-438AAD64D00C}_is1) (Version: 1.0.3 - Allegorithmic)
Supreme Commander: Forged Alliance (HKLM\...\Steam App 9420) (Version:  - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Dude (HKLM-x32\...\Dude) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version:  - CD PROJEKT RED)
Thumbnail me 3.0 (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\Thumbnail me 3.0) (Version:  - )
Time of Dragons (HKLM\...\Steam App 353130) (Version:  - 4 I Lab)
TortoiseSVN 1.9.2.26806 (64 bit) (HKLM\...\{8A5AA5D6-F797-4ED3-AE08-35EF5433409E}) (Version: 1.9.26806 - TortoiseSVN)
Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version:  - Creative Assembly)
TOXIKK (HKLM\...\Steam App 324810) (Version:  - Reakktor Studios)
TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UnCodeX (HKLM-x32\...\{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1) (Version: 241 - Michiel 'elmuerte' Hendriks)
Unity Web Player (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\UnityWebPlayer) (Version: 5.1.2f1 - Unity Technologies ApS)
Universal Combat CE 2.0 (HKLM\...\Steam App 345580) (Version:  - 3000AD)
Unreal Development Kit (HKLM-x32\...\Steam App 13260) (Version:  - Epic Games)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-4c38b4ba-118b-4844-bcb1-0462a3ecc0a4) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-938af84f-1501-4ac3-9feb-de1af08588a1) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2013-07 (HKLM\...\UDK-b2165b71-a992-4e12-bad6-eb2256afda87) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2013-07 (HKLM\...\UDK-d6b9f5c6-24bd-4de4-b57b-91e136ca001c) (Version:  - Epic Games, Inc.)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-439c33f5-2074-498f-9dec-3a9dd8405ec1) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.)
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warface (HKLM\...\Steam App 291480) (Version:  - Crytek)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\WinDirStat) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World Machine 2.3 Professional Edition (HKLM-x32\...\World Machine2Pro) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)
X-COM: Apocalypse (HKLM\...\Steam App 7660) (Version:  - MicroProse Software, Inc)
X-COM: Enforcer (HKLM\...\Steam App 7770) (Version:  - MicroProse Software, Inc)
X-COM: Interceptor (HKLM\...\Steam App 7730) (Version:  - MicroProse Software, Inc)
X-COM: Terror from the Deep (HKLM\...\Steam App 7650) (Version:  - MicroProse Software, Inc)
X-COM: UFO Defense (HKLM\...\Steam App 7760) (Version:  - MicroProse Software, Inc)
xNormal 3.18.4 (HKLM\...\xNormal 3.18.4) (Version:  - Santiago Orgaz)
XnView 2.35 (HKLM-x32\...\XnView_is1) (Version: 2.35 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZBrush 4R6 (HKLM\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\strangelet\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11ED413E-F5FF-4F8B-A834-63C9D3D1A461} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1600486E-76DD-4A3C-9209-1E7086EAD2C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000UA => C:\Users\strangelet\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {506532DD-173F-4B84-A674-F48885BC8312} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000Core => C:\Users\strangelet\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B2BB5C8D-D394-4B89-851F-F910E75C6F7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FC38B13C-8AE6-42CD-AF7E-4B330A90095C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000Core.job => C:\Users\strangelet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2473766996-3344577932-1833207240-1000UA.job => C:\Users\strangelet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-05-14 00:15 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2012-09-27 12:57 - 2012-09-27 12:57 - 00036864 _____ () C:\Program Files (x86)\Input Director\IDWinService.exe
2012-09-27 12:58 - 2012-09-27 12:58 - 00184320 _____ () C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
2013-03-22 00:35 - 2016-08-25 22:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-03-12 18:39 - 2009-03-12 18:39 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
2016-09-19 19:17 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-05-25 13:44 - 2013-12-01 22:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-09-19 19:17 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-09-22 21:32 - 2015-09-22 21:32 - 00093568 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-05-13 21:15 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-02-14 23:51 - 2011-02-14 23:51 - 00205312 _____ () C:\Program Files (x86)\Input Director\ShellIntegrator64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-05-17 02:40 - 2012-11-30 15:27 - 00440832 _____ () C:\Program Files (x86)\Allegorithmic\Substance\Utilities\1.x\contextmenuhandler_64.dll
2015-03-29 11:29 - 2015-03-29 11:29 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-22 00:23 - 2012-05-23 08:01 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-03-22 00:23 - 2012-05-23 08:01 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-07-21 08:06 - 2010-07-21 08:06 - 00013824 _____ () C:\Program Files (x86)\Input Director\IDVistaService.exe
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2013-04-25 21:33 - 2013-02-08 19:37 - 01185080 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-19 19:17 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2013-05-13 21:15 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-09-22 20:52 - 2015-09-22 20:52 - 00073088 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2015-12-05 01:07 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-03-12 18:10 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 23:27 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 23:27 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 23:27 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 20:00 - 2016-09-20 20:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 23:28 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 23:28 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 23:28 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 23:28 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 23:28 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-03-15 18:29 - 2016-09-20 20:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-25 03:29 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-27 14:16 - 2016-08-27 14:16 - 01050296 _____ () \\?\C:\Users\strangelet\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-27 14:16 - 2016-08-27 14:16 - 03793080 _____ () \\?\C:\Users\strangelet\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-27 14:16 - 2016-08-27 14:16 - 00894136 _____ () \\?\C:\Users\strangelet\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2014-09-30 00:00 - 2014-09-30 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll
2014-09-30 00:00 - 2014-09-30 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll
2013-03-14 22:19 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-25 03:29 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 03:29 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\strangelet\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-06 13:51 - 2016-10-06 13:51 - 00170496 _____ () \\?\C:\Users\strangelet\AppData\Local\Temp\5456.tmp.node
2016-09-16 23:39 - 2016-09-16 23:39 - 02022072 _____ () \\?\C:\Users\strangelet\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-10-03 22:37 - 2016-09-25 04:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-03 22:37 - 2016-09-25 04:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2013-03-22 00:23 - 2013-03-22 00:23 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b6584c7e1f3d6d28c1a2b189a5d8831f\IsdiInterop.ni.dll
2013-03-22 00:23 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-22 00:22 - 2012-05-10 16:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\strangelet:Heroes & Generals [38]
AlternateDataStreams: C:\Users\strangelet\Local Settings:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local\Application Data:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local\Temp:DbqbzAGYmUV2lkHSKRuceVaeG [2140]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-10-06 13:42 - 00000826 ___RA C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2473766996-3344577932-1833207240-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2D07B16A-F36C-4B4D-B53C-06295FA136E5}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Block) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [UDP Query User{9601701F-E6A2-480B-AC44-BBB04A01B7A7}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Block) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [{6D062549-76B0-4847-A84F-0FB88D03C295}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{389CBCD8-08ED-466B-AD82-B6D3AC0BA0C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{2E295D71-2B23-4C60-8CC7-EE7425866431}C:\udk\udk-2012-07\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C15822A-EBE4-45DB-9976-2BF10C64FF2E}C:\udk\udk-2012-07\binaries\win32\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win32\udk.exe
FirewallRules: [{26D08FE2-C610-4490-A2B6-3E63CE1090AC}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{213DF5D6-08F8-4F87-A484-D4758A9CF5D5}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [TCP Query User{C016B197-0CB6-402F-9F51-B71361235A05}C:\udk\udk-2012-07\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win64\udk.exe
FirewallRules: [UDP Query User{7D88CC97-2CF7-4432-948D-D9C5489C88B4}C:\udk\udk-2012-07\binaries\win64\udk.exe] => (Allow) C:\udk\udk-2012-07\binaries\win64\udk.exe
FirewallRules: [TCP Query User{A16A2825-F374-4191-A7D3-182C64E4385A}C:\users\strangelet\desktop\pixelripperv3.2\pixelripper.exe] => (Allow) C:\users\strangelet\desktop\pixelripperv3.2\pixelripper.exe
FirewallRules: [UDP Query User{D031887D-2A17-41BF-B967-66E21D0CAF69}C:\users\strangelet\desktop\pixelripperv3.2\pixelripper.exe] => (Allow) C:\users\strangelet\desktop\pixelripperv3.2\pixelripper.exe
FirewallRules: [TCP Query User{EA66B548-D63E-4C31-B5EE-C1F4975FDBCC}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{1EC810A8-B046-4FDB-9161-4E1D7C41D28D}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{F2D0290F-BE64-48FB-A7CE-33227048017F}K:\udk\ps-2012-07\binaries\win64\udk.exe] => (Allow) K:\udk\ps-2012-07\binaries\win64\udk.exe
FirewallRules: [UDP Query User{791F9C65-3FF2-4433-AB53-9B755F2039AA}K:\udk\ps-2012-07\binaries\win64\udk.exe] => (Allow) K:\udk\ps-2012-07\binaries\win64\udk.exe
FirewallRules: [{5768A809-0E3A-4BB9-B9D8-04833370FCFB}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{2DA6D2F7-FC91-4293-ABA6-42843051703A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{C4002E38-28EF-4DE3-9860-083B67A6052C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{9DCC86DE-530C-4E6C-8C36-D4104FBB5F03}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{11438210-8183-48A8-91C0-9B0286DD8F81}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{0EAA8962-B307-4777-8496-F777731027E8}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [TCP Query User{D01425A0-11DA-4B38-9AF1-670152775D66}C:\users\strangelet\documents\vuze downloads\adobe tool v3.3\adobetool.exe] => (Allow) C:\users\strangelet\documents\vuze downloads\adobe tool v3.3\adobetool.exe
FirewallRules: [UDP Query User{DDF27A0D-4D08-4694-BF5A-F952E639904D}C:\users\strangelet\documents\vuze downloads\adobe tool v3.3\adobetool.exe] => (Allow) C:\users\strangelet\documents\vuze downloads\adobe tool v3.3\adobetool.exe
FirewallRules: [TCP Query User{A3059ABA-41C0-4E60-8B6B-9B6E28A0215A}K:\udk\ps-2012-07\binaries\swarmagent.exe] => (Allow) K:\udk\ps-2012-07\binaries\swarmagent.exe
FirewallRules: [UDP Query User{CA7C8049-D719-41FC-915E-678305F26EEC}K:\udk\ps-2012-07\binaries\swarmagent.exe] => (Allow) K:\udk\ps-2012-07\binaries\swarmagent.exe
FirewallRules: [{A300EEE2-B9C7-4F40-B997-076B3726D790}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{356CB9A7-5B26-45E4-B36B-E1F438BB9601}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [TCP Query User{98642445-514B-4928-84AF-6D0DD3309B57}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{D724463C-DDD0-46F1-A374-FCE2EEB387AF}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{C97A33D5-21F5-43FE-AF37-06A98B84D62E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{627CD4A3-7C5D-4AE8-A5DE-49BCDCDE5FCD}C:\program files (x86)\adobe\adobe flash cs5\flash.exe] => (Allow) C:\program files (x86)\adobe\adobe flash cs5\flash.exe
FirewallRules: [UDP Query User{31244620-2FCF-4E22-8CD6-6C577406465D}C:\program files (x86)\adobe\adobe flash cs5\flash.exe] => (Allow) C:\program files (x86)\adobe\adobe flash cs5\flash.exe
FirewallRules: [TCP Query User{400C07DC-8781-4BBD-9ECC-1A0A0B621909}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{64A74D8E-3A43-4A01-B750-AC0C30F41D68}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{303D7828-4519-46C7-843D-2DD1CB1AF2B1}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{C24F6E56-1C2E-4B21-899A-15B06CD078E0}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
FirewallRules: [{0579541A-13C9-4FB5-B24C-170C1B4E0A9F}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{B19A0F1E-4F75-4599-A02A-A9BB8FA9B8A3}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64.exe
FirewallRules: [{19F75AB5-7CC5-4FBC-AA1D-AEF81334FBE5}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{9ED0E0D0-7FFD-43C6-A016-7A87B731B951}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2013\3dsmax.exe
FirewallRules: [{0CBDE6DA-773A-4CF6-B0B1-6233391BA4E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{C7B477B1-1631-4BB6-BCBD-456867658516}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [TCP Query User{89E33F9F-D2C9-4228-8056-5D06E02AC07F}C:\users\strangelet\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\strangelet\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DDD0D26A-87A3-4C9C-BEF5-13017ADFDE02}C:\users\strangelet\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\strangelet\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8FC3E830-57EA-4512-A5FA-C18E9618EEEC}K:\udk\ps-2012-07\binaries\swarmcoordinator.exe] => (Allow) K:\udk\ps-2012-07\binaries\swarmcoordinator.exe
FirewallRules: [UDP Query User{B91378A0-F60B-4EBB-844D-738B1C9AFC46}K:\udk\ps-2012-07\binaries\swarmcoordinator.exe] => (Allow) K:\udk\ps-2012-07\binaries\swarmcoordinator.exe
FirewallRules: [TCP Query User{1C611C5E-C791-4900-9661-4E8458AD0013}F:\steamlibrary\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) F:\steamlibrary\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
FirewallRules: [UDP Query User{EE34874A-7BB3-414B-8A98-A74BD9CD3C2B}F:\steamlibrary\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) F:\steamlibrary\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
FirewallRules: [{5BBD6DD5-AFA2-40F4-9819-8D5674BB3FC2}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{9919C326-DCFA-4458-A698-44A02073C456}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [TCP Query User{4DAC7C47-4597-425D-B259-DCEE1DE8BCC9}F:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) F:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{D997C40E-2D36-4201-B6C9-A07AD1BB7AF5}F:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) F:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{F88E5FE5-CE13-4FEC-81C6-A103C30797AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2007B075-260C-4365-A3DB-2F9EC500ECA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [TCP Query User{2340FD30-56B4-4CB1-A97A-200ED8D8175A}F:\steamlibrary\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe] => (Allow) F:\steamlibrary\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe
FirewallRules: [UDP Query User{878E869F-FC50-40D5-A401-9CACBB6E12A2}F:\steamlibrary\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe] => (Allow) F:\steamlibrary\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe
FirewallRules: [TCP Query User{0E51407D-6B93-4ECB-BD8D-3375D5099D70}F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird_dx11.exe] => (Allow) F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{72827576-13D2-420A-AE09-C4D5B9167E2E}F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird_dx11.exe] => (Allow) F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{C6B2CCF4-EBFD-469F-ADAE-FB27C8A8B234}F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird.exe] => (Allow) F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{5E3BCD29-1471-4E66-A5A8-0C60711B5F2E}F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird.exe] => (Allow) F:\steamlibrary\steamapps\common\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{BAD53B15-B51F-48B3-BBF5-914471C4F468}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe
FirewallRules: [UDP Query User{C4D07DD7-CF7A-4B2B-AC9D-14D45510BDCD}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe
FirewallRules: [{BD90DFCA-9F36-433C-A5ED-5DF960AA296E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Need For Speed Shift\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{3ACCEF27-5FAC-49AB-B1A1-13BF0FB22D22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Need For Speed Shift\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{6D3DCCAB-0C19-4315-8F34-A8BC7CF128FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{C5AB62B5-1FDD-405C-81F9-6EE30DC68C28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [TCP Query User{2A547A56-6065-4F45-A820-4C29DC19EEA9}F:\steamlibrary\steamapps\common\maniaplanet_tmvalley\maniaplanet.exe] => (Allow) F:\steamlibrary\steamapps\common\maniaplanet_tmvalley\maniaplanet.exe
FirewallRules: [UDP Query User{0B1C9EF0-5C85-4A83-93FA-63AB71538057}F:\steamlibrary\steamapps\common\maniaplanet_tmvalley\maniaplanet.exe] => (Allow) F:\steamlibrary\steamapps\common\maniaplanet_tmvalley\maniaplanet.exe
FirewallRules: [{33AE992E-18DF-4D6F-9146-DD2605384D77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{CD3C7E40-87A2-4651-80CB-E61241727C34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{2E0886DB-FF09-4F85-9C51-4250BE1D6AB8}] => (Allow) K:\UDK\Binaries\Win32\UDK.exe
FirewallRules: [{38B90C50-C238-493E-B769-D27826AA0247}] => (Allow) K:\UDK\Binaries\Win32\UDK.exe
FirewallRules: [{B79E528D-8911-4481-9254-4C8507C8BD4B}] => (Allow) K:\UDK\Binaries\Win64\UDK.exe
FirewallRules: [{8FBCC609-C147-42CE-876B-85F8D6C589FF}] => (Allow) K:\UDK\Binaries\Win64\UDK.exe
FirewallRules: [{20B80077-1F36-4BF7-BBC9-F3DD5ED2705E}] => (Allow) K:\UDK\UDK-2013-07\Binaries\Win32\UDK.exe
FirewallRules: [{71E8F627-0A20-47D7-B530-FC7BE8D45F1E}] => (Allow) K:\UDK\UDK-2013-07\Binaries\Win32\UDK.exe
FirewallRules: [{EE937BD7-B66E-4D22-BFE9-AAA499B2E038}] => (Allow) K:\UDK\UDK-2013-07\Binaries\Win64\UDK.exe
FirewallRules: [{22807C73-7760-4C59-B581-AD5336993F1D}] => (Allow) K:\UDK\UDK-2013-07\Binaries\Win64\UDK.exe
FirewallRules: [TCP Query User{4986438B-C3C8-4126-A638-4ED11EFA3044}C:\program files\allegorithmic\substance\player\3.x\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance\player\3.x\substance_player.exe
FirewallRules: [UDP Query User{EF3C9A19-D034-4694-B0DC-E0B3BD604089}C:\program files\allegorithmic\substance\player\3.x\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance\player\3.x\substance_player.exe
FirewallRules: [TCP Query User{94FD1217-ACEB-468E-8283-5FF99195EDD2}K:\udk\ps-2012-07\binaries\win32\udk.exe] => (Allow) K:\udk\ps-2012-07\binaries\win32\udk.exe
FirewallRules: [UDP Query User{97EB442B-C028-4548-981B-9203635F4A3A}K:\udk\ps-2012-07\binaries\win32\udk.exe] => (Allow) K:\udk\ps-2012-07\binaries\win32\udk.exe
FirewallRules: [TCP Query User{408318D0-CEC3-40B6-B65C-DCAB0232A3B4}F:\angelsfallfirst\binaries\win32\udk.exe] => (Allow) F:\angelsfallfirst\binaries\win32\udk.exe
FirewallRules: [UDP Query User{937948A1-984F-4C6A-9606-958CDF5ED2C5}F:\angelsfallfirst\binaries\win32\udk.exe] => (Allow) F:\angelsfallfirst\binaries\win32\udk.exe
FirewallRules: [TCP Query User{A92568BB-1EA3-4102-B71E-17DA9EC16DBC}F:\myth2\myth ii.exe] => (Block) F:\myth2\myth ii.exe
FirewallRules: [UDP Query User{8E5921C5-75C3-4EAB-A83E-C1A71EBE5EBB}F:\myth2\myth ii.exe] => (Block) F:\myth2\myth ii.exe
FirewallRules: [TCP Query User{9DF36A7B-EEB0-48CC-B076-A27D32DEEA47}K:\rocket\engine\binaries\win64\rocketeditor.exe] => (Allow) K:\rocket\engine\binaries\win64\rocketeditor.exe
FirewallRules: [UDP Query User{CF7369C8-09EE-4082-924D-536FD4420F2A}K:\rocket\engine\binaries\win64\rocketeditor.exe] => (Allow) K:\rocket\engine\binaries\win64\rocketeditor.exe
FirewallRules: [{96256A3E-2859-4E33-ACE9-CF393BA28AE7}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [TCP Query User{7A4E0255-6738-4D0D-ACF1-AC366956580F}K:\rocket\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\rocket\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{6AB83B4D-0F2D-49EA-AE43-8251D2306328}K:\rocket\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\rocket\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{05A538E3-E024-4E2B-B649-D5274930B865}C:\users\strangelet\desktop\xonotic\xonotic-x64.exe] => (Allow) C:\users\strangelet\desktop\xonotic\xonotic-x64.exe
FirewallRules: [UDP Query User{94CE13C3-C8E5-46F3-95A5-6FFE12ECA549}C:\users\strangelet\desktop\xonotic\xonotic-x64.exe] => (Allow) C:\users\strangelet\desktop\xonotic\xonotic-x64.exe
FirewallRules: [TCP Query User{F5E3C315-A71D-4228-8892-DC35A0AD0EE5}F:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{B0B71891-E0B4-4D60-A592-AFCC1771A1F9}F:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{78233FAA-4AF1-49C5-8B3F-B6C866CA869D}F:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{A72CAC71-7B8E-4F86-A285-3DEDAB3D8E69}F:\steamlibrary\steamapps\common\war thunder\launcher.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{193A6B93-9332-4C3D-B60A-D8EFED0A204F}K:\udk\udk-2013-07\binaries\swarmagent.exe] => (Allow) K:\udk\udk-2013-07\binaries\swarmagent.exe
FirewallRules: [UDP Query User{6FBE2F0F-072F-4C14-98C9-43195B110C10}K:\udk\udk-2013-07\binaries\swarmagent.exe] => (Allow) K:\udk\udk-2013-07\binaries\swarmagent.exe
FirewallRules: [TCP Query User{248A003D-2FFB-4261-A532-5CDD22858134}K:\udk\udk-2013-07\binaries\swarmcoordinator.exe] => (Block) K:\udk\udk-2013-07\binaries\swarmcoordinator.exe
FirewallRules: [UDP Query User{F5E6E3C3-930B-4579-857F-7485B6AC0D1D}K:\udk\udk-2013-07\binaries\swarmcoordinator.exe] => (Block) K:\udk\udk-2013-07\binaries\swarmcoordinator.exe
FirewallRules: [{DFEBD95D-EC6D-4326-8F1E-F661FD26A5A6}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{8702128F-4412-4606-BC4E-5E5A5851ED32}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{899E7697-B4A4-430D-A97C-AAEEDCC85DDF}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{0923B888-2DF9-4A73-A106-E08D42747F72}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{31E0214B-274E-4F12-98CB-D953843D5061}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{7D57D164-B156-49C4-9045-4858F794B982}F:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) F:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{6EC4F3D2-B6EF-454E-80A9-3B8DF89DD732}F:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) F:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{CFF51E20-E8C1-4BAA-AA2F-2C774C4531EE}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe
FirewallRules: [UDP Query User{B4A199A1-569F-49CB-8A44-CE279D35D314}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe
FirewallRules: [{02F27980-55E2-4E48-89A9-587FE3C918AF}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{3615A051-D277-4E9F-8A88-19D05CC24641}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{D7DC9A5F-7740-466E-8794-CDE6CAB77BBE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9ED8AE8F-0F73-434B-B699-89BD5CCD8CD2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3A766411-8162-4C8D-97F2-1C44FEDA158C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{69E151E8-5A0C-443D-B7E7-1F0E882C65D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{958CD37A-9810-43E6-BBED-0F092BB920C7}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{DDC20C50-8D0F-412A-BF05-0742C0724650}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{B334BB97-AA92-4D63-8211-BB5D3C0FA82A}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F0AB468A-3B0A-422E-B1B1-0FF39D3058E2}] => (Allow) F:\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{2E9631E6-A6E7-4608-B8C4-04EF995F3312}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{CB3B6B0F-35DF-47D9-9A16-424F899E65D5}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{7954E301-6994-4134-BBBB-DAE55D05E686}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{C6AA2E7C-BDF6-41E6-80D5-25940B21251E}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{722B4F4F-6DEC-4A57-94BE-11540EE90D1C}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{7C9E3096-F28F-4FE9-A600-C7AABB87DFEA}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{2C8489ED-328C-4031-886B-7C4EFD6705C8}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{F640492F-0444-4F05-8834-DAF4E55103E7}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{FE20C93E-66EF-4687-8584-B43D587C53D3}] => (Allow) F:\SteamLibrary\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{D34FE578-FCED-470F-AA81-9C9C2555648A}] => (Allow) F:\SteamLibrary\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{2579606C-F6EA-4A04-AB9B-E4DAB39C89B0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{8ACD36F3-1E82-4E3F-81B6-B88E7AD01428}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FC055773-E8E2-437B-A6EC-55862911288C}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{C34DF6E3-FC8D-47B9-B5C8-B80E470AD45C}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{607EB6C1-872A-46AA-B17D-D4357AE0FE65}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{86AB17E2-C2F9-431A-87F2-0C4F92B72173}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{34614F27-4D7B-4D17-A31C-5EE48A7607FF}] => (Allow) F:\SteamLibrary\SteamApps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe
FirewallRules: [{32A1CEE1-FE80-473A-AF69-A1DCA75A6EBC}] => (Allow) F:\SteamLibrary\SteamApps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe
FirewallRules: [{381FD440-D64A-467B-8748-804255B550DC}] => (Allow) F:\SteamLibrary\SteamApps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe
FirewallRules: [{D556A2E7-928D-4706-99A1-7C4554363594}] => (Allow) F:\SteamLibrary\SteamApps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe
FirewallRules: [{571AB8CB-5B88-4F9C-BB6F-89E2C7DE777C}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{B4E38D35-CA1B-4F50-B545-CBEAF9590469}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{D636876C-6346-4082-83DF-A08AE18ED296}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{E10E49FC-EAA6-4555-8502-B73E308BDF39}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{17A6A171-6BFE-4F61-8FB1-7C9173BA49E2}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{BA274B8D-5D08-43FD-B110-63D92E7C0E14}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{5E6D967A-5ABC-4782-A063-7BEC117C49DD}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{352499C7-CDFD-48CD-BB9A-EB53717A5102}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{FC3CB98E-E488-4E36-A1A9-BD661ED8A4D5}] => (Allow) F:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3E0F50D3-EB76-4A14-9E92-70DFAD4B1523}] => (Allow) F:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{0F0F76F7-5A48-4835-9774-4692BF8B950F}] => (Allow) F:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{48234C44-163C-434B-B585-2C7A5D4216DB}] => (Allow) F:\SteamLibrary\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7EF470DD-B30D-41F9-9526-EAA03FA2C1E3}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{5E6C4B44-98D2-4F0F-A770-E0BE2C912451}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{DAAFB246-1BD7-46E6-94D4-F29AB9CA971A}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{EF38AE9E-E5C1-4A51-B7F6-13C4A19A064B}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{62AC9B7C-B8CA-4752-A0B8-82882E47B167}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{B51C8629-F5E8-4F0B-BEF1-C2912253F13A}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{68A038C7-76BE-4291-A669-F69E2BE303B1}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{59BA4758-BBDF-4CE6-AB7A-F49A7ECD694C}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{012AB150-BF38-4961-B35C-BEFD56ED51F8}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{E49ED477-C824-4CB2-B275-282D2002996B}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{42FE6B23-DB4F-488C-BB63-D1F4B927B5FB}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{DDFDC9A5-C034-4070-8BBD-41BC9502B5C2}] => (Allow) F:\SteamLibrary\SteamApps\common\Just Cause 2 - Multiplayer Dedicated Server\JcmpServer.exe
FirewallRules: [{90398139-8A07-4099-839C-52D636B7E025}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{5C490EB9-5B71-482D-9ADF-6C6BF21B0F13}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{53B58295-3F96-4020-AD38-EFB9AD9B8EED}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{79771AA1-7684-4B1A-AE8D-EE557978530B}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{ADB80ACD-575A-4954-A81E-D6F722496516}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{3360EE19-9760-4821-A5AF-D68E5615DF7B}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{8E735F60-8E19-4DF3-A36D-608DB8A5AFF0}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{BC4B9F35-63F2-4A3D-AB4F-AE63903C6A00}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{6608547A-3731-41EE-BB59-12A42255368E}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{60C88397-EB4A-4937-A429-581B26AA0A87}] => (Allow) F:\SteamLibrary\SteamApps\common\star conflict\game.exe
FirewallRules: [{412608D8-F4CD-4CEE-AFB7-6D73574CC5C7}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{C4713761-9055-48A2-8BE3-EDF949BE6BF3}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{7854264C-F095-4E31-AAB7-A348C7A5BF18}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{3904ACE2-8B56-49AF-B54E-7B3638D2D277}] => (Allow) F:\SteamLibrary\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{19CB9365-66E7-4A3B-957B-99A0B1337D8F}] => (Allow) F:\SteamLibrary\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{DCF73BF0-744B-414B-B145-C08DE451C605}] => (Allow) F:\SteamLibrary\SteamApps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{775DBF7B-C206-48C3-ACB6-37388048ED69}] => (Allow) F:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{550BD302-DB68-408E-BB2E-33DCE474EEB5}] => (Allow) F:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{2DB5EEDC-2220-493A-B07A-E4D8481378C9}] => (Allow) F:\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{809DBD59-7EBA-4450-9914-A1B935CBAD08}] => (Allow) F:\SteamLibrary\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{20A34EEA-E6AC-4399-8641-60419F044D80}] => (Allow) F:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{6DD8486E-5DF8-42E4-97B0-DAB5BD89A0E0}] => (Allow) F:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [TCP Query User{F212AFEB-8EFA-414E-84BC-9C027DEBFB66}F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\gamesdk.exe] => (Allow) F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\gamesdk.exe
FirewallRules: [UDP Query User{589673CC-D67B-4EEA-AEB2-247DF6513E6D}F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\gamesdk.exe] => (Allow) F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\gamesdk.exe
FirewallRules: [TCP Query User{80BDC37B-D6EC-4818-BC48-0B0BAF12A260}F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\editor.exe] => (Allow) F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\editor.exe
FirewallRules: [UDP Query User{F7E024B1-7A7C-49F3-A67B-D4D3C73F4BD5}F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\editor.exe] => (Allow) F:\cryengine_build_pc_v3_5_7_2135_freesdk\bin64\editor.exe
FirewallRules: [{C853F459-E2B1-4B6C-9BB1-D9CE1E238708}] => (Allow) F:\Angels Fall First\Binaries\Win32\UDK.exe
FirewallRules: [{94049810-EBC8-4155-AF42-7139AE74A1FF}] => (Allow) F:\Angels Fall First\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{87CBA8E6-3EE3-43E5-9F8E-17B667869336}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{46902BFD-0E15-419A-B8BE-2AD0FB67260C}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{C99B1137-1291-4C42-8F6D-3FCFBCF9E3C8}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{7050C793-1490-4E8C-A978-0C3338C30A5C}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{CA314424-A56A-4830-AB1F-B1F0503BF674}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{79C4DAE1-4012-40F8-BDCA-6D01E32C83B1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B7FF0785-4409-46DC-ABB8-20996A0EF5CB}C:\users\strangelet\desktop\v1\2aw.exe] => (Allow) C:\users\strangelet\desktop\v1\2aw.exe
FirewallRules: [UDP Query User{9320295C-3356-4B43-A3ED-249AD029683C}C:\users\strangelet\desktop\v1\2aw.exe] => (Allow) C:\users\strangelet\desktop\v1\2aw.exe
FirewallRules: [TCP Query User{8AC615C1-AA2B-461A-AA47-981BA69CCD39}C:\users\strangelet\downloads\ironangelsbuild\ironangelsbuild\ia.exe] => (Allow) C:\users\strangelet\downloads\ironangelsbuild\ironangelsbuild\ia.exe
FirewallRules: [UDP Query User{55BA0135-54C5-47BC-AEAE-0B5D293F445F}C:\users\strangelet\downloads\ironangelsbuild\ironangelsbuild\ia.exe] => (Allow) C:\users\strangelet\downloads\ironangelsbuild\ironangelsbuild\ia.exe
FirewallRules: [TCP Query User{E01E1287-1EFF-492C-B857-C2AA5FE12C60}C:\users\strangelet\desktop\ironangelsbuild\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangelsbuild\ia.exe
FirewallRules: [UDP Query User{730E9EA3-6F79-4FBB-AF3F-CD3B6C165469}C:\users\strangelet\desktop\ironangelsbuild\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangelsbuild\ia.exe
FirewallRules: [TCP Query User{54E9FBF0-EF80-45A1-A1D1-2F5864563261}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Block) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [UDP Query User{5712F058-A851-48EF-9FA2-25A1AE04DB4D}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Block) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [TCP Query User{00793DB0-C70C-4C3E-9A96-BE1A2A8F657E}C:\users\strangelet\desktop\ironangles-master\iabuild.exe] => (Allow) C:\users\strangelet\desktop\ironangles-master\iabuild.exe
FirewallRules: [UDP Query User{BA5F4FB6-A320-45FA-92E0-536CD5DC51F3}C:\users\strangelet\desktop\ironangles-master\iabuild.exe] => (Allow) C:\users\strangelet\desktop\ironangles-master\iabuild.exe
FirewallRules: [TCP Query User{8D4345BC-16EE-4C12-A0F9-C21454600AD2}K:\udk\udk-2013-07\binaries\win64\udk.exe] => (Allow) K:\udk\udk-2013-07\binaries\win64\udk.exe
FirewallRules: [UDP Query User{5FC0969C-11B5-474B-8B16-E1979C8F2180}K:\udk\udk-2013-07\binaries\win64\udk.exe] => (Allow) K:\udk\udk-2013-07\binaries\win64\udk.exe
FirewallRules: [TCP Query User{CAB88423-9525-461B-B527-284D3E81CB59}C:\users\strangelet\desktop\ironangles\trunk\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangles\trunk\ia.exe
FirewallRules: [UDP Query User{BC6B92BC-F94E-477A-ABA1-23DD7F527705}C:\users\strangelet\desktop\ironangles\trunk\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangles\trunk\ia.exe
FirewallRules: [{7AF1EB86-C835-4B91-ACFB-D3912AA6E9AD}] => (Allow) F:\SteamLibrary\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{00B576F9-1B8E-48DA-8BB7-D65209F7DFBE}] => (Allow) F:\SteamLibrary\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{6CD6F293-3807-4D9E-9741-1CF0822D17AA}] => (Allow) F:\SteamLibrary\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{DEE43C11-0839-44CB-81B1-7A3A98A2E816}] => (Allow) F:\SteamLibrary\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{2DCA3373-ECD4-4718-B249-B170E27C863F}] => (Allow) F:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{27B7D37C-9DA1-4E9B-94AD-6F8D8DA2B9B7}] => (Allow) F:\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{8F2EFBEE-0955-4B0E-92C5-FFC8CA831BF9}F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{697EB81D-BBD6-4B87-BBDB-780A347E35F0}F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) F:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{8AD24A62-C4B6-47F2-85C0-274D8D368575}] => (Allow) F:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{13F0760E-2EB8-461F-B4C0-106C10C4DA57}] => (Allow) F:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A48B18CE-338E-4B99-81C6-E5F45E013BDA}] => (Allow) C:\UDK\Angels Fall First\Binaries\Win32\UDK.exe
FirewallRules: [{265C7DA8-B55E-4022-A8E7-C360DAC5C301}] => (Allow) C:\UDK\Angels Fall First\Binaries\Win32\UDK.exe
FirewallRules: [{4CB917EA-A97E-4CA8-A5ED-778897A8E087}] => (Allow) F:\SteamLibrary\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{6110F9A4-FB04-48AD-BD86-8BA332F666B4}] => (Allow) F:\SteamLibrary\SteamApps\common\Stalker Call of Pripyat\Stalker-COP.exe
FirewallRules: [{D6A0B719-7903-4F46-84FF-B07CF0F27AEA}] => (Allow) F:\SteamLibrary\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{9285217E-9093-4A33-8195-B378F10A36A3}] => (Allow) F:\SteamLibrary\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{9483E898-DDF2-4A16-B082-27F2030C76A0}] => (Allow) F:\SteamLibrary\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [{AE02E524-6ABA-4C78-9405-92880DEBCE0F}] => (Allow) F:\SteamLibrary\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [TCP Query User{97A98111-5213-4CDF-A9CD-5AB832C25026}C:\users\strangelet\desktop\ironangels\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangels\ia.exe
FirewallRules: [UDP Query User{98DF3715-0C1B-4522-951F-14DE5CFE9B47}C:\users\strangelet\desktop\ironangels\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangels\ia.exe
FirewallRules: [{8EA1A031-3EA8-4DF8-98C3-2EE1BF15764C}] => (Allow) F:\SteamLibrary\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{47B4F749-B602-446E-BC99-77AF4B8311C2}] => (Allow) F:\SteamLibrary\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{C5340F8D-0B41-4C88-A07D-C9A89D85DF61}] => (Allow) F:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe
FirewallRules: [{FC038BFE-DD2E-4382-9C17-0BFF2AC1852A}] => (Allow) F:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe
FirewallRules: [TCP Query User{3193A691-F654-4B47-9039-A9809C00ED77}C:\users\strangelet\desktop\ironangels\trunk\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangels\trunk\ia.exe
FirewallRules: [UDP Query User{ACE09A84-7E04-4E94-BE6F-FC55A537931E}C:\users\strangelet\desktop\ironangels\trunk\ia.exe] => (Allow) C:\users\strangelet\desktop\ironangels\trunk\ia.exe
FirewallRules: [{C2146196-60BC-46CB-8BBE-3343CF94055D}] => (Allow) F:\SteamLibrary\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{607D8BA1-C4D8-4FF3-AEA9-06BCC62A4156}] => (Allow) F:\SteamLibrary\SteamApps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{181B5373-8E18-48A9-B3F6-7C72A4798450}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BE558879-C47A-4B60-8AD6-8C232CAAA70D}] => (Allow) F:\SteamLibrary\SteamApps\common\F1 2010\f1_2010.exe
FirewallRules: [{E9071B04-9C83-46C8-803B-19A21F6861B8}] => (Allow) F:\SteamLibrary\SteamApps\common\F1 2010\f1_2010.exe
FirewallRules: [TCP Query User{052BD778-4D89-4773-A70C-F2D1850E430D}F:\steamlibrary\steamapps\common\f1 2010\f1_2010_game.exe] => (Block) F:\steamlibrary\steamapps\common\f1 2010\f1_2010_game.exe
FirewallRules: [UDP Query User{54C8AA21-5BE0-49AC-8124-BF8A320B6FDD}F:\steamlibrary\steamapps\common\f1 2010\f1_2010_game.exe] => (Block) F:\steamlibrary\steamapps\common\f1 2010\f1_2010_game.exe
FirewallRules: [{83B1EAD5-0D41-4D6C-8B2D-9A4998A8AC9A}] => (Allow) F:\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{6CCC090E-6526-46D2-BC7D-1970600E6610}] => (Allow) F:\SteamLibrary\SteamApps\common\Grid\grid.exe
FirewallRules: [{6C44D014-EFE0-4ECB-9BC5-7CAB28288E5D}] => (Allow) F:\SteamLibrary\SteamApps\common\Dirt 2\dirt2.exe
FirewallRules: [{F7793A8E-7335-4889-A655-5BB4316ED87F}] => (Allow) F:\SteamLibrary\SteamApps\common\Dirt 2\dirt2.exe
FirewallRules: [TCP Query User{5F0EAA22-A76F-42D9-A0B9-9EBC6D5F3049}F:\steamlibrary\steamapps\common\dirt 2\dirt2_game.exe] => (Allow) F:\steamlibrary\steamapps\common\dirt 2\dirt2_game.exe
FirewallRules: [UDP Query User{70A20EEB-9872-4644-9515-FFED5D710CBD}F:\steamlibrary\steamapps\common\dirt 2\dirt2_game.exe] => (Allow) F:\steamlibrary\steamapps\common\dirt 2\dirt2_game.exe
FirewallRules: [{A73BED1C-392B-4326-9798-F403CEDEA082}] => (Allow) F:\SteamLibrary\SteamApps\common\DCSWorld\Run.exe
FirewallRules: [{A1F3F377-FBAB-415E-B514-E6936F111C65}] => (Allow) F:\SteamLibrary\SteamApps\common\DCSWorld\Run.exe
FirewallRules: [{314B9B9F-EE01-4EC5-95FE-2C7C6684044C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Painter\Substance Painter.exe
FirewallRules: [{CE78054C-D796-446E-8BD7-96C675597F91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Painter\Substance Painter.exe
FirewallRules: [TCP Query User{A119F466-1202-4413-B00C-4BB66E1C3AC8}C:\program files (x86)\steam\steamapps\common\bitmap2material\bin64\player.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bitmap2material\bin64\player.exe
FirewallRules: [UDP Query User{B8E3B497-7CC1-457D-8A25-C4BBA397B886}C:\program files (x86)\steam\steamapps\common\bitmap2material\bin64\player.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bitmap2material\bin64\player.exe
FirewallRules: [TCP Query User{E8A76E46-E9AB-4FEB-A059-997EC778C001}C:\program files\allegorithmic\substance\player\4.x\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance\player\4.x\substance_player.exe
FirewallRules: [UDP Query User{AA544059-6DC3-42AB-AC66-C6F9C8C2248E}C:\program files\allegorithmic\substance\player\4.x\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance\player\4.x\substance_player.exe
FirewallRules: [{FCF14C18-BB19-4759-8F2B-46178AFF0D8C}] => (Allow) F:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{9650C561-24E9-4522-995A-3E6A702D435C}] => (Allow) F:\SteamLibrary\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [TCP Query User{722BD45D-9F9A-466A-9F93-BA515EC2A023}K:\udk\udk-2013-07\development\valhalla\val.exe] => (Allow) K:\udk\udk-2013-07\development\valhalla\val.exe
FirewallRules: [UDP Query User{88E91E40-F51A-422A-98E9-84807A3A7126}K:\udk\udk-2013-07\development\valhalla\val.exe] => (Allow) K:\udk\udk-2013-07\development\valhalla\val.exe
FirewallRules: [{6D79504C-616F-4D8C-A95D-2E482403E0A4}] => (Allow) F:\SteamLibrary\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{0B97D3D4-16CB-4312-B354-367E04DB58ED}] => (Allow) F:\SteamLibrary\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{81AE622B-B7CC-46C3-9486-380DAE2872E1}C:\nexon\library\dirtybomb\appdata\binaries\win32\shootergame-win32-shipping.exe] => (Allow) C:\nexon\library\dirtybomb\appdata\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [UDP Query User{F29A5CCB-C82B-4653-AA2D-4219EE3DE65A}C:\nexon\library\dirtybomb\appdata\binaries\win32\shootergame-win32-shipping.exe] => (Allow) C:\nexon\library\dirtybomb\appdata\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [{18A00B43-8BB8-4750-9942-FE2834480B32}] => (Allow) F:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{F32756B8-5C1D-4B8E-BE82-BB3CE2ADBB4E}] => (Allow) F:\SteamLibrary\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{E2A9877C-0F7A-4B3B-B1A4-7B69E6E789CB}] => (Allow) F:\SteamLibrary\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{8721E022-1A8E-4A7F-A42D-8C8A7E5879C6}] => (Allow) F:\SteamLibrary\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{21055150-62C3-4DFE-BE3C-4735677FEB83}] => (Allow) F:\SteamLibrary\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{DA03EC6C-E09F-408A-862D-24554A58E30A}] => (Allow) F:\SteamLibrary\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{FA108262-8E31-4BAF-B5A9-8071DDD6591C}] => (Allow) F:\SteamLibrary\SteamApps\common\Receiver\Receiver.exe
FirewallRules: [{042171CD-D8F5-48B5-89D9-552298691EF5}] => (Allow) F:\SteamLibrary\SteamApps\common\Receiver\Receiver.exe
FirewallRules: [TCP Query User{BAA7B9CB-6BDE-4709-8F2C-EB4F647804C3}F:\ue4\unreal engine\4.2\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.2\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{70DA1A81-591D-4C5F-AB4E-A19681411B42}F:\ue4\unreal engine\4.2\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.2\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{D956ED3D-C1CC-4960-A66F-B0480E862AC3}F:\ue4\unreal engine\4.2\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.2\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{45811042-86BC-4B75-993E-663BA53208D9}F:\ue4\unreal engine\4.2\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.2\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{A0B759E4-C0BA-473F-B474-7C86B22D0076}] => (Allow) LPort=82
FirewallRules: [{415ABC8F-AD36-4767-981F-F360817DDDF7}] => (Allow) F:\SteamLibrary\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{4CAF32C4-BCD8-413A-B4E8-9C8BB4B37864}] => (Allow) F:\SteamLibrary\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{7E45CA30-834B-41EE-AE21-A54FD17F1E02}] => (Allow) F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4BF2372A-BAB9-4A47-85A0-8BC6E1B6EA09}] => (Allow) F:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C977EB17-ACB6-4130-A1C6-840E01F06C96}] => (Allow) F:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{39F01F3D-0875-4D03-84BD-4CF2BE6D21C4}] => (Allow) F:\SteamLibrary\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4138DECC-4CFA-45A8-AF00-A886841F70E7}] => (Allow) F:\AFFinstall\Binaries\Win32\UDK.exe
FirewallRules: [{26FAD797-C1DE-43DD-9CD0-08A7974D077A}] => (Allow) F:\AFFinstall\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{92BD2B0A-6723-42FC-93B6-FC83CE2A6231}F:\ue4\unreal engine\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{27B3C4BC-1CA4-4C7D-834B-CB1904F4FDD6}F:\ue4\unreal engine\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{BBC7F035-6EE4-4A84-B65A-1FF7425EA15D}F:\ue4\unreal engine\4.3\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.3\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{74E96DB9-1143-466F-9E93-0DBB019C57E9}F:\ue4\unreal engine\4.3\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.3\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{411525DC-7FAF-47CF-9061-BA77CD54490E}] => (Allow) F:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{E44A8C79-45E5-40BF-8A0C-1F5ED96510E1}] => (Allow) F:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{9520FA21-8159-464E-BA62-754E631AD336}] => (Allow) F:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{2E8ABB9B-EC18-4577-8312-C5FEE1D9F841}] => (Allow) F:\SteamLibrary\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{90D587E2-2C6B-47A9-9416-62C109374CC6}] => (Allow) F:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{BBDEBF75-DD91-4A01-B53B-EDBB70FE0AA4}] => (Allow) F:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{2BFE0CC9-2FB9-4815-81AD-88285BB1106D}] => (Allow) F:\SteamLibrary\SteamApps\common\Defiance\Patcher.exe
FirewallRules: [{EBE36AC0-498E-41A9-ABF2-57C8903BED19}] => (Allow) F:\SteamLibrary\SteamApps\common\Defiance\Patcher.exe
FirewallRules: [{12A994A7-B2A0-4EED-95A5-1E19F042FE3A}] => (Allow) F:\SteamLibrary\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{80BBFA17-6EB3-4A16-BA37-760DB57C7674}] => (Allow) F:\SteamLibrary\SteamApps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{F5406E81-87B1-41BE-8F79-3A58E03DF336}] => (Allow) F:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{06595C19-716E-40B7-8175-352EB4AE8BFF}] => (Allow) F:\SteamLibrary\SteamApps\common\raceroom racing experience\Game\RRRE.exe
FirewallRules: [{06FDC3E6-4CFD-4DEC-9118-874C4EA811FF}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{2E15476B-E40B-43A2-B669-8314419BFF3F}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{2E5FAFAE-B78C-46F8-AC7B-16B101EADD7A}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe
FirewallRules: [{CE9FE4C4-C134-4B0C-A199-8FE15AA563F7}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe
FirewallRules: [{72FDC008-D670-474C-9272-949C719B3975}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne\maxpayne.exe
FirewallRules: [{04BA6045-B77F-4F87-A97E-7EFE917464D9}] => (Allow) F:\SteamLibrary\SteamApps\common\Max Payne\maxpayne.exe
FirewallRules: [{AF17911A-48FF-4303-BE85-2707536A2500}] => (Allow) F:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{5201433D-1902-4420-90F4-9845C1666017}] => (Allow) F:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{91A44DBE-E7E3-4103-9750-C75C2B0CA9A2}] => (Allow) F:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8F4E1764-7438-4D29-AFD5-9E81BE7EDBDC}] => (Allow) F:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{95A7206D-653B-4A83-88F0-9EFA853589D1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{340EFAE4-6BB3-4122-AF3D-4BCBB2A8557A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{384DF7AF-054C-460D-BAD2-7C8D14740136}] => (Allow) F:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{F7A9311F-637E-465B-8E29-FD4CCE899BA1}] => (Allow) F:\SteamLibrary\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{9FE1AEF4-75F1-4751-9320-2CBA0D405584}D:\unreal 4\4.4\engine\binaries\win64\ue4editor.exe] => (Allow) D:\unreal 4\4.4\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{69A6A420-F3C8-4B7A-A991-62567C83DB5D}D:\unreal 4\4.4\engine\binaries\win64\ue4editor.exe] => (Allow) D:\unreal 4\4.4\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{A12C175B-49BD-48B1-9182-A952092F9A8A}K:\ue3\affue3\binaries\win64\affgame.exe] => (Allow) K:\ue3\affue3\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{0FD023AF-1E4B-4451-B2BA-27836273F3CC}K:\ue3\affue3\binaries\win64\affgame.exe] => (Allow) K:\ue3\affue3\binaries\win64\affgame.exe
FirewallRules: [TCP Query User{59DCB133-F14E-4A84-AD5A-D90E03772923}D:\unreal 4\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) D:\unreal 4\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{912A3890-208F-42D6-8CF1-DC52E4DA5867}D:\unreal 4\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) D:\unreal 4\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{72F14630-C22B-47DF-8CD1-35664FD6AE0F}D:\affsetorian\setorian_build\windowsnoeditor\affsetorian\binaries\win64\affsetorian.exe] => (Allow) D:\affsetorian\setorian_build\windowsnoeditor\affsetorian\binaries\win64\affsetorian.exe
FirewallRules: [UDP Query User{8512F06A-CAEA-49EA-BAB3-DBC51D241712}D:\affsetorian\setorian_build\windowsnoeditor\affsetorian\binaries\win64\affsetorian.exe] => (Allow) D:\affsetorian\setorian_build\windowsnoeditor\affsetorian\binaries\win64\affsetorian.exe
FirewallRules: [TCP Query User{ADC33720-E4F2-4D84-960D-F049886EACD6}K:\ue4\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{5423A9A5-8265-4FD8-8238-8C11A0AD8A71}K:\ue4\4.3\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.3\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{E9BB4F15-2635-4883-AD0C-0B6EC682EC91}K:\ue4\4.3\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\ue4\4.3\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{95858243-77BF-4DD7-87ED-79C7FFC51DC4}K:\ue4\4.3\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\ue4\4.3\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{E4DEEEA2-00C7-4654-9AF7-49A0F45F55FE}C:\program files\allegorithmic\atlantis\substanceatlantis\atlantis\binaries\win64\atlantis.exe] => (Allow) C:\program files\allegorithmic\atlantis\substanceatlantis\atlantis\binaries\win64\atlantis.exe
FirewallRules: [UDP Query User{BBD1CA1E-7333-40D7-842E-3FB862D2ED21}C:\program files\allegorithmic\atlantis\substanceatlantis\atlantis\binaries\win64\atlantis.exe] => (Allow) C:\program files\allegorithmic\atlantis\substanceatlantis\atlantis\binaries\win64\atlantis.exe
FirewallRules: [TCP Query User{3C6DD21D-945F-4440-A084-CAB9012651AA}C:\users\strangelet\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\users\strangelet\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [UDP Query User{B098D3A5-ACBA-4C7A-89C8-122AACBC915D}C:\users\strangelet\documents\starcitizen\citizenclient\bin64\starcitizen.exe] => (Allow) C:\users\strangelet\documents\starcitizen\citizenclient\bin64\starcitizen.exe
FirewallRules: [TCP Query User{28EF8351-6BF3-45DF-81CA-1AC8D05DCC43}K:\ue4\4.4\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.4\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B9808F56-DC79-499B-A68B-073B6021D2D1}K:\ue4\4.4\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.4\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{1547E65F-2788-4206-9744-60C22FC2F335}C:\users\strangelet\desktop\marathon infinity\marathon infinity.exe] => (Allow) C:\users\strangelet\desktop\marathon infinity\marathon infinity.exe
FirewallRules: [UDP Query User{95D360D6-CA83-4597-B4D6-4664DAD38C72}C:\users\strangelet\desktop\marathon infinity\marathon infinity.exe] => (Allow) C:\users\strangelet\desktop\marathon infinity\marathon infinity.exe
FirewallRules: [TCP Query User{D6BF2ABB-2C33-46EE-9055-BA261D8A4177}K:\ue4\4.4\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\ue4\4.4\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{73ED7158-2E82-4C1A-B9E6-96BA25796DE6}K:\ue4\4.4\engine\binaries\dotnet\swarmagent.exe] => (Allow) K:\ue4\4.4\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{EF1C9853-1A12-4DB0-8EA9-1A94E37F7B30}] => (Allow) G:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{9BAE6B50-8B7A-4D7A-AED8-C93332880EC1}] => (Allow) G:\SteamLibrary\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{85D83465-4F92-434C-86AB-1C1C8B860308}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6C213D8-EED4-45F2-BD9B-45E80E16812F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{900C8AC6-BF4B-4BAF-A7E4-8FA9D6E3CAE7}G:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{9C74DCC2-E477-4A38-8AEE-89021AB9A1AD}G:\steamlibrary\steamapps\common\war thunder\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{237695C3-784A-4A76-A75C-7A195F36575E}C:\users\strangelet\desktop\battlefield 1942\bf1942_w32ded.exe] => (Allow) C:\users\strangelet\desktop\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [UDP Query User{E7AB5848-AE2B-43C4-A04D-79A5887CF6DA}C:\users\strangelet\desktop\battlefield 1942\bf1942_w32ded.exe] => (Allow) C:\users\strangelet\desktop\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [TCP Query User{95E4EEDB-586B-4AC1-A215-D5A81C914832}C:\program files (x86)\battlefield 1942\bf1942_w32ded.exe] => (Allow) C:\program files (x86)\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [UDP Query User{F782C091-379B-4D68-94A2-08E3D76DA556}C:\program files (x86)\battlefield 1942\bf1942_w32ded.exe] => (Allow) C:\program files (x86)\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [TCP Query User{EBFE95CF-DE98-49E4-B3F2-A22B146BCD19}F:\affue3\binaries\win64\affgame.exe] => (Allow) F:\affue3\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{BAF4EE4B-AC42-450B-9AE7-1A42E4D85C33}F:\affue3\binaries\win64\affgame.exe] => (Allow) F:\affue3\binaries\win64\affgame.exe
FirewallRules: [TCP Query User{B24A439C-3871-4791-8379-559E97E6D8A2}F:\affue3\binaries\swarmagent.exe] => (Allow) F:\affue3\binaries\swarmagent.exe
FirewallRules: [UDP Query User{E9DBDF40-B952-46FB-92A4-0AEFEC4A8354}F:\affue3\binaries\swarmagent.exe] => (Allow) F:\affue3\binaries\swarmagent.exe
FirewallRules: [{A88C9E44-EEF9-4E5D-856C-81D806E5FD96}] => (Allow) G:\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{11C0BA17-293F-4B36-B6D7-B028215B98D6}] => (Allow) G:\SteamLibrary\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{BB3962B9-60D4-4EB9-AB7E-6EDCFAF56983}C:\users\strangelet\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{1B26D357-FBA5-4FE0-9828-E4A4650CA04B}C:\users\strangelet\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [TCP Query User{8702B53F-B3A3-42FB-8C56-86D97AD19B74}C:\users\strangelet\appdata\local\frontier_developments\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [UDP Query User{43669888-A1BC-4D22-9960-2A7AAA31AE82}C:\users\strangelet\appdata\local\frontier_developments\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [{FF0E6389-5118-49DC-8A20-50A1A425B5B2}] => (Allow) C:\Users\strangelet\Desktop\AndroG Controller Server.exe
FirewallRules: [{6A0059F4-00DC-49CE-B847-8651E8E0A741}] => (Allow) C:\Users\strangelet\Desktop\AndroG Controller Server.exe
FirewallRules: [TCP Query User{C8E8D7D9-42DD-48A4-BAB6-C74AFBD2851A}C:\program files\droidpad\droidpad.exe] => (Allow) C:\program files\droidpad\droidpad.exe
FirewallRules: [UDP Query User{C2B0A2EA-BA63-4608-B020-4E67D3E671AE}C:\program files\droidpad\droidpad.exe] => (Allow) C:\program files\droidpad\droidpad.exe
FirewallRules: [{7CE2ADF3-7001-4C11-AE3E-2C80B2324935}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{F5BA7925-741A-48FF-96BB-F9DAF96B75CA}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{D18991C0-718E-4A56-88DE-D45EC9CCDFCB}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{01DA188F-58AD-4AB0-8FC4-5EDC20DF9301}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{F1A14B59-E4F8-4221-9632-CBAD07BBBF78}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{6683C407-8544-435E-8A2C-D8A38FAA689C}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{178D82FE-7AFC-4E42-BC9A-82EA5FB5ABD5}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{94689F8A-C396-4966-B6EF-D32B0FAA5D24}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{8913B087-9A98-425A-9506-B3700316AFC5}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe
FirewallRules: [{2C39C448-6560-435A-9127-5F8D28425481}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe
FirewallRules: [TCP Query User{C73876C7-B486-44DD-BC28-0ADA2E2D5B92}C:\users\strangelet\documents\vuze downloads\adobe tool 3.7\adobetool.exe] => (Allow) C:\users\strangelet\documents\vuze downloads\adobe tool 3.7\adobetool.exe
FirewallRules: [UDP Query User{E25B9E42-47D5-4170-974F-39BFFBA0B785}C:\users\strangelet\documents\vuze downloads\adobe tool 3.7\adobetool.exe] => (Allow) C:\users\strangelet\documents\vuze downloads\adobe tool 3.7\adobetool.exe
FirewallRules: [TCP Query User{0C88E1B8-51E7-4D4C-A28A-D32974D20DAA}F:\affue3\binaries\swarmcoordinator.exe] => (Allow) F:\affue3\binaries\swarmcoordinator.exe
FirewallRules: [UDP Query User{E954CE1D-6595-4E91-9F1E-64170FC9E93C}F:\affue3\binaries\swarmcoordinator.exe] => (Allow) F:\affue3\binaries\swarmcoordinator.exe
FirewallRules: [TCP Query User{E5AE9A2E-6CCB-4766-AEEE-46B40AD96C68}K:\ue4\4.5\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.5\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{102E377B-45DE-4EF1-879B-57094D359D7D}K:\ue4\4.5\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.5\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{D41A88D0-D639-452A-BA11-184CBF2B9F56}F:\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) F:\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{0E3F800E-A504-4D5F-9710-35A2A5B35E57}F:\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) F:\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{9A8F6CBF-DCA8-4C40-9ADE-924E1004CCEB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{41E0054F-F402-4CE7-AF64-3CBA927119C5}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F481C58C-CF21-4C61-98E1-890B7C4E2089}] => (Allow) G:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C8AC3662-9852-45FC-83AA-E02A7D1A3DCD}] => (Allow) G:\SteamLibrary\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{5BD6112D-A378-4E71-897C-3B7D254F5125}] => (Allow) G:\SteamLibrary\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{F36564FE-440D-4FC4-ABC5-F22D239B39AC}] => (Allow) G:\SteamLibrary\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{A9890D7E-F3AE-4E23-97FB-EBC14B140854}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C699A5BB-8B73-453B-B960-786DA776C24F}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{1ADBD67E-9B2A-4F42-AB01-46D9C5184CBD}K:\ue4\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{92796E26-138A-4C57-BF7E-BC8379BAFA0D}K:\ue4\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) K:\ue4\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{0A50F670-9D86-4208-9993-41639E8271D6}K:\ut4\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) K:\ut4\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{FEC0A5BA-ACB0-4DFC-BCCB-E529C0DB8FAC}K:\ut4\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) K:\ut4\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{A484A4BE-98CD-4FA5-A7E8-B185621750EF}G:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{91FF6147-E8CA-4F7B-848E-2127706625FE}G:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{2B01832D-77B0-4A84-A327-D95D977ED7E2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{64476C66-4D6A-4209-B0BA-FB00D904D39B}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{65289FC9-5051-460D-A86D-2F248C8A0697}G:\wot\wotlauncher.exe] => (Allow) G:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{89D1231D-2144-4BBC-AF3D-741B1E7D6EC9}G:\wot\wotlauncher.exe] => (Allow) G:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{817D25C7-0451-476C-9A67-47FFD0CC3D3A}G:\wot\worldoftanks.exe] => (Allow) G:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{BCACF608-EF39-4F62-A0FC-0C74A7CC87F3}G:\wot\worldoftanks.exe] => (Allow) G:\wot\worldoftanks.exe
FirewallRules: [{450B8682-79B4-4FD8-A7EA-8B0A4D4117C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Designer 5\bin64\designer.exe
FirewallRules: [{E7993BD5-ABB3-4148-ABF9-6FF05C42842B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Designer 5\bin64\designer.exe
FirewallRules: [TCP Query User{3979D7A3-6CEA-4452-A587-50A60D1C8DE4}G:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) G:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{00A97E64-933D-4611-BE3E-F1EE07E43084}G:\steamlibrary\steamapps\common\total war rome ii\rome2.exe] => (Allow) G:\steamlibrary\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{AC0166E4-0A05-4CCE-87D4-1D4BEB6CFF21}] => (Allow) G:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{EC026262-ABBB-4777-BD2A-029C62D79272}] => (Allow) G:\SteamLibrary\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{55D33414-A067-4728-8D3E-A491B450B266}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{BCF0635F-C0BD-40E9-9C83-63F3DDC8B270}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{37A582F9-E08A-4C5F-A2D4-25D0AC31F2EB}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{E1BF64F5-1C56-4349-8015-525801BC9DB1}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{A498295B-DEB5-49B7-8913-CAA99DD682B1}] => (Allow) K:\SteamLibrary\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{DB794113-4248-4220-9C06-5D6E310DCC81}] => (Allow) K:\SteamLibrary\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [TCP Query User{78F88B27-8222-4272-9DCF-DAE51F23B135}G:\steamlibrary\steamapps\common\angels fall first\binaries\win32\affgame.exe] => (Block) G:\steamlibrary\steamapps\common\angels fall first\binaries\win32\affgame.exe
FirewallRules: [UDP Query User{26C91079-CA3E-40F1-B17C-0FDE87E53B82}G:\steamlibrary\steamapps\common\angels fall first\binaries\win32\affgame.exe] => (Block) G:\steamlibrary\steamapps\common\angels fall first\binaries\win32\affgame.exe
FirewallRules: [TCP Query User{BD7A8E63-691E-4C1F-8595-53C97418D760}F:\aff build\build\binaries\win64\affgame.exe] => (Block) F:\aff build\build\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{8BFB6E24-1719-4F3F-80DE-51E9EB1BCF8E}F:\aff build\build\binaries\win64\affgame.exe] => (Block) F:\aff build\build\binaries\win64\affgame.exe
FirewallRules: [TCP Query User{59A9DD7F-C437-45E1-8D3E-CDB8696E707E}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{773A7FE6-4E89-4CBE-B6F7-6C53CD8F63A4}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{BA349290-D844-40C3-8B24-4FC709B2EF8C}C:\programdata\faforever\bin\forgedalliance.exe] => (Allow) C:\programdata\faforever\bin\forgedalliance.exe
FirewallRules: [UDP Query User{A381CC93-B32C-422A-8691-0BA60F342C48}C:\programdata\faforever\bin\forgedalliance.exe] => (Allow) C:\programdata\faforever\bin\forgedalliance.exe
FirewallRules: [{C234F3F5-8E18-48F5-8531-014CB62F9C45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3d-coat\launch3dc.exe
FirewallRules: [{162CF364-290A-4DDC-B380-0BBBF48D0F89}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3d-coat\launch3dc.exe
FirewallRules: [{E77724DF-5583-4076-9EDF-2D4BCA18CC2A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3d-coat\launch64.exe
FirewallRules: [{B8F4F75F-8D7A-4364-A8AC-CFE15D08046E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3d-coat\launch64.exe
FirewallRules: [TCP Query User{9A477316-DD26-4539-AD09-DCBA39E08F75}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdxc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdxc.exe
FirewallRules: [UDP Query User{E75DBCD4-6C3B-44E1-89DA-58ABBC57AD2B}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdxc.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdxc.exe
FirewallRules: [TCP Query User{6D257AA7-E5FB-42C2-AEFB-7A5A0171754D}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64s.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64s.exe
FirewallRules: [UDP Query User{28E480B3-30B6-422E-A3B3-B7FFC68AF05F}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64s.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64s.exe
FirewallRules: [TCP Query User{199278F5-5577-43DB-9EDF-3EEFF79A66B3}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgls.exe] => (Block) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgls.exe
FirewallRules: [UDP Query User{9BAB96C2-E9A6-4FC0-AF1F-34B168B7D1F3}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgls.exe] => (Block) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgls.exe
FirewallRules: [TCP Query User{60BD7765-B052-4947-B0E1-9A4ACB799C93}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdx64s.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdx64s.exe
FirewallRules: [UDP Query User{FC56CC7A-C3D4-4CB7-9C16-43366AAF40A7}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdx64s.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatdx64s.exe
FirewallRules: [{BDACB4B0-6B0F-495C-AD11-A62383085F58}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{37F4CEA6-060E-41DB-BCCF-C0E22ABAC2D5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{5822409A-BD03-42B1-9085-0C3EA8C8B42B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{13784038-0EC5-42C1-94A1-E065CD43F41B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{9E5A21A6-ECD1-4EF3-ACB0-31FF50384D31}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{E2AAF4D4-162A-4D46-80B2-E5DB9D557972}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{18EBC392-44F0-4039-BCA1-5AFD38D15015}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{2BD1AB2B-A709-4DFB-83CF-5D043A18CDA7}] => (Allow) LPort=12292
FirewallRules: [{79EA1771-AD21-4588-B30A-E8DE0C02EEB0}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First\Binaries\Win64\AFFGame.exe
FirewallRules: [{95EB5413-05F8-4924-B9D6-D27EB0ACC16D}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First\Binaries\Win64\AFFGame.exe
FirewallRules: [{21A78345-DC95-42A8-A436-EF16F0567211}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{BB9A001C-54C6-4A5A-9682-2133509C917C}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{A626DEB1-CB85-4D4B-A864-D1684E62CB0B}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{634F4517-20D4-4B9C-B52B-65B3D23A2AA2}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [TCP Query User{EDB7CCDF-9DC2-45D3-AB33-DC8C8906E2FD}G:\kitedemo_runtime\kitedemo\binaries\win64\kitedemo-win64-shipping.exe] => (Allow) G:\kitedemo_runtime\kitedemo\binaries\win64\kitedemo-win64-shipping.exe
FirewallRules: [UDP Query User{66F1C86D-3583-422C-B0C0-A40AFC76ADC4}G:\kitedemo_runtime\kitedemo\binaries\win64\kitedemo-win64-shipping.exe] => (Allow) G:\kitedemo_runtime\kitedemo\binaries\win64\kitedemo-win64-shipping.exe
FirewallRules: [TCP Query User{92CDEC5A-1C15-417E-8988-AABA29A92FDB}K:\affsource\binaries\win64\affgame.exe] => (Allow) K:\affsource\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{EB7582C2-AD2A-4F5D-8AB6-20AF25F6A2D7}K:\affsource\binaries\win64\affgame.exe] => (Allow) K:\affsource\binaries\win64\affgame.exe
FirewallRules: [TCP Query User{5CE59344-ED9A-4825-8D5F-761690E6D76E}C:\program files (x86)\dude\dude.exe] => (Allow) C:\program files (x86)\dude\dude.exe
FirewallRules: [UDP Query User{4CFA2D95-584F-4937-80DB-892A5ABC4C6C}C:\program files (x86)\dude\dude.exe] => (Allow) C:\program files (x86)\dude\dude.exe
FirewallRules: [{FCD52136-105C-49EA-898F-F9A438DA130B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD74F19C-6D61-4C95-9F53-F28C7F718B87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0931C17F-9396-4816-9CAB-C4643E54394C}F:\affue3clean\binaries\win64\affgame.exe] => (Allow) F:\affue3clean\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{A7DD9DD6-9645-4B90-9D85-9FDF23E623D5}F:\affue3clean\binaries\win64\affgame.exe] => (Allow) F:\affue3clean\binaries\win64\affgame.exe
FirewallRules: [TCP Query User{2B1AB5DE-C7DA-450F-B7BD-209A192823F2}F:\ue4\unreal engine\4.9\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.9\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{57880C1D-8A61-45A6-9674-0A8ED5686C17}F:\ue4\unreal engine\4.9\engine\binaries\win64\ue4editor.exe] => (Allow) F:\ue4\unreal engine\4.9\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{B6BD7306-0B20-4AE4-80D5-9752A938D126}F:\ue4\unreal engine\4.9\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.9\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{ADC7D422-AB57-482C-A3EE-1BF127A7F13B}F:\ue4\unreal engine\4.9\engine\binaries\dotnet\swarmagent.exe] => (Allow) F:\ue4\unreal engine\4.9\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{D1D74812-B61C-46E0-ADB8-4C9618CC0266}C:\users\strangelet\appdata\local\frontier_developments\products\public_test_server_64\elitedangerous64.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\public_test_server_64\elitedangerous64.exe
FirewallRules: [UDP Query User{95A6C862-E671-4CD4-8D61-B5E435D79F18}C:\users\strangelet\appdata\local\frontier_developments\products\public_test_server_64\elitedangerous64.exe] => (Allow) C:\users\strangelet\appdata\local\frontier_developments\products\public_test_server_64\elitedangerous64.exe
FirewallRules: [{0D4F7C79-265D-45EB-AE3B-86CA67A9D6D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6BE238A1-617C-425F-BCDA-7732235262D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B4FE2521-6FA0-459E-BF1C-BA518B0DB2A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4B93E32F-4ED6-4821-9E35-4229658FEB21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{67E9C168-3AD3-4F66-BD4C-EC2B1D1F3177}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ED07C5CF-7185-47EA-8EBE-43DD9D9F69B2}] => (Allow) G:\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{47FA10CE-B937-4F0D-8408-60BC44DCF648}] => (Allow) G:\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{802DBAB6-007C-4AED-BED2-88E25778591B}] => (Allow) G:\SteamLibrary\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{40D2F66F-D7F0-4E4B-AE47-8623E3D9B1FF}] => (Allow) G:\SteamLibrary\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [TCP Query User{52FADC4B-E7C9-45AF-8E3E-746EF4B8ECF4}G:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{D9116940-6D09-4B9E-BDEF-5DD3B2E12476}G:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\steamlibrary\steamapps\common\elite dangerous horizons\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{2ED57CAD-1069-4A4C-95C7-0FBB25099C3A}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{4377E520-438E-4C65-982E-2CA187D3CF93}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{6C579FEB-61B2-4F28-A59E-547D24DB151F}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{98245E99-D7DB-4ADF-A13B-849AB23C5855}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{A26AF9C1-0C70-4B3A-8272-838CAF23598F}G:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) G:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{7424C039-C102-4516-AA04-C8DA47322A0B}G:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) G:\steamlibrary\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [TCP Query User{E370F387-EB09-45B6-BE43-FCCACC63C4DA}C:\program files\smith micro\poser pro 2014\poserpro.exe] => (Block) C:\program files\smith micro\poser pro 2014\poserpro.exe
FirewallRules: [UDP Query User{68716024-3486-40F6-9A3A-9AF1F8A8C5AD}C:\program files\smith micro\poser pro 2014\poserpro.exe] => (Block) C:\program files\smith micro\poser pro 2014\poserpro.exe
FirewallRules: [TCP Query User{5A34C3DD-A462-44D2-81A1-A17167463A69}C:\program files (x86)\smith micro\poser pro 2014\poserpro.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2014\poserpro.exe
FirewallRules: [UDP Query User{DB5702C7-C39F-42AB-A3D2-A9B8E754D2C7}C:\program files (x86)\smith micro\poser pro 2014\poserpro.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2014\poserpro.exe
FirewallRules: [TCP Query User{440A1EA2-D179-4CEB-8703-F80125727443}C:\program files (x86)\smith micro\poser pro 2012\poserpro.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2012\poserpro.exe
FirewallRules: [UDP Query User{70D0771A-C640-436F-9B82-B81FFE2BFC2C}C:\program files (x86)\smith micro\poser pro 2012\poserpro.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2012\poserpro.exe
FirewallRules: [TCP Query User{0D168715-B3E4-4D9C-947D-51C59293BDA4}C:\program files (x86)\smith micro\poser pro 2012\ffrender64.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2012\ffrender64.exe
FirewallRules: [UDP Query User{B7030435-3BBF-4188-9DF0-C2BCF49C9F8C}C:\program files (x86)\smith micro\poser pro 2012\ffrender64.exe] => (Block) C:\program files (x86)\smith micro\poser pro 2012\ffrender64.exe
FirewallRules: [{C9BE8E73-8394-4180-86B5-163D5C860DEF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F27691C-6D6B-4E30-8BF9-3543C0C75B62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{699E94A4-5259-406A-ACE3-E60AAFB6A7F2}] => (Allow) G:\SteamLibrary\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{409E998D-A6CE-4599-B983-063846240999}] => (Allow) G:\SteamLibrary\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [TCP Query User{C634D04F-4874-40C4-A4C1-AE4D453AB0A4}C:\program files\allegorithmic\substance player\5\bin64\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance player\5\bin64\substance_player.exe
FirewallRules: [UDP Query User{CF4B3D74-EDC4-45FD-AB23-3B6CDB9C6E2D}C:\program files\allegorithmic\substance player\5\bin64\substance_player.exe] => (Allow) C:\program files\allegorithmic\substance player\5\bin64\substance_player.exe
FirewallRules: [TCP Query User{2D550B1A-6165-4D5B-820F-5530D27332DE}C:\program files\allegorithmic\substance painter2\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter2\substance painter.exe
FirewallRules: [UDP Query User{74F77E48-20A7-48BF-911D-2C486B491F5A}C:\program files\allegorithmic\substance painter2\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter2\substance painter.exe
FirewallRules: [TCP Query User{C381FC82-F0A4-4B9F-B2AC-BAC19C0C37AD}G:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{7ECC5502-5DB3-4AF0-95C4-8C018CDF5030}G:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [{0D0B0262-594B-49F2-8377-8635E21DAF77}] => (Allow) K:\SteamLibrary\SteamApps\common\Substance Painter 2\Substance Painter 2.exe
FirewallRules: [{DED6D206-D40E-4EE2-8AB7-A5E1A2F4E51F}] => (Allow) K:\SteamLibrary\SteamApps\common\Substance Painter 2\Substance Painter 2.exe
FirewallRules: [{9C609487-CB68-41C1-A4F1-33CE131F73D9}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{CF9DEB31-4AAD-4362-8682-67F2D6BA6F51}] => (Allow) G:\SteamLibrary\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [TCP Query User{13D9066E-E37B-497A-8F49-12D340522921}F:\ue4\unreal engine\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\ue4\unreal engine\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BF47DF74-9B54-4573-B9E7-B7A3C5D4AFBC}F:\ue4\unreal engine\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\ue4\unreal engine\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{C18EEC9E-8118-43B8-98B8-613C3E092642}G:\ue4\ut4\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\ue4\ut4\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{FF297242-E03A-4342-A03F-31F54AB49D63}G:\ue4\ut4\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\ue4\ut4\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{AC680DE7-CAB2-4641-94A4-1C21F854FF56}G:\ue4\ut4\unrealtournamenteditor\engine\binaries\win64\ue4editor.exe] => (Allow) G:\ue4\ut4\unrealtournamenteditor\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{568008B3-B72A-440F-822A-8562AE28AE9A}G:\ue4\ut4\unrealtournamenteditor\engine\binaries\win64\ue4editor.exe] => (Allow) G:\ue4\ut4\unrealtournamenteditor\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{1091EF50-EA7C-4CA3-B6F2-E7AF757A5BDE}G:\ue4\ut4\unrealtournamenteditor\engine\binaries\dotnet\swarmagent.exe] => (Allow) G:\ue4\ut4\unrealtournamenteditor\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{8C27E523-FF42-45F1-A4B3-6318CD61367E}G:\ue4\ut4\unrealtournamenteditor\engine\binaries\dotnet\swarmagent.exe] => (Allow) G:\ue4\ut4\unrealtournamenteditor\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{0870FCBF-A27E-47D2-93EE-6F638829A080}G:\ue4\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\ue4\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{453362AA-1DC6-4527-8206-BDA6FF9ADD1F}G:\ue4\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\ue4\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{61D286BC-A9B9-4093-B2FE-CCB4E072216F}] => (Allow) G:\SteamLibrary\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [{81AC4B0D-37C4-48C9-A3A9-1C315714F296}] => (Allow) G:\SteamLibrary\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [TCP Query User{F086561A-3349-423D-8EDB-5B4136315AB3}G:\crossout\launcher.exe] => (Allow) G:\crossout\launcher.exe
FirewallRules: [UDP Query User{56E54C27-A209-4562-980B-81194FA8AF09}G:\crossout\launcher.exe] => (Allow) G:\crossout\launcher.exe
FirewallRules: [TCP Query User{2495AFC2-69D8-4CDA-BF02-98E666D8A28E}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64c.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64c.exe
FirewallRules: [UDP Query User{0DDB7D84-D362-415A-BDE6-4583E22A7759}C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64c.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\3d-coat\3d-coatgl64c.exe
FirewallRules: [{1018C23B-ADB4-4DD5-9806-5DE2B76625C0}] => (Allow) G:\SteamLibrary\SteamApps\common\IPackThat\IPackThat.exe
FirewallRules: [{B9B6D205-14B4-4847-AA14-0ADCD8161C48}] => (Allow) G:\SteamLibrary\SteamApps\common\IPackThat\IPackThat.exe
FirewallRules: [{0BC8A811-6B57-45D0-B520-A5D71292F95A}] => (Allow) G:\SteamLibrary\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{CF1C3911-FEF2-4558-877D-B55C9A1E090E}] => (Allow) G:\SteamLibrary\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{AB30297C-69E5-417C-A060-68A49F44289F}] => (Allow) G:\SteamLibrary\SteamApps\common\TimeOfDragons\tod.exe
FirewallRules: [{A4146B0C-EEFC-4876-AB40-9CEB31DC7ADD}] => (Allow) G:\SteamLibrary\SteamApps\common\TimeOfDragons\tod.exe
FirewallRules: [{9CCB7448-75A6-46B5-8D08-76FFD5FFD6AE}] => (Allow) G:\SteamLibrary\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{65EC32A5-A014-4FEB-B674-4999822507C4}] => (Allow) G:\SteamLibrary\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{19090240-DBA2-49B9-99CB-FB4C2FD40BAA}] => (Allow) K:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{4BAD67EE-498F-4747-8FA2-6A897E5C99DB}] => (Allow) K:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [TCP Query User{968BB12A-6942-4229-B554-E6F47724641E}K:\steamlibrary\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) K:\steamlibrary\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{04432C37-BA7A-4904-A149-5648C6BA893A}K:\steamlibrary\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) K:\steamlibrary\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{7F464632-4ED6-4D85-9F06-AE600D3F4BE8}] => (Allow) K:\SteamLibrary\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{CB40FFDC-6C74-40B9-8752-AB068BF9B64C}] => (Allow) K:\SteamLibrary\SteamApps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [TCP Query User{A00A8D65-61F6-4CC1-924F-10D42CE7DB10}C:\program files (x86)\a new zero\anewzero.exe] => (Allow) C:\program files (x86)\a new zero\anewzero.exe
FirewallRules: [UDP Query User{40E93123-70C2-45A5-8868-104FB1C7AD6E}C:\program files (x86)\a new zero\anewzero.exe] => (Allow) C:\program files (x86)\a new zero\anewzero.exe
FirewallRules: [TCP Query User{385961F3-D665-4C12-8CD6-D219CDDC6532}C:\program files\allegorithmic\substance painter 2\substance painter 2.exe] => (Allow) C:\program files\allegorithmic\substance painter 2\substance painter 2.exe
FirewallRules: [UDP Query User{0D6E44B8-E74A-448A-BE0D-EC9832FC4154}C:\program files\allegorithmic\substance painter 2\substance painter 2.exe] => (Allow) C:\program files\allegorithmic\substance painter 2\substance painter 2.exe
FirewallRules: [{390BE334-D053-4968-8274-B48653216E1C}] => (Allow) T:\SteamT\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{70F3BFBD-0435-4963-B85F-75065740AEA8}] => (Allow) T:\SteamT\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{C6065E35-65A0-4DC9-9CE0-591085EA0647}] => (Allow) T:\SteamT\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{CF1A514E-4315-4512-ABBD-F9275C29C84E}] => (Allow) T:\SteamT\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1A484773-3643-4A0C-AEE4-C65C90D25E7D}] => (Allow) T:\SteamT\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{51DA6BB3-70DF-46DA-9560-2F9D2F72AA7F}] => (Allow) T:\SteamT\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{AD00D8B0-0B2E-48AE-BA09-D42E4DC1AD6D}] => (Allow) T:\SteamT\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{9430FB9A-CFAB-4A40-8B29-56D4E599188E}] => (Allow) T:\SteamT\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{13195678-0BC8-4169-B418-A27F5735B97F}] => (Allow) T:\SteamT\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{39E43B03-2916-4896-80C2-DF3C39FA52F7}] => (Allow) T:\SteamT\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{415FFF15-66C9-4066-A3A6-BA6D85839561}] => (Allow) T:\SteamT\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{F983F547-9183-4FBC-B14E-00DC8E35B789}] => (Allow) T:\SteamT\steamapps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{4610303B-5FE3-4D02-9344-081B812210F7}] => (Allow) T:\SteamT\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{9EE91276-C679-4CD8-B897-BD05293BB98E}] => (Allow) T:\SteamT\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{A0CC8C29-807F-4166-96B4-92037D55EADF}] => (Allow) T:\SteamT\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{C202C263-ED19-4D4B-98FD-4CD50C2EF15B}] => (Allow) T:\SteamT\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{F66B8D8A-531B-4B64-86CC-F9BF61E81411}] => (Allow) T:\SteamT\steamapps\common\ORION\Orion.exe
FirewallRules: [{F13A15F2-FC51-4A29-8C1C-F1735640C37C}] => (Allow) T:\SteamT\steamapps\common\ORION\Orion.exe
FirewallRules: [{EC78ADEB-B90E-40A4-AB4E-2B43E9F79021}] => (Allow) T:\SteamT\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C42ACA5E-4CBE-4ABF-8116-9C116CCC576E}] => (Allow) T:\SteamT\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{BC4446B1-D5DA-421A-9D39-B5726BD5601D}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{947D59C2-C3A2-4B10-A196-8D9F587F856A}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{8A1DF8AC-4176-4273-92B4-A654201AB4B9}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{05D0907E-544D-447A-B3A7-5A887EC29E08}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{CE1C5097-3461-4D7A-B6C4-363DB69ACBB6}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{59948328-098F-4D74-A499-F70829A27DAF}] => (Allow) T:\SteamT\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{CF147ED6-1A99-482F-BD2F-CF71D1594335}] => (Allow) T:\SteamT\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{D48F71EB-366C-44BF-8BC9-1D26889B24A7}] => (Allow) T:\SteamT\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{014DE4FD-1334-4332-8BED-4BC70FB8E144}] => (Allow) T:\SteamT\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{A335C87D-D092-4288-89D5-1E3435A48F03}] => (Allow) T:\SteamT\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{7284ADEF-4F5D-48F7-ADDA-E0A133CA375C}] => (Allow) T:\SteamT\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{EA7116BD-53C9-47E5-B557-BBB067DBCC48}] => (Allow) T:\SteamT\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{BFF8E338-6234-4274-94FA-A85052F0D5B5}] => (Allow) T:\SteamT\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{617BDBEE-8F8B-42D8-B853-581A18A9A7CF}] => (Allow) T:\SteamT\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{51E39559-A5B5-4A55-AA58-771CFE9B4A6E}] => (Allow) T:\SteamT\steamapps\common\star conflict\game.exe
FirewallRules: [{823FD6C1-B4DF-4FB4-9950-B2D4FA9F6317}] => (Allow) T:\SteamT\steamapps\common\star conflict\game.exe
FirewallRules: [{6EE8F6D7-F4CF-4C01-81A2-EB89B2E48685}] => (Allow) T:\SteamT\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{BECCAD8A-41C2-4494-B660-D9CDCB28942E}] => (Allow) T:\SteamT\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{F162EF3E-DDBB-4DF8-A2B9-52551F4CFC6C}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4BFEE0AB-DE2E-4FD5-86B3-4FEBFCE9620E}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{452E5F04-ABF4-4B21-8397-D0470E4DB49C}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B4A46E5E-20A0-4EE1-894F-2D5B15372037}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{AE5A9AF7-D59A-4442-B7A3-99D0E88CD371}] => (Allow) T:\SteamT\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DF267686-A1DE-46AA-BCD4-148C18BC6A03}] => (Allow) T:\SteamT\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{8B730B20-552E-4471-8BDA-778FD032483A}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{02116E8B-0192-4615-95B2-50AC080DC638}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{11BEF0F4-29D3-46DA-ACF0-99B7974DFCDD}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6C425CF7-1960-404A-898A-2A908F57D446}] => (Allow) T:\SteamT\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B70A9D54-7321-41EC-8822-207484715F8C}] => (Allow) T:\SteamT\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{2A5800AD-0E64-4B34-ABB9-24F038225B90}] => (Allow) T:\SteamT\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{3AFAF76F-A5B4-495F-822A-4DC9C8A523C1}T:\steamt\steamapps\common\total war rome ii\rome2.exe] => (Block) T:\steamt\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{E0443064-2A8E-4C61-9324-FCBF7483D0FE}T:\steamt\steamapps\common\total war rome ii\rome2.exe] => (Block) T:\steamt\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{1AF51464-39A4-4BA5-B07F-2F22A58AE40D}] => (Allow) T:\SteamT\steamapps\common\Universal Combat CE\UCCE20.EXE
FirewallRules: [{C055DEA7-1EED-40EE-8DE8-CE7BE9681A0C}] => (Allow) T:\SteamT\steamapps\common\Universal Combat CE\UCCE20.EXE
FirewallRules: [{FCFB0A77-5237-4844-985A-71E9CE8A54D0}] => (Allow) T:\SteamT\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{85719E87-AC54-4590-AB4B-4871ED7790CD}] => (Allow) T:\SteamT\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{93606FFC-2748-437C-B5B3-2CA7730FDD16}] => (Allow) T:\SteamT\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{D09A59FC-46BE-4BE0-BA17-B44B00D283D8}] => (Allow) T:\SteamT\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4FFF50F9-DC3C-4803-A442-48463217DEDC}] => (Allow) T:\SteamT\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{967DD328-2722-4BAF-BED5-747C9E7A683D}] => (Allow) T:\SteamT\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{99007BD6-C2F6-4F88-9D83-DC520265E6D2}] => (Allow) T:\SteamT\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F3D5441C-3B70-42C7-922B-2A486CFDE858}] => (Allow) T:\SteamT\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{5C4CE654-0575-4873-ADED-6604E83B1E23}T:\affue3\binaries\win64\affgame.exe] => (Allow) T:\affue3\binaries\win64\affgame.exe
FirewallRules: [UDP Query User{536BCE09-0549-4EC7-B72F-83C3AE171201}T:\affue3\binaries\win64\affgame.exe] => (Allow) T:\affue3\binaries\win64\affgame.exe
FirewallRules: [{6C007F3B-9066-4D9D-96C8-96B22C4E4796}] => (Allow) T:\SteamT\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{1A9EF7C8-1B44-4BB7-AD56-D6418B7749B5}] => (Allow) T:\SteamT\steamapps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{48A3EC65-A678-40E6-8407-82F51CF493A2}] => (Allow) T:\SteamT\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{E90CDD9A-4872-438D-9F06-BB8ABDE352B7}] => (Allow) T:\SteamT\steamapps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{998A1C62-ABB8-4E34-BDF8-A1CF75ECD875}] => (Allow) T:\SteamT\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{DB68D630-4BD3-4063-A43F-710315B49029}] => (Allow) T:\SteamT\steamapps\common\X-COM Terror from the Deep\runme.exe
FirewallRules: [{4111B2E9-B204-48C4-B4F7-64BAD663B330}] => (Allow) T:\SteamT\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{869D6F72-4228-407B-808D-FEA72D849A9B}] => (Allow) T:\SteamT\steamapps\common\X-COM Terror from the Deep\TFD\Terror From the Deep_patched.exe
FirewallRules: [{82D32A2A-EF4E-4107-8241-77EEEBCF91D9}] => (Allow) T:\SteamT\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{157261EA-40CC-4077-A6F3-B9FDFAC44A21}] => (Allow) T:\SteamT\steamapps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{FC6EC2A0-93EE-4A6A-A52B-995295A8A264}] => (Allow) T:\SteamT\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{7D7E9082-DAED-42E2-AF9E-58F02C751744}] => (Allow) T:\SteamT\steamapps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{BE47EAC2-0B4F-4E83-B7B6-23675F3D7749}] => (Allow) T:\SteamT\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{C7419FE1-4BF5-43ED-8891-61D51CBF0565}] => (Allow) T:\SteamT\steamapps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [TCP Query User{FD5BB045-4E30-43D3-9A39-FF9E078F558E}G:\ue4\4.12\engine\binaries\win64\ue4editor.exe] => (Allow) G:\ue4\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{9F76D715-9023-4BCC-BE54-555889A655BE}G:\ue4\4.12\engine\binaries\win64\ue4editor.exe] => (Allow) G:\ue4\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{2966AB1A-264E-4FD4-9B27-4AF00298E316}G:\ue4\4.12\engine\binaries\dotnet\swarmagent.exe] => (Allow) G:\ue4\4.12\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{5BAB31A4-9616-45F6-B80B-7CAED1AD8CCC}G:\ue4\4.12\engine\binaries\dotnet\swarmagent.exe] => (Allow) G:\ue4\4.12\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{E9BBD991-1969-4B53-8159-38C9549FBB72}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First\Binaries\AFFLift.exe
FirewallRules: [{05D417DE-AC31-40B0-998E-D9678DA24552}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First\Binaries\AFFLift.exe
FirewallRules: [{11D8428E-C3FE-4889-9F23-6712ADE75F3A}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First Dedicated Server\Binaries\Win64\AFFGameServer.exe
FirewallRules: [{02BF4BD8-E8BE-434B-A766-6954069F4E46}] => (Allow) G:\SteamLibrary\SteamApps\common\Angels Fall First Dedicated Server\Binaries\Win64\AFFGameServer.exe
FirewallRules: [{3170C15F-3E1B-4385-8320-4C79EBBF27A5}] => (Allow) T:\SteamT\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{F7ACCB9D-3593-4BC2-9C79-9A4F7581C334}] => (Allow) T:\SteamT\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{680B7468-C38C-4436-AA8E-26CB47A6A4D3}] => (Allow) T:\SteamT\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DD85FD7C-7900-4275-93BD-FBF7386B5164}] => (Allow) T:\SteamT\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{524DBDE8-00A7-496F-9A44-7C292AD55F6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Designer 5\Substance Designer.exe
FirewallRules: [{BE48F8DC-7AB8-42E4-A947-FDC66E45659C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Substance Designer 5\Substance Designer.exe
FirewallRules: [{E051CEDA-FF5A-4795-A2A7-79B2158DE96E}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{E1077914-86A1-44A7-8105-D97AAEBE72A4}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{13ACD33B-D0E7-44A4-AA5A-21E036EF64B1}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{224DF6F7-E970-47C1-818E-5D1D226EE35A}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{78C5CBFB-C5C6-4E7C-A984-1B662F1F23E5}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\LODLauncher.exe
FirewallRules: [{1A7C727D-859D-4CE9-92A6-CA3396E7E62C}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\LODLauncher.exe
FirewallRules: [{4C09E176-84FB-47FF-9526-C03FEF5D49A2}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\bin100dx9x64\LOD.exe
FirewallRules: [{C7EFFE65-A2B7-452F-9753-FD84C82CAE05}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\bin100dx9x64\LOD.exe
FirewallRules: [{5822BB52-7FE7-4283-AB0B-09A0AB6C5A46}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\bin100dx11x64\LOD.exe
FirewallRules: [{E0C6FC6E-A508-4252-A1D0-3548310A62AA}] => (Allow) T:\SteamT\steamapps\common\Line of Defense\bin100dx11x64\LOD.exe
FirewallRules: [{38E9A223-458D-4E84-AE99-FC2AE72A73BB}] => (Allow) T:\SteamT\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{F830230D-D05F-4EC1-9659-189B4F53D0CF}] => (Allow) T:\SteamT\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{F23A9FFB-6CEA-4A25-B8C3-5ACC2DDD287D}] => (Allow) T:\SteamT\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{E2E3896A-C1C5-4A37-8BD4-BE133C8298F3}] => (Allow) T:\SteamT\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{EA5B183B-A77C-4C6A-8E81-C542AFEE1568}T:\steamt\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) T:\steamt\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{912A013B-F4AC-4D90-B1E4-53DF1A3FC097}T:\steamt\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) T:\steamt\steamapps\common\orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{A35A829D-0753-4F1D-A5B9-638A32CACCAC}] => (Allow) G:\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{4BF9C612-028B-47A9-8692-30AE66C342C2}] => (Allow) G:\SteamLibrary\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{2AEEF50E-8BF6-4CE1-8317-2EA55D899CDF}T:\steamt\steamapps\common\arma 3\arma3.exe] => (Allow) T:\steamt\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{ACBF8D43-E4C7-4B2C-9457-DFD042A5BA72}T:\steamt\steamapps\common\arma 3\arma3.exe] => (Allow) T:\steamt\steamapps\common\arma 3\arma3.exe
FirewallRules: [{45AC1443-C869-4860-B9AA-8FB1E0980012}] => (Allow) T:\SteamT\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{7730963E-C94B-4F36-9EC9-7924F41A075F}] => (Allow) T:\SteamT\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [TCP Query User{7CB25940-D3CD-4FC9-94BF-3F4D25EB40BE}T:\steamt\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) T:\steamt\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{CA4118C1-CB67-41B9-9A65-561755473BB0}T:\steamt\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) T:\steamt\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{05AB901A-6DB2-41E6-993E-165B9CA0D265}] => (Allow) T:\SteamT\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{3C3577DE-1CE1-4827-BE26-8DCD38381CFA}] => (Allow) T:\SteamT\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{1C698237-03E9-41E5-88DA-B0D1B965A31D}] => (Allow) T:\SteamT\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{72E3376E-F176-4A20-819D-336F0F253BB6}] => (Allow) T:\SteamT\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{4D1A0CBD-CE99-498C-B4B5-F0EA558AB280}] => (Allow) T:\SteamT\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{DCA67F88-44C7-4462-82DF-12E38D6572A9}] => (Allow) T:\SteamT\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{46ACF52C-6FF5-444E-AEAA-2CAFCE2B6481}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{19930385-1760-4DE4-8530-83DC3BBEE487}] => (Allow) T:\SteamT\steamapps\common\Warface\live\nw.exe
FirewallRules: [{3CF94D04-6D75-4175-95BD-FA0AC37AA3E7}] => (Allow) T:\SteamT\steamapps\common\Warface\live\nw.exe
FirewallRules: [{5109AAAE-EDEB-40E1-BA97-A5E20B2CB55F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\3d-coat\launch3dc.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

02-10-2016 14:21:41 Scheduled Checkpoint
06-10-2016 13:49:17 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2016 02:05:47 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (10/06/2016 01:57:35 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (10/06/2016 01:53:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2016 01:51:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVInstEnabler.exe, version: 0.0.0.0, time stamp: 0x4e25b770
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0000001
Fault offset: 0x000000000000a49d
Faulting process id: 0xff0
Faulting application start time: 0x01d21fd05bb4ddbc
Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA PerfSDK\NVInstEnabler.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 99e9c2e9-8bc3-11e6-8874-902b3457c95d

Error: (10/06/2016 01:49:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {810545d0-14a6-4e0f-85e6-d5ad26eb4034}

Error: (10/06/2016 12:08:02 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (10/05/2016 11:59:55 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (10/05/2016 11:55:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/05/2016 11:53:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVInstEnabler.exe, version: 0.0.0.0, time stamp: 0x4e25b770
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0000001
Fault offset: 0x000000000000a49d
Faulting process id: 0x7ac
Faulting application start time: 0x01d21f5b5b3c9750
Faulting application path: C:\Program Files\NVIDIA Corporation\NVIDIA PerfSDK\NVInstEnabler.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 998429bf-8b4e-11e6-a210-902b3457c95d

Error: (10/05/2016 11:46:17 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.


System errors:
=============
Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Input Director Vista Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CodeMeter Runtime Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/06/2016 01:49:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-06-23 21:04:02.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-23 20:52:11.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16341.79 MB
Available physical RAM: 12517.7 MB
Total Virtual: 32681.77 MB
Available Virtual: 28530.65 MB

==================== Drives ================================

Drive c: (Vader) (Fixed) (Total:223.47 GB) (Free:64.48 GB) NTFS
Drive f: (Chewie) (Fixed) (Total:238.47 GB) (Free:49.57 GB) NTFS
Drive g: (Lando) (Fixed) (Total:238.47 GB) (Free:33.02 GB) NTFS
Drive h: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32
Drive k: (Caedus) (Fixed) (Total:111.79 GB) (Free:64.96 GB) NTFS
Drive t: (Thrawn) (Fixed) (Total:931.51 GB) (Free:410.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: C093EAC1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E89D50B3)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4A07E5D0)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E89D50BC)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 39FCD30A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Good :) Seems like I had forgot to include the ADS in my previous fixlist, so here goes.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

here is the fixlog from that operation - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by strangelet (06-10-2016 23:52:43) Run:2
Running from C:\Users\strangelet\Desktop
Loaded Profiles: strangelet (Available Profiles: strangelet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

AlternateDataStreams: C:\Users\strangelet:Heroes & Generals [38]
AlternateDataStreams: C:\Users\strangelet\Local Settings:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local\Application Data:VDzApaRVHxBpE696nvAJ [2438]
AlternateDataStreams: C:\Users\strangelet\AppData\Local\Temp:DbqbzAGYmUV2lkHSKRuceVaeG [2140]

CMD: dir "C:\FRST\Quarantine"

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\strangelet => ":Heroes & Generals" ADS removed successfully.
C:\Users\strangelet\Local Settings => ":VDzApaRVHxBpE696nvAJ" ADS removed successfully.
"C:\Users\strangelet\AppData\Local" => ":VDzApaRVHxBpE696nvAJ" ADS not found.
"C:\Users\strangelet\AppData\Local\Application Data" => ":VDzApaRVHxBpE696nvAJ" ADS not found.
C:\Users\strangelet\AppData\Local\Temp => ":DbqbzAGYmUV2lkHSKRuceVaeG" ADS removed successfully.

========= dir "C:\FRST\Quarantine" =========

 Volume in drive C is Vader
 Volume Serial Number is C0BC-9294

 Directory of C:\FRST\Quarantine

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          C
               0 File(s)              0 bytes
               3 Dir(s)  69,274,497,024 bytes free

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10253875 B
Java, Flash, Steam htmlcache => 32716366 B
Windows/system/drivers => 242024 B
Edge => 0 B
Chrome => 22057211 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
systemprofile32 => 0 B
LocalService => 66228 B
NetworkService => 66228 B
strangelet => 1288052 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 71.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:52:52 ====

Link to post
Share on other sites

Looks like I forgot a switch in my fix for the dir command, sorry about that. I'm trying to list the content of the FRST's Quarantine folder since I need to recover 2 files from it (the main NanoCore binaries). We're almost done :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CMD: dir "C:\FRST\Quarantine" /s
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Link to post
Share on other sites

here is that last log - 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by strangelet (07-10-2016 00:11:52) Run:3
Running from C:\Users\strangelet\Desktop
Loaded Profiles: strangelet (Available Profiles: strangelet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: dir "C:\FRST\Quarantine" /s
*****************


========= dir "C:\FRST\Quarantine" /s =========

 Volume in drive C is Vader
 Volume Serial Number is C0BC-9294

 Directory of C:\FRST\Quarantine

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          C
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          ProgramData
06/10/2016  13:49    <DIR>          Users
06/10/2016  13:49    <DIR>          Windows
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\ProgramData

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
18/06/2016  12:25                16 mntemp.xBAD
16/09/2015  01:05                25 temp21.log.xBAD
27/06/2015  13:23                25 temp25.log.xBAD
18/06/2016  12:01                25 temp54.log.xBAD
               4 File(s)             91 bytes

 Directory of C:\FRST\Quarantine\C\Users

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          strangelet
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          5oktZ94jupWgyMGG
06/10/2016  13:49    <DIR>          AppData
06/10/2016  13:49    <DIR>          RZh83q3OKZX4ypjl
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\5oktZ94jupWgyMGG

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
05/10/2016  12:33           937,776 DQHF.exe.xBAD
               1 File(s)        937,776 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Local
06/10/2016  13:49    <DIR>          Roaming
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Local

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
27/06/2015  13:23                25 uninst.log.xBAD
16/09/2015  01:05                25 uninst3.log.xBAD
18/06/2016  12:01                25 uninst36.log.xBAD
               3 File(s)             75 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
04/08/2016  20:39                68 .Identifier.xBAD
31/07/2016  08:21            36,551 GgTLKMSQOAPXDFTCSLM.xBAD
31/07/2016  08:21           207,376 HIWZgHSAfhIH.xBAD
06/10/2016  00:01    <DIR>          Imminent
06/10/2016  13:49    <DIR>          Microsoft
25/06/2016  16:05           564,224 Sync.exe.xBAD
27/06/2015  13:23                25 uninst.log.xBAD
16/09/2015  01:05                25 uninst2.log.xBAD
18/06/2016  12:01                25 uninst45.log.xBAD
               7 File(s)        808,294 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Imminent

06/10/2016  00:01    <DIR>          .
06/10/2016  00:01    <DIR>          ..
27/09/2016  07:29                36 Geo.dat
               1 File(s)             36 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Microsoft

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Windows
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Microsoft\Windows

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Start Menu
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Programs
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Startup
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
01/08/2016  16:31             1,590 Browser.lnk.xBAD
27/09/2016  07:29               886 eYZFHhhieETC.lnk.xBAD
05/10/2016  12:33               886 KTeaARREAFKZ.lnk.xBAD
10/08/2016  09:06               913 NdFSFDcRBOGRVCTR.cmd.lnk.xBAD
               4 File(s)          4,275 bytes

 Directory of C:\FRST\Quarantine\C\Users\strangelet\RZh83q3OKZX4ypjl

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
27/09/2016  07:29           937,776 UDDi.exe.xBAD
               1 File(s)        937,776 bytes

 Directory of C:\FRST\Quarantine\C\Windows

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          System32
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Windows\System32

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
06/10/2016  13:49    <DIR>          Tasks
               0 File(s)              0 bytes

 Directory of C:\FRST\Quarantine\C\Windows\System32\Tasks

06/10/2016  13:49    <DIR>          .
06/10/2016  13:49    <DIR>          ..
30/04/2013  21:09             3,208 {7C16A7FA-EF7F-48E8-A7A1-F33AACE42E44}.xBAD
08/02/2016  02:27             3,256 {E884E368-E0EB-48D3-8005-F3FB996C2D74}.xBAD
               2 File(s)          6,464 bytes

     Total Files Listed:
              23 File(s)      2,694,787 bytes
              56 Dir(s)  69,223,174,144 bytes free

========= End of CMD: =========


==== End of Fixlog 00:11:52 ====

Link to post
Share on other sites

The folders aren't in FRST's quarantine which means that they might still be in your AppData folders. Let's see.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    Zip: C:\Users\strangelet\RZh83q3OKZX4ypjl\HOfTP.au3;C:\Users\strangelet\5oktZ94jupWgyMGG\QFNTI.au3
    C:\Users\strangelet\RZh83q3OKZX4ypjl
    C:\Users\strangelet\5oktZ94jupWgyMGG
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Link to post
Share on other sites

derp

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by strangelet (07-10-2016 00:22:33) Run:4
Running from C:\Users\strangelet\Desktop
Loaded Profiles: strangelet (Available Profiles: strangelet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Zip: C:\Users\strangelet\RZh83q3OKZX4ypjl\HOfTP.au3;C:\Users\strangelet\5oktZ94jupWgyMGG\QFNTI.au3
C:\Users\strangelet\RZh83q3OKZX4ypjl
C:\Users\strangelet\5oktZ94jupWgyMGG
*****************

================== Zip: ===================
"C:\Users\strangelet\RZh83q3OKZX4ypjl\HOfTP.au3" -> not found
"C:\Users\strangelet\5oktZ94jupWgyMGG\QFNTI.au3" -> not found
=========== Zip: End ===========
"C:\Users\strangelet\RZh83q3OKZX4ypjl" => not found.
"C:\Users\strangelet\5oktZ94jupWgyMGG" => not found.

==== End of Fixlog 00:22:33 ====

Link to post
Share on other sites

Well, looks like NanoCore really is all gone from your system :) Now a few things to address...

It seems that you are still running Internet Explorer 8. On Windows 7 SP1, the latest version of Internet Explorer is 11, and installing it will reduce the chances of malware finding your way in your system via Internet Explorer exploits. I highly suggest you to install it, and then install updates for it via Windows Updates. You need Internet Explorer 11 (64-bit).

https://www.microsoft.com/en-ca/download/internet-explorer-11-for-windows-7-details.aspx

Your Adobe AIR, Adobe Reader and Adobe Shockwave Player are outdated. Adobe products are one the most targetted when it comes to exploit kits, and leaving these installed on your system leaves it open to exploits and malware. So I suggest you to either update them, or uninstall them as a whole. Same goes for Java 7 Update 40 (64-bit) which is targetted just as badly.

This being said, since your logs do not show any sign of infection anymore and your system is running fine, I guess we're done here! We'll run DelFix to delete the tools and logs that were used during this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Antivirus

Antimalware

Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;

Anti-Exploit/Anti-Ransomware

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on Malwarebytes Forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

right, apologies for the delay - now i'm reasonably sure i'm not getting RATted anymore, i just went to check out the damage.  this clown has had a few hundred dollars off of my company so far.  luckily the theft seems to be limited to paypal so i might get it back.  small fry stuff, mainly PS4 games.  kids these days v.v

he also sent some verification to a vendor in the form of a nice big photo of my passport which he found in my emails :)

so i've got some work to do to sort that out. 

in the meantime, YOU have been absolutely awesome. i am going to pm you some free steam keys to a game we've been developing if i can. 

 

here is the delfix log

 

# DelFix v1.013 - Logfile created 07/10/2016 at 01:54:32
# Updated 17/04/2016 by Xplode
# Username : strangelet - VADER
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\strangelet\Desktop\Addition.txt
Deleted : C:\Users\strangelet\Desktop\Fixlog.txt
Deleted : C:\Users\strangelet\Desktop\FRST.txt
Deleted : C:\Users\strangelet\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #347 [Scheduled Checkpoint | 10/02/2016 13:21:41]
Deleted : RP #349 [Restore Point Created by FRST | 10/06/2016 12:49:17]
Deleted : RP #351 [Restore Point Created by FRST | 10/06/2016 22:52:44]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Link to post
Share on other sites

Don't forget to change your passwords and keep a tab on your accounts (online, bank, etc.) in case. Since that computer is hosting a company's worth of data, we can't know for sure what ended up in the hands of the crooks and what didn't.

Also, it seems that EEK falsely quarantined one of your game development program executable (false positive).

06/10/2016 22:36:02    C:\Program Files (x86)\SpeedTree\SpeedTree Modeler.exe    Moved to quarantine    Gen:Variant.Midie.1888 (B)   

I'll report it to Emsisoft's team so they can forward it to Bitdefender (since that detection comes from Bitdefender's engine).

And thank you for the offer, it is really appreciated, I'll be sure to check your game out!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.